Jump to content

Background Ads Playing Infection?


Recommended Posts

Hi,

Just recently my computer has started playing ads in the background even when no programs are running. Nothing untoward seems to be listed in msconfig... Computer hasn't been used much, just my daughter on facebook... I have MBAM Pro and Total Defence, but these didn't stop infection.

Below is dds.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Daniel at 23:54:52 on 2012-06-30

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3327.1398 [GMT 10:00]

.

AV: Total Defense Anti-Virus Plus *Disabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}

SP: Total Defense Anti-Virus Plus *Disabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Total Defense Personal Firewall *Enabled* {6F8E4568-E0DA-DA91-5F44-FD1E1B727591}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe

C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\FOXTEL\Download Player\Download Control\DCBin\DCService.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\PnkBstrA.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe

C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\ASUS\ASUS Sync\asusUPCTLoader.exe

C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Philips\GoGear Mix Device Manager\main.exe

C:\Program Files\ASUS\PC Probe II\Probe2.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\ASUS\AASP\1.00.80\aaCenter.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

"C:\Windows\system32\svchost.exe"

"C:\Windows\system32\svchost.exe"

C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe

C:\Program Files\CA\CA Internet Security Suite\casc.exe

C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Total Defense Anti-Phishing Toolbar Helper: {45011cf5-e4a9-4f13-9093-f30a784eb9b2} - c:\program files\ca\ca internet security suite\anti-phishing\toolbar\caIEToolbar.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Total Defense Anti-Phishing Toolbar: {0123b506-0ad9-43aa-b0cf-916c122ad4c5} - c:\program files\ca\ca internet security suite\anti-phishing\toolbar\caIEToolbar.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [ASUS SmartDoctor] c:\program files\asus\smartdoctor\SmartDoctor.exe /start

uRun: [Google Update] "c:\users\daniel\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [six Engine] "c:\program files\asus\epu-4 engine\FourEngine.exe" -r

mRun: [Ai Nap] "c:\program files\asus\ai suite\ainap\AiNap.exe"

mRun: [QFan Help] "c:\program files\asus\ai suite\qfan3\QFanHelp.exe"

mRun: [Cpu Level Up help] c:\program files\asus\ai suite\CpuLevelUpHelp.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"

mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [ASUS Sync Loader] "c:\program files\asus\asus sync\asusUPCTLoader.exe" -startup

mRun: [ASUSWebStorage] c:\program files\asus\asus webstorage\3.0.130.270\AsusWSPanel.exe /S

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex

StartupFolder: c:\users\daniel\appdata\roaming\micros~1\windows\startm~1\programs\startup\pcprob~1.lnk - c:\program files\asus\pc probe ii\Probe2.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\philip~1.lnk - c:\program files\philips\gogear mix device manager\main.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: c:\windows\system32\VetRedir.dll

Trusted Zone: jr.com.au\remote

Trusted Zone: qld.gov.au\citrixgw.treasury

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{EEB1A7FF-ED13-4DEE-BBCB-930960899A17} : DhcpNameServer = 192.168.1.1

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

AppInit_DLLs: UmxSbxExw.dll

.

============= SERVICES / DRIVERS ===============

.

R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2011-10-27 170064]

R0 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2011-9-6 107088]

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-10-5 65584]

R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2011-10-26 83536]

R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2011-9-6 63056]

R1 KmxFilter;HIPS Core Filter Driver;c:\windows\system32\drivers\KmxFilter.sys [2011-9-6 66128]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]

R2 CAAMSvc;CAAMSvc;c:\program files\ca\ca internet security suite\ca anti-virus plus\CAAMSvc.exe [2011-11-10 210248]

R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus plus\isafe.exe [2011-11-10 224304]

R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2012-3-2 207920]

R2 Foxtel;Foxtel Download Manager;c:\program files\foxtel\download player\download control\dcbin\DCService.exe [2009-9-24 70144]

R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2011-9-6 152656]

R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2011-9-6 81488]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-30 654408]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-11-10 2253120]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-10-15 381248]

R2 UmxEngine;TM Engine;c:\program files\ca\sharedcomponents\tmengine\UmxEngine.exe [2011-4-4 662096]

R3 AVerBDA6x;AVerBDA6x service;c:\windows\system32\drivers\AVerBDA716x.sys [2009-6-5 1151104]

R3 AVerIR;AVerMedia Infrared Receiver;c:\windows\system32\drivers\AVerIR.sys [2011-1-24 87552]

R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2011-9-6 331344]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-18 40720]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-18 10384]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-30 22344]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 14132;14132;c:\windows\system32\drivers\14132 [2011-11-10 9072]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-10 257224]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-24 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]

S3 RDID1104;ME-25;c:\windows\system32\drivers\Rdwm1104.sys [2011-11-3 144640]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-4-14 15872]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-14 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-24 1343400]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 268512]

S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-1-2 25704]

S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-1-2 25704]

S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-1-2 25704]

S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2012-1-2 25704]

S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2012-1-2 25704]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2012-06-30 09:58:20 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-30 09:58:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-28 20:58:53 -------- d-----w- c:\users\daniel\appdata\local\Qurb4

2012-06-28 12:47:42 1424432 ----a-w- c:\windows\system32\cfgmig32.dll

2012-06-28 12:47:31 97328 ----a-w- c:\windows\system32\Vetredir.dll

2012-06-28 12:47:30 130096 ----a-w- c:\windows\system32\Isafeif.dll

2012-06-28 12:45:28 98320 ----a-w- c:\windows\system32\winsfinst.exe

2012-06-28 12:45:28 4108304 ----a-w- c:\windows\system32\win32cpr.dll

2012-06-28 12:45:28 3207184 ----a-w- c:\windows\system32\mdmcls32.exe

2012-06-28 12:45:28 2990096 ----a-w- c:\windows\system32\winsflte.dll

2012-06-28 12:45:28 2760720 ----a-w- c:\windows\system32\svcprs32.exe

2012-06-28 12:45:28 1744912 ----a-w- c:\windows\system32\winsflt.dll

2012-06-28 12:44:54 -------- d-----w- c:\windows\rnapxs

2012-06-28 12:44:54 -------- d-----w- c:\program files\common files\Scanner

2012-06-28 12:44:53 7440 ----a-w- c:\windows\system32\sporder.dll

2012-06-28 12:44:39 -------- d-----w- c:\program files\ISSThirdParty

2012-06-21 04:49:35 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 04:49:21 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 04:49:13 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-21 04:49:13 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-20 10:56:00 -------- d-----w- c:\users\daniel\appdata\roaming\print@camerahouse

2012-06-20 10:55:56 -------- d-----w- c:\programdata\print@camerahouse

2012-06-20 10:55:54 -------- d-----w- c:\program files\print@camerahouse

2012-06-14 02:35:31 2343936 ----a-w- c:\windows\system32\win32k.sys

2012-06-14 02:35:30 2342400 ----a-w- c:\windows\system32\msi.dll

2012-06-14 02:35:29 919040 ----a-w- c:\windows\system32\rdpcorets.dll

2012-06-14 02:35:29 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-14 02:35:28 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-14 02:35:28 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-14 02:35:28 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-14 02:35:24 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-06-14 02:35:20 1158656 ----a-w- c:\windows\system32\crypt32.dll

2012-06-14 02:35:19 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-14 02:35:19 103936 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-10 00:21:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2012-06-10 00:21:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2012-06-10 00:21:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2012-06-10 00:21:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2012-06-10 00:21:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2012-06-10 00:21:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2012-06-10 00:21:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

.

==================== Find3M ====================

.

2012-06-14 09:32:25 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-14 09:32:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-04-18 10:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-04-18 10:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7601

.

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.

device: opened successfully

user: error reading MBR

.

Disk trace:

called modules: ntkrnlpa.exe >>UNKNOWN [0x875C6A2E]<<

_asm { MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; PUSH EBX; MOV EBX, [EBP+0xc]; MOV EAX, [EBX+0x60]; PUSH ESI; MOV ESI, [EBP+0x8]; CMP ESI, [0x875c9180]; JZ 0x25; PUSH EBX; PUSH ESI; CALL [0x875c9178]; }

1 ntkrnlpa!IofCallDriver[0x82E3C55A] -> \Device\Harddisk0\DR0[0x86E4F030]

\Driver\Disk[0x86E4EC40] -> IRP_MJ_READ -> 0x875C6A2E

kernel: MBR read successfully

_asm { XOR EAX, EAX; MOV DS, AX; NOP ; MOV ES, AX; NOP ; MOV SS, AX; MOV SP, 0x7c00; CLD ; MOV SI, 0x7c00; MOV DI, 0x600; NOP ; MOV CX, 0x80; NOP ; REP MOVSD ; NOP ; JMP FAR 0x0:0x624; }

user != kernel MBR !!!

Warning: possible TDL4 rootkit infection !

TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

.

============= FINISH: 23:56:30.43 ===============

and Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume2

Install Date: 24/04/2010 2:41:43 PM

System Uptime: 30/06/2012 1:44:08 PM (10 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P5QL PRO

Processor: Intel® Core2 Duo CPU E8400 @ 3.00GHz | LGA775 | 3003/333mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 466 GiB total, 335.103 GiB free.

D: is FIXED (NTFS) - 149 GiB total, 62.874 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart D7400 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart D7400 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

==== System Restore Points ===================

.

RP284: 29/05/2012 8:18:24 PM - Installed Splashtop Streamer

RP285: 29/05/2012 8:20:46 PM - Removed Splashtop Streamer

RP286: 5/06/2012 1:48:56 AM - Windows Update

RP287: 12/06/2012 9:46:27 PM - Scheduled Checkpoint

RP288: 15/06/2012 3:00:23 AM - Windows Update

RP289: 21/06/2012 2:48:42 PM - Windows Update

RP290: 28/06/2012 10:00:41 PM - Scheduled Checkpoint

RP292: 28/06/2012 10:45:00 PM - Installed CA Parental Controls

RP293: 28/06/2012 10:46:03 PM - Device Driver Package Install: CA Network Service

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

32 Bit HP CIO Components Installer

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.3)

Adobe Shockwave Player 11.5

AI Suite

Anti-Phishing

Anti-Spam

Anti-Virus Plus

APH placeholder

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ASUS Android USB Drivers

ASUS RT-N15 Wireless Router Utilities

ASUS Smart Doctor

ASUS Sync

ASUS Utilities

ASUS WebStorage

ASUSUpdate

Atheros Ethernet Utility

AVerMedia A188 PCIe TV Tuner 1.3.0.76

AVerMedia MCE Encoder x86 3.0.1.6

AVerMedia Media Center Plug-ins 2.0.8.0

Backup and Migration

Bonjour

BufferChm

CDDRV_Installer

Citrix online plug-in - web

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

D3DX10

D7400

D7400_Help

DeviceDiscovery

DNAMigrator

DVD Shrink 3.2

e-tax 2010

e-tax 2011

EA Download Manager

EA Download Manager UI

EPU-4 Engine

erLT

Express Gate

Foxtel Download Manager 4.1.500.11

FOXTEL Download Player

GoGear Mix Device Manager

Google Chrome

GPBaseService2

Guitar Pro 6

HIPS

HP Customer Participation Program 13.0

HP Imaging Device Functions 13.0

HP Photosmart Essential 3.5

HP Photosmart Printer Driver Software 13.0 Rel. 2

HP Smart Web Printing 4.51

HP Solution Center 13.0

HPPhotoGadget

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

iTunes

Junk Mail filter update

KhalInstallWrapper

Logitech SetPoint

Malwarebytes Anti-Malware version 1.61.0.1400

MarketResearch

ME-25 Driver

ME-25 Librarian

Mesh Runtime

Messenger Companion

MetaFrame Presentation Server Web Client for Win32

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft IntelliPoint 8.1

Microsoft IntelliType Pro 8.1

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Live Add-in 1.5

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB973685)

Need for Speed™ Undercover

NetComm Powerline Adapters

Network

NVIDIA 3D Vision Controller Driver 285.62

NVIDIA 3D Vision Driver 285.62

NVIDIA Control Panel 285.62

NVIDIA Graphics Driver 285.62

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.11.0621

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.5.20

NVIDIA Update Components

OGA Notifier 2.0.0048.0

Parental Controls

PC Probe II

Personal Firewall

PlayReady PC Runtime x86

Power Tab Editor 1.7

print@camerahouse

PS_SF_02_ProductContext

PS_SF_02_Software

PS_SF_02_Software_Min

QuickTime

Realtek High Definition Audio Driver

RollerCoaster Tycoon 3 Platinum

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

SimCity 4

SmartWebPrinting

SolutionCenter

Status

Toolbox

Total Defense Internet Security Suite

TrayApp

Ulead Burn.Now 4.5

Ulead Burn.Now 4.5 SE

UnloadSupport

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Warcraft III

WebReg

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Mobile Device Updater Component

Windows Phone Intro Video (ENU)

Zune

Zune Language Pack (CHS)

Zune Language Pack (CHT)

Zune Language Pack (CSY)

Zune Language Pack (DAN)

Zune Language Pack (DEU)

Zune Language Pack (ELL)

Zune Language Pack (ESP)

Zune Language Pack (FIN)

Zune Language Pack (FRA)

Zune Language Pack (HUN)

Zune Language Pack (IND)

Zune Language Pack (ITA)

Zune Language Pack (JPN)

Zune Language Pack (KOR)

Zune Language Pack (MSL)

Zune Language Pack (NLD)

Zune Language Pack (NOR)

Zune Language Pack (PLK)

Zune Language Pack (PTB)

Zune Language Pack (PTG)

Zune Language Pack (RUS)

Zune Language Pack (SVE)

.

==== Event Viewer Messages From Past Week ========

.

29/06/2012 5:34:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000006 (0x00000000, 0x00000000, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 062912-20997-01.

29/06/2012 1:52:12 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000006 (0x00000000, 0x00000000, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 062912-22479-01.

28/06/2012 10:47:40 PM, Error: Service Control Manager [7030] - The CAISafe service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

28/06/2012 10:44:35 PM, Error: Service Control Manager [7030] - The CA Common Scheduler Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

.

==== End Of File ===========================

Help is much appreciated.

Cheers

Dan

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!!!!!!!)

Post back the report.

MrC

Link to post
Share on other sites

Thanks MrC

Google Chrome reported the link as broken, but IE allowed download.

Here is the report

RogueKiller V7.6.1 [06/28/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User: Daniel [Admin rights]

Mode: Scan -- Date: 07/01/2012 00:43:57

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5001AALS-00L3B2 ATA Device +++++

--- User ---

[MBR] 7da1ebebab6e0c07c905f5acf6f94c1e

[bSP] 5a09d011670e4b02dd5eb5c5ed63d843 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

User != LL1 ... KO!

--- LL1 ---

[MBR] 10969b10278b2ed49a5f41771b9cbefb

[bSP] 826b89e873a07c4790a7f1bf3e301948 : Suspicious NOP-flood MBR Code!

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1600JB-00GVA0 ATA Device +++++

--- User ---

[MBR] aec80bfe230185daa0f5f81f890b295c

[bSP] 2c452425db47fafb407e53086f094af6 : Suspicious NOP-flood MBR Code!

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152625 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

OK, please do this..............

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

Hi MrC

There were suspicious files so I left these on skip. There were 2 objects (wistler). I left these on Cure, but now have a warning that it "Can't cure MBR. Write standard boot code? If you have installed custom bootloader (eg Acronis, Grub, Lilo) you will need to reinstall them after treatment."

I have a choice of Yes or No. Should I say Yes?

Thanks

Link to post
Share on other sites

Thanks again MrC

Here is the log

00:53:45.0917 0272 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22

00:53:46.0714 0272 ============================================================

00:53:46.0714 0272 Current date / time: 2012/07/01 00:53:46.0714

00:53:46.0714 0272 SystemInfo:

00:53:46.0714 0272

00:53:46.0714 0272 OS Version: 6.1.7601 ServicePack: 1.0

00:53:46.0714 0272 Product type: Workstation

00:53:46.0714 0272 ComputerName: OFFICE

00:53:46.0715 0272 UserName: Daniel

00:53:46.0715 0272 Windows directory: C:\Windows

00:53:46.0715 0272 System windows directory: C:\Windows

00:53:46.0715 0272 Processor architecture: Intel x86

00:53:46.0715 0272 Number of processors: 2

00:53:46.0715 0272 Page size: 0x1000

00:53:46.0715 0272 Boot type: Normal boot

00:53:46.0715 0272 ============================================================

00:53:47.0880 0272 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

00:53:47.0890 0272 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xCF0156, SectorsPerTrack: 0x4, TracksPerCylinder: 0x12, Type 'K0', Flags 0x00000050

00:53:47.0892 0272 ============================================================

00:53:47.0892 0272 \Device\Harddisk1\DR1:

00:53:47.0892 0272 MBR partitions:

00:53:47.0892 0272 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800

00:53:47.0892 0272 \Device\Harddisk0\DR0:

00:53:47.0892 0272 MBR partitions:

00:53:47.0892 0272 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

00:53:47.0892 0272 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000

00:53:47.0893 0272 ============================================================

00:53:47.0913 0272 C: <-> \Device\Harddisk0\DR0\Partition1

00:53:47.0942 0272 D: <-> \Device\Harddisk1\DR1\Partition0

00:53:47.0942 0272 ============================================================

00:53:47.0942 0272 Initialize success

00:53:47.0943 0272 ============================================================

00:54:31.0169 4032 ============================================================

00:54:31.0169 4032 Scan started

00:54:31.0169 4032 Mode: Manual; SigCheck; TDLFS;

00:54:31.0169 4032 ============================================================

00:54:32.0280 4032 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

00:54:32.0448 4032 1394ohci - ok

00:54:32.0497 4032 14132 (34804da52276661c31422b5b98edbeb7) C:\Windows\system32\DRIVERS\14132

00:54:32.0521 4032 14132 - ok

00:54:32.0566 4032 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

00:54:32.0588 4032 ACPI - ok

00:54:32.0620 4032 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

00:54:32.0678 4032 AcpiPmi - ok

00:54:32.0766 4032 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

00:54:32.0787 4032 AdobeARMservice - ok

00:54:32.0867 4032 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

00:54:32.0886 4032 AdobeFlashPlayerUpdateSvc - ok

00:54:32.0940 4032 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

00:54:32.0966 4032 adp94xx - ok

00:54:32.0989 4032 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

00:54:33.0012 4032 adpahci - ok

00:54:33.0032 4032 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

00:54:33.0055 4032 adpu320 - ok

00:54:33.0064 4032 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll

00:54:33.0116 4032 AeLookupSvc - ok

00:54:33.0171 4032 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

00:54:33.0222 4032 AFD - ok

00:54:33.0249 4032 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

00:54:33.0273 4032 agp440 - ok

00:54:33.0285 4032 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

00:54:33.0309 4032 aic78xx - ok

00:54:33.0326 4032 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe

00:54:33.0365 4032 ALG - ok

00:54:33.0373 4032 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

00:54:33.0395 4032 aliide - ok

00:54:33.0408 4032 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

00:54:33.0430 4032 amdagp - ok

00:54:33.0443 4032 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

00:54:33.0465 4032 amdide - ok

00:54:33.0478 4032 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

00:54:33.0515 4032 AmdK8 - ok

00:54:33.0530 4032 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

00:54:33.0555 4032 AmdPPM - ok

00:54:33.0590 4032 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

00:54:33.0613 4032 amdsata - ok

00:54:33.0628 4032 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

00:54:33.0653 4032 amdsbs - ok

00:54:33.0678 4032 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

00:54:33.0695 4032 amdxata - ok

00:54:33.0723 4032 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

00:54:33.0795 4032 AppID - ok

00:54:33.0808 4032 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll

00:54:33.0867 4032 AppIDSvc - ok

00:54:33.0895 4032 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll

00:54:33.0947 4032 Appinfo - ok

00:54:34.0027 4032 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

00:54:34.0044 4032 Apple Mobile Device - ok

00:54:34.0079 4032 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll

00:54:34.0116 4032 AppMgmt - ok

00:54:34.0125 4032 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

00:54:34.0146 4032 arc - ok

00:54:34.0151 4032 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

00:54:34.0174 4032 arcsas - ok

00:54:34.0199 4032 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\Windows\system32\drivers\AsIO.sys

00:54:34.0231 4032 AsIO - ok

00:54:34.0254 4032 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

00:54:34.0355 4032 AsyncMac - ok

00:54:34.0368 4032 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

00:54:34.0395 4032 atapi - ok

00:54:34.0438 4032 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

00:54:34.0489 4032 AudioEndpointBuilder - ok

00:54:34.0494 4032 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

00:54:34.0536 4032 Audiosrv - ok

00:54:34.0612 4032 AVerBDA6x (40a19901ef39cb6c7dc37402ffdc987c) C:\Windows\system32\DRIVERS\AVerBDA716x.sys

00:54:34.0666 4032 AVerBDA6x - ok

00:54:34.0710 4032 AVerIR (179b54e3cd7c781ace1692b1867c4872) C:\Windows\system32\DRIVERS\AVerIR.sys

00:54:34.0760 4032 AVerIR - ok

00:54:34.0798 4032 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll

00:54:34.0840 4032 AxInstSV - ok

00:54:34.0875 4032 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

00:54:34.0951 4032 b06bdrv - ok

00:54:35.0231 4032 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

00:54:35.0272 4032 b57nd60x - ok

00:54:35.0293 4032 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll

00:54:35.0342 4032 BDESVC - ok

00:54:35.0357 4032 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

00:54:35.0403 4032 Beep - ok

00:54:35.0449 4032 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll

00:54:35.0504 4032 BFE - ok

00:54:35.0561 4032 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll

00:54:35.0702 4032 BITS - ok

00:54:35.0714 4032 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

00:54:35.0750 4032 blbdrive - ok

00:54:35.0844 4032 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

00:54:35.0867 4032 Bonjour Service - ok

00:54:35.0904 4032 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

00:54:35.0937 4032 bowser - ok

00:54:35.0949 4032 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

00:54:35.0994 4032 BrFiltLo - ok

00:54:36.0004 4032 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

00:54:36.0044 4032 BrFiltUp - ok

00:54:36.0068 4032 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys

00:54:36.0118 4032 BridgeMP - ok

00:54:36.0142 4032 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll

00:54:36.0196 4032 Browser - ok

00:54:36.0219 4032 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

00:54:36.0251 4032 Brserid - ok

00:54:36.0269 4032 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

00:54:36.0306 4032 BrSerWdm - ok

00:54:36.0314 4032 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

00:54:36.0355 4032 BrUsbMdm - ok

00:54:36.0365 4032 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

00:54:36.0403 4032 BrUsbSer - ok

00:54:36.0413 4032 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

00:54:36.0439 4032 BTHMODEM - ok

00:54:36.0464 4032 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll

00:54:36.0510 4032 bthserv - ok

00:54:36.0601 4032 CAAMSvc (684b1485fa8288b59830d5329198545c) C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe

00:54:36.0622 4032 CAAMSvc - ok

00:54:36.0678 4032 CaCCProvSP (d92bac805b36a15352a1acc3570c5b0b) C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

00:54:36.0699 4032 CaCCProvSP - ok

00:54:36.0735 4032 CAISafe (9c271ae535d7e8f34634d4077d7fe873) C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe

00:54:36.0754 4032 CAISafe - ok

00:54:36.0785 4032 ccSchedulerSVC (3c73ef1d44809beac8533eff182d4f36) C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe

00:54:36.0805 4032 ccSchedulerSVC - ok

00:54:36.0828 4032 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

00:54:36.0877 4032 cdfs - ok

00:54:36.0922 4032 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys

00:54:36.0953 4032 cdrom - ok

00:54:36.0994 4032 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

00:54:37.0040 4032 CertPropSvc - ok

00:54:37.0053 4032 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

00:54:37.0078 4032 circlass - ok

00:54:37.0110 4032 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

00:54:37.0142 4032 CLFS - ok

00:54:37.0195 4032 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

00:54:37.0216 4032 clr_optimization_v2.0.50727_32 - ok

00:54:37.0283 4032 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

00:54:37.0306 4032 clr_optimization_v4.0.30319_32 - ok

00:54:37.0316 4032 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

00:54:37.0342 4032 CmBatt - ok

00:54:37.0371 4032 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

00:54:37.0391 4032 cmdide - ok

00:54:37.0434 4032 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys

00:54:37.0471 4032 CNG - ok

00:54:37.0481 4032 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

00:54:37.0503 4032 Compbatt - ok

00:54:37.0533 4032 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

00:54:37.0564 4032 CompositeBus - ok

00:54:37.0576 4032 COMSysApp - ok

00:54:37.0588 4032 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

00:54:37.0609 4032 crcdisk - ok

00:54:37.0643 4032 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll

00:54:37.0723 4032 CryptSvc - ok

00:54:37.0763 4032 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

00:54:37.0814 4032 CSC - ok

00:54:37.0862 4032 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll

00:54:37.0916 4032 CscService - ok

00:54:37.0975 4032 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys

00:54:37.0995 4032 ctxusbm - ok

00:54:38.0026 4032 dc3d (734bbe7c66e6fd6047a1bd29b9343b30) C:\Windows\system32\DRIVERS\dc3d.sys

00:54:38.0044 4032 dc3d - ok

00:54:38.0071 4032 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

00:54:38.0218 4032 DcomLaunch - ok

00:54:38.0243 4032 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll

00:54:38.0312 4032 defragsvc - ok

00:54:38.0353 4032 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

00:54:38.0396 4032 DfsC - ok

00:54:38.0438 4032 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll

00:54:38.0508 4032 Dhcp - ok

00:54:38.0523 4032 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

00:54:38.0565 4032 discache - ok

00:54:38.0588 4032 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

00:54:38.0613 4032 Disk - ok

00:54:38.0643 4032 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll

00:54:38.0708 4032 Dnscache - ok

00:54:38.0743 4032 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll

00:54:38.0810 4032 dot3svc - ok

00:54:38.0843 4032 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll

00:54:38.0920 4032 DPS - ok

00:54:38.0939 4032 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

00:54:38.0973 4032 drmkaud - ok

00:54:39.0022 4032 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

00:54:39.0067 4032 DXGKrnl - ok

00:54:39.0086 4032 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll

00:54:39.0166 4032 EapHost - ok

00:54:39.0311 4032 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

00:54:39.0394 4032 ebdrv - ok

00:54:39.0474 4032 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe

00:54:39.0579 4032 EFS - ok

00:54:39.0632 4032 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe

00:54:39.0684 4032 ehRecvr - ok

00:54:39.0700 4032 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe

00:54:39.0755 4032 ehSched - ok

00:54:39.0771 4032 EIO_XP (0daf3544804650526751c478aeccce63) C:\Windows\system32\drivers\EIO_XP.sys

00:54:39.0781 4032 EIO_XP ( UnsignedFile.Multi.Generic ) - warning

00:54:39.0781 4032 EIO_XP - detected UnsignedFile.Multi.Generic (1)

00:54:39.0815 4032 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

00:54:39.0846 4032 elxstor - ok

00:54:39.0875 4032 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

00:54:39.0907 4032 ErrDev - ok

00:54:39.0944 4032 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll

00:54:40.0043 4032 EventSystem - ok

00:54:40.0060 4032 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

00:54:40.0096 4032 exfat - ok

00:54:40.0112 4032 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

00:54:40.0155 4032 fastfat - ok

00:54:40.0202 4032 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe

00:54:40.0320 4032 Fax - ok

00:54:40.0373 4032 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

00:54:40.0405 4032 fdc - ok

00:54:40.0418 4032 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll

00:54:40.0490 4032 fdPHost - ok

00:54:40.0502 4032 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll

00:54:40.0573 4032 FDResPub - ok

00:54:40.0586 4032 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

00:54:40.0608 4032 FileInfo - ok

00:54:40.0616 4032 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

00:54:40.0653 4032 Filetrace - ok

00:54:40.0664 4032 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

00:54:40.0702 4032 flpydisk - ok

00:54:40.0728 4032 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

00:54:40.0756 4032 FltMgr - ok

00:54:40.0806 4032 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll

00:54:40.0895 4032 FontCache - ok

00:54:40.0945 4032 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

00:54:40.0965 4032 FontCache3.0.0.0 - ok

00:54:41.0047 4032 Foxtel (71e3fce77bf4e161c95f420dcf91afdf) C:\Program Files\FOXTEL\Download Player\Download Control\DCBin\DCService.exe

00:54:41.0080 4032 Foxtel ( UnsignedFile.Multi.Generic ) - warning

00:54:41.0082 4032 Foxtel - detected UnsignedFile.Multi.Generic (1)

00:54:41.0097 4032 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

00:54:41.0122 4032 FsDepends - ok

00:54:41.0147 4032 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys

00:54:41.0167 4032 fssfltr - ok

00:54:41.0290 4032 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe

00:54:41.0335 4032 fsssvc - ok

00:54:41.0408 4032 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys

00:54:41.0431 4032 Fs_Rec - ok

00:54:41.0474 4032 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

00:54:41.0500 4032 fvevol - ok

00:54:41.0525 4032 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

00:54:41.0547 4032 gagp30kx - ok

00:54:41.0575 4032 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

00:54:41.0598 4032 GEARAspiWDM - ok

00:54:41.0650 4032 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll

00:54:41.0738 4032 gpsvc - ok

00:54:41.0747 4032 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

00:54:41.0792 4032 hcw85cir - ok

00:54:41.0840 4032 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

00:54:41.0872 4032 HdAudAddService - ok

00:54:41.0887 4032 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

00:54:41.0923 4032 HDAudBus - ok

00:54:41.0932 4032 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

00:54:41.0970 4032 HidBatt - ok

00:54:41.0984 4032 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

00:54:42.0022 4032 HidBth - ok

00:54:42.0036 4032 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

00:54:42.0063 4032 HidIr - ok

00:54:42.0081 4032 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll

00:54:42.0160 4032 hidserv - ok

00:54:42.0212 4032 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys

00:54:42.0254 4032 HidUsb - ok

00:54:42.0285 4032 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll

00:54:42.0371 4032 hkmsvc - ok

00:54:42.0402 4032 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll

00:54:42.0493 4032 HomeGroupListener - ok

00:54:42.0520 4032 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll

00:54:42.0635 4032 HomeGroupProvider - ok

00:54:42.0728 4032 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

00:54:42.0745 4032 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning

00:54:42.0745 4032 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)

00:54:42.0752 4032 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

00:54:42.0766 4032 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning

00:54:42.0766 4032 hpqddsvc - detected UnsignedFile.Multi.Generic (1)

00:54:42.0804 4032 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

00:54:42.0829 4032 HpSAMD - ok

00:54:42.0867 4032 HPSLPSVC (79737e0f7d25de8405cb34d4c9882253) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL

00:54:42.0900 4032 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning

00:54:42.0900 4032 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)

00:54:42.0958 4032 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

00:54:43.0004 4032 HTTP - ok

00:54:43.0013 4032 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

00:54:43.0037 4032 hwpolicy - ok

00:54:43.0073 4032 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

00:54:43.0111 4032 i8042prt - ok

00:54:43.0141 4032 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

00:54:43.0170 4032 iaStorV - ok

00:54:43.0236 4032 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

00:54:43.0254 4032 IDriverT ( UnsignedFile.Multi.Generic ) - warning

00:54:43.0254 4032 IDriverT - detected UnsignedFile.Multi.Generic (1)

00:54:43.0336 4032 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

00:54:43.0374 4032 idsvc - ok

00:54:43.0452 4032 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

00:54:43.0476 4032 iirsp - ok

00:54:43.0526 4032 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll

00:54:43.0623 4032 IKEEXT - ok

00:54:43.0752 4032 IntcAzAudAddService (8b27c21412ae4404eb0acfe1d98579ec) C:\Windows\system32\drivers\RTKVHDA.sys

00:54:43.0819 4032 IntcAzAudAddService - ok

00:54:43.0889 4032 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

00:54:43.0912 4032 intelide - ok

00:54:43.0936 4032 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

00:54:43.0974 4032 intelppm - ok

00:54:43.0995 4032 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll

00:54:44.0106 4032 IPBusEnum - ok

00:54:44.0117 4032 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

00:54:44.0154 4032 IpFilterDriver - ok

00:54:44.0196 4032 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll

00:54:44.0277 4032 iphlpsvc - ok

00:54:44.0305 4032 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

00:54:44.0346 4032 IPMIDRV - ok

00:54:44.0364 4032 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

00:54:44.0402 4032 IPNAT - ok

00:54:44.0478 4032 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe

00:54:44.0505 4032 iPod Service - ok

00:54:44.0522 4032 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

00:54:44.0573 4032 IRENUM - ok

00:54:44.0599 4032 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

00:54:44.0624 4032 isapnp - ok

00:54:44.0661 4032 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

00:54:44.0692 4032 iScsiPrt - ok

00:54:44.0705 4032 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

00:54:44.0730 4032 kbdclass - ok

00:54:44.0771 4032 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys

00:54:44.0801 4032 kbdhid - ok

00:54:44.0812 4032 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

00:54:44.0886 4032 KeyIso - ok

00:54:44.0941 4032 KmxAgent (e47f14be186a4f52fcc7408e328e5d05) C:\Windows\system32\DRIVERS\kmxagent.sys

00:54:44.0966 4032 KmxAgent - ok

00:54:45.0029 4032 KmxAMRT (dbe10508574482bb52c9a75a54c9d306) C:\Windows\system32\DRIVERS\KmxAMRT.sys

00:54:45.0052 4032 KmxAMRT - ok

00:54:45.0089 4032 KmxCF (c4de79d3134a6ff039e2a4018218ba74) C:\Windows\system32\DRIVERS\KmxCF.sys

00:54:45.0114 4032 KmxCF - ok

00:54:45.0138 4032 KmxCfg (ebbc74b243a683f7f9b71c764851c3f6) C:\Windows\system32\DRIVERS\kmxcfg.sys

00:54:45.0160 4032 KmxCfg - ok

00:54:45.0185 4032 KmxFile (2c20c160d2fda69e16e6456c28cade4d) C:\Windows\system32\DRIVERS\KmxFile.sys

00:54:45.0208 4032 KmxFile - ok

00:54:45.0233 4032 KmxFilter (3b4fec530366eb3deded91789c550233) C:\Windows\system32\DRIVERS\KmxFilter.sys

00:54:45.0257 4032 KmxFilter - ok

00:54:45.0284 4032 KmxFw (047641859449aa00e6c36bf81666ce11) C:\Windows\system32\DRIVERS\kmxfw.sys

00:54:45.0310 4032 KmxFw - ok

00:54:45.0326 4032 KmxSbx (6254044e1bba2fddaeba95e71ee830ca) C:\Windows\system32\DRIVERS\KmxSbx.sys

00:54:45.0352 4032 KmxSbx - ok

00:54:45.0365 4032 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys

00:54:45.0394 4032 KSecDD - ok

00:54:45.0553 4032 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys

00:54:45.0580 4032 KSecPkg - ok

00:54:45.0608 4032 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll

00:54:45.0723 4032 KtmRm - ok

00:54:45.0754 4032 L1E (f7cdaba15c7e853f0a11af6d77fca990) C:\Windows\system32\DRIVERS\L1E62x86.sys

00:54:45.0798 4032 L1E - ok

00:54:45.0848 4032 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll

00:54:45.0992 4032 LanmanServer - ok

00:54:46.0026 4032 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll

00:54:46.0186 4032 LanmanWorkstation - ok

00:54:46.0288 4032 LBTServ (3af6b73a3ad1fc37c5933441f66ceb91) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

00:54:46.0308 4032 LBTServ - ok

00:54:46.0338 4032 LEqdUsb (70035567754bed4e6ad353ca3f175127) C:\Windows\system32\Drivers\LEqdUsb.Sys

00:54:46.0363 4032 LEqdUsb - ok

00:54:46.0393 4032 LHidEqd (32491b6bae0afad1d7a62c0ef0af4321) C:\Windows\system32\Drivers\LHidEqd.Sys

00:54:46.0416 4032 LHidEqd - ok

00:54:46.0441 4032 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys

00:54:46.0462 4032 LHidFilt - ok

00:54:46.0493 4032 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

00:54:46.0538 4032 lltdio - ok

00:54:46.0566 4032 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll

00:54:46.0667 4032 lltdsvc - ok

00:54:46.0688 4032 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll

00:54:46.0787 4032 lmhosts - ok

00:54:46.0796 4032 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys

00:54:46.0820 4032 LMouFilt - ok

00:54:46.0846 4032 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

00:54:46.0871 4032 LSI_FC - ok

00:54:46.0886 4032 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

00:54:46.0910 4032 LSI_SAS - ok

00:54:46.0921 4032 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

00:54:46.0947 4032 LSI_SAS2 - ok

00:54:46.0953 4032 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

00:54:46.0979 4032 LSI_SCSI - ok

00:54:46.0995 4032 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

00:54:47.0050 4032 luafv - ok

00:54:47.0080 4032 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys

00:54:47.0107 4032 MBAMProtector - ok

00:54:47.0186 4032 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

00:54:47.0211 4032 MBAMService - ok

00:54:47.0291 4032 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll

00:54:47.0373 4032 Mcx2Svc - ok

00:54:47.0459 4032 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

00:54:47.0475 4032 MDM ( UnsignedFile.Multi.Generic ) - warning

00:54:47.0475 4032 MDM - detected UnsignedFile.Multi.Generic (1)

00:54:47.0483 4032 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

00:54:47.0510 4032 megasas - ok

00:54:47.0527 4032 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

00:54:47.0556 4032 MegaSR - ok

00:54:47.0577 4032 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

00:54:47.0690 4032 MMCSS - ok

00:54:47.0701 4032 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

00:54:47.0745 4032 Modem - ok

00:54:47.0759 4032 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

00:54:47.0796 4032 monitor - ok

00:54:47.0827 4032 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

00:54:47.0858 4032 mouclass - ok

00:54:47.0866 4032 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

00:54:47.0896 4032 mouhid - ok

00:54:47.0926 4032 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

00:54:47.0956 4032 mountmgr - ok

00:54:47.0986 4032 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

00:54:48.0015 4032 mpio - ok

00:54:48.0029 4032 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

00:54:48.0071 4032 mpsdrv - ok

00:54:48.0122 4032 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll

00:54:48.0249 4032 MpsSvc - ok

00:54:48.0280 4032 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

00:54:48.0312 4032 MRxDAV - ok

00:54:48.0344 4032 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

00:54:48.0380 4032 mrxsmb - ok

00:54:48.0411 4032 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

00:54:48.0440 4032 mrxsmb10 - ok

00:54:48.0450 4032 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

00:54:48.0480 4032 mrxsmb20 - ok

00:54:48.0523 4032 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

00:54:48.0554 4032 msahci - ok

00:54:48.0587 4032 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

00:54:48.0614 4032 msdsm - ok

00:54:48.0642 4032 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe

00:54:48.0739 4032 MSDTC - ok

00:54:48.0762 4032 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

00:54:48.0799 4032 Msfs - ok

00:54:48.0814 4032 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

00:54:48.0864 4032 mshidkmdf - ok

00:54:48.0889 4032 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

00:54:48.0917 4032 msisadrv - ok

00:54:48.0944 4032 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll

00:54:49.0029 4032 MSiSCSI - ok

00:54:49.0032 4032 msiserver - ok

00:54:49.0050 4032 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

00:54:49.0096 4032 MSKSSRV - ok

00:54:49.0109 4032 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

00:54:49.0157 4032 MSPCLOCK - ok

00:54:49.0159 4032 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

00:54:49.0202 4032 MSPQM - ok

00:54:49.0224 4032 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

00:54:49.0255 4032 MsRPC - ok

00:54:49.0270 4032 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

00:54:49.0296 4032 mssmbios - ok

00:54:49.0305 4032 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

00:54:49.0346 4032 MSTEE - ok

00:54:49.0352 4032 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

00:54:49.0388 4032 MTConfig - ok

00:54:49.0411 4032 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys

00:54:49.0436 4032 MTsensor - ok

00:54:49.0449 4032 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

00:54:49.0475 4032 Mup - ok

00:54:49.0704 4032 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll

00:54:49.0858 4032 napagent - ok

00:54:49.0892 4032 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

00:54:49.0928 4032 NativeWifiP - ok

00:54:49.0992 4032 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

00:54:50.0029 4032 NDIS - ok

00:54:50.0039 4032 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

00:54:50.0084 4032 NdisCap - ok

00:54:50.0106 4032 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

00:54:50.0147 4032 NdisTapi - ok

00:54:50.0184 4032 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

00:54:50.0233 4032 Ndisuio - ok

00:54:50.0276 4032 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

00:54:50.0316 4032 NdisWan - ok

00:54:50.0345 4032 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

00:54:50.0382 4032 NDProxy - ok

00:54:50.0395 4032 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\Windows\system32\HPZinw12.dll

00:54:50.0457 4032 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

00:54:50.0457 4032 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

00:54:50.0467 4032 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

00:54:50.0513 4032 NetBIOS - ok

00:54:50.0593 4032 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

00:54:50.0721 4032 NetBT - ok

00:54:50.0876 4032 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

00:54:50.0957 4032 Netlogon - ok

00:54:51.0046 4032 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll

00:54:51.0147 4032 Netman - ok

00:54:51.0177 4032 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll

00:54:51.0297 4032 netprofm - ok

00:54:51.0349 4032 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

00:54:51.0367 4032 NetTcpPortSharing - ok

00:54:51.0389 4032 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

00:54:51.0417 4032 nfrd960 - ok

00:54:51.0457 4032 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll

00:54:51.0589 4032 NlaSvc - ok

00:54:51.0622 4032 NPF (b15e0180c43d8b5219196d76878cc2dd) C:\Windows\system32\DRIVERS\aztech_npf32.sys

00:54:51.0641 4032 NPF - ok

00:54:51.0646 4032 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

00:54:51.0684 4032 Npfs - ok

00:54:51.0687 4032 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll

00:54:51.0794 4032 nsi - ok

00:54:51.0809 4032 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

00:54:51.0849 4032 nsiproxy - ok

00:54:52.0374 4032 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

00:54:52.0456 4032 Ntfs - ok

00:54:52.0497 4032 NuidFltr (9620a1d8160a550f064bbaf48d0f97cc) C:\Windows\system32\DRIVERS\NuidFltr.sys

00:54:52.0521 4032 NuidFltr - ok

00:54:52.0528 4032 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

00:54:52.0575 4032 Null - ok

00:54:53.0652 4032 nvlddmkm (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys

00:54:53.0862 4032 nvlddmkm - ok

00:54:54.0229 4032 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

00:54:54.0257 4032 nvraid - ok

00:54:54.0269 4032 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

00:54:54.0298 4032 nvstor - ok

00:54:54.0378 4032 nvsvc (d122f7c5f79c68868f5dc28cefeb2ecf) C:\Windows\system32\nvvsvc.exe

00:54:54.0485 4032 nvsvc - ok

00:54:54.0637 4032 nvUpdatusService (003cb0a155568b4a53a301f07c734233) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

00:54:54.0681 4032 nvUpdatusService - ok

00:54:54.0729 4032 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

00:54:54.0759 4032 nv_agp - ok

00:54:54.0840 4032 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

00:54:54.0865 4032 odserv - ok

00:54:54.0896 4032 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

00:54:54.0934 4032 ohci1394 - ok

00:54:54.0971 4032 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

00:54:54.0993 4032 ose - ok

00:54:55.0025 4032 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

00:54:55.0142 4032 p2pimsvc - ok

00:54:55.0167 4032 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll

00:54:55.0294 4032 p2psvc - ok

00:54:55.0317 4032 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

00:54:55.0352 4032 Parport - ok

00:54:55.0374 4032 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys

00:54:55.0402 4032 partmgr - ok

00:54:55.0412 4032 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

00:54:55.0457 4032 Parvdm - ok

00:54:55.0464 4032 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll

00:54:55.0582 4032 PcaSvc - ok

00:54:55.0594 4032 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

00:54:55.0631 4032 pci - ok

00:54:55.0642 4032 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

00:54:55.0667 4032 pciide - ok

00:54:55.0685 4032 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

00:54:55.0713 4032 pcmcia - ok

00:54:55.0729 4032 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

00:54:55.0762 4032 pcw - ok

00:54:55.0810 4032 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

00:54:55.0869 4032 PEAUTH - ok

00:54:56.0044 4032 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll

00:54:56.0175 4032 PeerDistSvc - ok

00:54:56.0266 4032 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll

00:54:56.0408 4032 pla - ok

00:54:56.0492 4032 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll

00:54:56.0650 4032 PlugPlay - ok

00:54:56.0690 4032 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\Windows\system32\HPZipm12.dll

00:54:56.0750 4032 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

00:54:56.0750 4032 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

00:54:56.0798 4032 PnkBstrA (19e83b09ab8ee1d837665da941e2ac44) C:\Windows\system32\PnkBstrA.exe

00:54:56.0893 4032 PnkBstrA - ok

00:54:56.0913 4032 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll

00:54:57.0025 4032 PNRPAutoReg - ok

00:54:57.0050 4032 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

00:54:57.0155 4032 PNRPsvc - ok

00:54:57.0196 4032 Point32 (7d7a9c17d5455203dea11e5ef886cc59) C:\Windows\system32\DRIVERS\point32.sys

00:54:57.0222 4032 Point32 - ok

00:54:57.0263 4032 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll

00:54:57.0357 4032 PolicyAgent - ok

00:54:57.0382 4032 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll

00:54:57.0523 4032 Power - ok

00:54:57.0550 4032 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

00:54:57.0607 4032 PptpMiniport - ok

00:54:57.0636 4032 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

00:54:57.0680 4032 Processor - ok

00:54:57.0710 4032 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll

00:54:57.0858 4032 ProfSvc - ok

00:54:57.0881 4032 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

00:54:57.0958 4032 ProtectedStorage - ok

00:54:57.0981 4032 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

00:54:58.0023 4032 Psched - ok

00:54:58.0083 4032 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

00:54:58.0139 4032 ql2300 - ok

00:54:58.0218 4032 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

00:54:58.0248 4032 ql40xx - ok

00:54:58.0275 4032 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll

00:54:58.0394 4032 QWAVE - ok

00:54:58.0399 4032 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

00:54:58.0430 4032 QWAVEdrv - ok

00:54:58.0438 4032 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

00:54:58.0479 4032 RasAcd - ok

00:54:58.0502 4032 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

00:54:58.0536 4032 RasAgileVpn - ok

00:54:58.0551 4032 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll

00:54:58.0671 4032 RasAuto - ok

00:54:58.0683 4032 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

00:54:58.0733 4032 Rasl2tp - ok

00:54:58.0771 4032 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll

00:54:58.0903 4032 RasMan - ok

00:54:58.0912 4032 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

00:54:58.0952 4032 RasPppoe - ok

00:54:58.0965 4032 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

00:54:59.0010 4032 RasSstp - ok

00:54:59.0045 4032 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

00:54:59.0095 4032 rdbss - ok

00:54:59.0136 4032 RDID1104 (124f9ee38c0255dfa46e10905a958bd9) C:\Windows\system32\Drivers\rdwm1104.sys

00:54:59.0186 4032 RDID1104 - ok

00:54:59.0195 4032 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

00:54:59.0229 4032 rdpbus - ok

00:54:59.0254 4032 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

00:54:59.0292 4032 RDPCDD - ok

00:54:59.0324 4032 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

00:54:59.0369 4032 RDPDR - ok

00:54:59.0390 4032 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

00:54:59.0434 4032 RDPENCDD - ok

00:54:59.0447 4032 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

00:54:59.0488 4032 RDPREFMP - ok

00:54:59.0541 4032 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys

00:54:59.0585 4032 RdpVideoMiniport - ok

00:54:59.0642 4032 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys

00:54:59.0691 4032 RDPWD - ok

00:54:59.0724 4032 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

00:54:59.0758 4032 rdyboost - ok

00:54:59.0795 4032 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll

00:54:59.0942 4032 RemoteAccess - ok

00:54:59.0966 4032 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll

00:55:00.0092 4032 RemoteRegistry - ok

00:55:00.0108 4032 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll

00:55:00.0228 4032 RpcEptMapper - ok

00:55:00.0240 4032 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe

00:55:00.0324 4032 RpcLocator - ok

00:55:00.0371 4032 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

00:55:00.0492 4032 RpcSs - ok

00:55:00.0534 4032 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

00:55:00.0574 4032 rspndr - ok

00:55:00.0597 4032 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

00:55:00.0649 4032 s3cap - ok

00:55:00.0674 4032 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

00:55:00.0750 4032 SamSs - ok

00:55:00.0784 4032 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

00:55:00.0815 4032 sbp2port - ok

00:55:00.0831 4032 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll

00:55:00.0958 4032 SCardSvr - ok

00:55:00.0977 4032 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

00:55:01.0016 4032 scfilter - ok

00:55:01.0164 4032 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll

00:55:01.0311 4032 Schedule - ok

00:55:01.0326 4032 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

00:55:01.0368 4032 SCPolicySvc - ok

00:55:01.0384 4032 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll

00:55:01.0513 4032 SDRSVC - ok

00:55:01.0606 4032 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

00:55:01.0626 4032 SeaPort - ok

00:55:01.0658 4032 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

00:55:01.0702 4032 secdrv - ok

00:55:01.0718 4032 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll

00:55:01.0855 4032 seclogon - ok

00:55:01.0866 4032 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll

00:55:01.0990 4032 SENS - ok

00:55:02.0003 4032 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll

00:55:02.0120 4032 SensrSvc - ok

00:55:02.0127 4032 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

00:55:02.0173 4032 Serenum - ok

00:55:02.0185 4032 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

00:55:02.0231 4032 Serial - ok

00:55:02.0253 4032 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

00:55:02.0291 4032 sermouse - ok

00:55:02.0328 4032 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll

00:55:02.0461 4032 SessionEnv - ok

00:55:02.0478 4032 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

00:55:02.0523 4032 sffdisk - ok

00:55:02.0531 4032 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

00:55:02.0573 4032 sffp_mmc - ok

00:55:02.0586 4032 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

00:55:02.0631 4032 sffp_sd - ok

00:55:02.0643 4032 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

00:55:02.0673 4032 sfloppy - ok

00:55:02.0708 4032 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll

00:55:02.0789 4032 SharedAccess - ok

00:55:02.0832 4032 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll

00:55:02.0959 4032 ShellHWDetection - ok

00:55:02.0986 4032 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

00:55:03.0017 4032 sisagp - ok

00:55:03.0039 4032 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

00:55:03.0068 4032 SiSRaid2 - ok

00:55:03.0078 4032 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

00:55:03.0110 4032 SiSRaid4 - ok

00:55:03.0131 4032 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

00:55:03.0171 4032 Smb - ok

00:55:03.0191 4032 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe

00:55:03.0313 4032 SNMPTRAP - ok

00:55:03.0323 4032 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

00:55:03.0353 4032 spldr - ok

00:55:03.0397 4032 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe

00:55:03.0535 4032 Spooler - ok

00:55:03.0681 4032 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe

00:55:03.0858 4032 sppsvc - ok

00:55:03.0938 4032 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll

00:55:04.0080 4032 sppuinotify - ok

00:55:04.0133 4032 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

00:55:04.0185 4032 srv - ok

00:55:04.0228 4032 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

00:55:04.0269 4032 srv2 - ok

00:55:04.0303 4032 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

00:55:04.0334 4032 srvnet - ok

00:55:04.0362 4032 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll

00:55:04.0495 4032 SSDPSRV - ok

00:55:04.0509 4032 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll

00:55:04.0651 4032 SstpSvc - ok

00:55:04.0753 4032 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

00:55:04.0777 4032 Stereo Service - ok

00:55:04.0788 4032 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

00:55:04.0818 4032 stexstor - ok

00:55:04.0860 4032 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll

00:55:05.0003 4032 StiSvc - ok

00:55:05.0026 4032 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys

00:55:05.0058 4032 storflt - ok

00:55:05.0069 4032 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

00:55:05.0098 4032 storvsc - ok

00:55:05.0127 4032 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

00:55:05.0158 4032 swenum - ok

00:55:05.0179 4032 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll

00:55:05.0307 4032 swprv - ok

00:55:05.0310 4032 Synth3dVsc - ok

00:55:05.0380 4032 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll

00:55:05.0525 4032 SysMain - ok

00:55:05.0547 4032 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll

00:55:05.0681 4032 TabletInputService - ok

00:55:05.0709 4032 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll

00:55:05.0855 4032 TapiSrv - ok

00:55:05.0866 4032 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll

00:55:06.0001 4032 TBS - ok

00:55:06.0099 4032 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys

00:55:06.0153 4032 Tcpip - ok

00:55:06.0174 4032 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys

00:55:06.0217 4032 TCPIP6 - ok

00:55:06.0302 4032 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

00:55:06.0345 4032 tcpipreg - ok

00:55:06.0378 4032 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

00:55:06.0428 4032 TDPIPE - ok

00:55:06.0452 4032 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys

00:55:06.0481 4032 TDTCP - ok

00:55:06.0509 4032 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

00:55:06.0550 4032 tdx - ok

00:55:06.0581 4032 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

00:55:06.0613 4032 TermDD - ok

00:55:06.0663 4032 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll

00:55:06.0796 4032 TermService - ok

00:55:06.0806 4032 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll

00:55:06.0941 4032 Themes - ok

00:55:06.0951 4032 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

00:55:07.0044 4032 THREADORDER - ok

00:55:07.0059 4032 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll

00:55:07.0201 4032 TrkWks - ok

00:55:07.0244 4032 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe

00:55:07.0285 4032 TrustedInstaller - ok

00:55:07.0311 4032 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

00:55:07.0350 4032 tssecsrv - ok

00:55:07.0377 4032 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

00:55:07.0420 4032 TsUsbFlt - ok

00:55:07.0422 4032 tsusbhub - ok

00:55:07.0460 4032 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

00:55:07.0508 4032 tunnel - ok

00:55:07.0528 4032 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

00:55:07.0556 4032 uagp35 - ok

00:55:07.0597 4032 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

00:55:07.0653 4032 udfs - ok

00:55:07.0664 4032 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe

00:55:07.0801 4032 UI0Detect - ok

00:55:07.0819 4032 ULCDRHlp (a4e07da3ae2078bd96e84d4baa07b71d) C:\Windows\system32\Drivers\ULCDRHlp.sys

00:55:07.0839 4032 ULCDRHlp ( UnsignedFile.Multi.Generic ) - warning

00:55:07.0839 4032 ULCDRHlp - detected UnsignedFile.Multi.Generic (1)

00:55:07.0862 4032 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

00:55:07.0890 4032 uliagpkx - ok

00:55:07.0915 4032 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys

00:55:07.0951 4032 umbus - ok

00:55:07.0963 4032 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

00:55:07.0997 4032 UmPass - ok

00:55:08.0038 4032 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll

00:55:08.0184 4032 UmRdpService - ok

00:55:08.0286 4032 UmxEngine (a6d4800135180ebb6582768c4981a193) C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe

00:55:08.0306 4032 UmxEngine - ok

00:55:08.0338 4032 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll

00:55:08.0488 4032 upnphost - ok

00:55:08.0516 4032 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

00:55:08.0543 4032 USBAAPL ( UnsignedFile.Multi.Generic ) - warning

00:55:08.0546 4032 USBAAPL - detected UnsignedFile.Multi.Generic (1)

00:55:08.0571 4032 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

00:55:08.0618 4032 usbccgp - ok

00:55:08.0631 4032 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

00:55:08.0663 4032 usbcir - ok

00:55:08.0698 4032 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

00:55:08.0728 4032 usbehci - ok

00:55:08.0763 4032 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

00:55:08.0802 4032 usbhub - ok

00:55:08.0819 4032 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

00:55:08.0863 4032 usbohci - ok

00:55:08.0875 4032 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

00:55:08.0911 4032 usbprint - ok

00:55:08.0930 4032 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

00:55:08.0973 4032 USBSTOR - ok

00:55:08.0982 4032 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys

00:55:09.0015 4032 usbuhci - ok

00:55:09.0041 4032 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll

00:55:09.0196 4032 UxSms - ok

00:55:09.0223 4032 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

00:55:09.0299 4032 VaultSvc - ok

00:55:09.0325 4032 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

00:55:09.0354 4032 vdrvroot - ok

00:55:09.0397 4032 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe

00:55:09.0549 4032 vds - ok

00:55:09.0568 4032 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

00:55:09.0611 4032 vga - ok

00:55:09.0618 4032 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

00:55:09.0662 4032 VgaSave - ok

00:55:09.0665 4032 VGPU - ok

00:55:09.0695 4032 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

00:55:09.0725 4032 vhdmp - ok

00:55:09.0747 4032 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

00:55:09.0776 4032 viaagp - ok

00:55:09.0790 4032 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

00:55:09.0833 4032 ViaC7 - ok

00:55:09.0843 4032 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

00:55:09.0873 4032 viaide - ok

00:55:09.0910 4032 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys

00:55:09.0943 4032 vmbus - ok

00:55:09.0963 4032 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

00:55:09.0993 4032 VMBusHID - ok

00:55:10.0015 4032 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

00:55:10.0048 4032 volmgr - ok

00:55:10.0073 4032 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

00:55:10.0118 4032 volmgrx - ok

00:55:10.0138 4032 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

00:55:10.0173 4032 volsnap - ok

00:55:10.0195 4032 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

00:55:10.0225 4032 vsmraid - ok

00:55:10.0295 4032 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe

00:55:10.0452 4032 VSS - ok

00:55:10.0460 4032 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

00:55:10.0502 4032 vwifibus - ok

00:55:10.0535 4032 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll

00:55:10.0684 4032 W32Time - ok

00:55:10.0695 4032 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

00:55:10.0736 4032 WacomPen - ok

00:55:10.0767 4032 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

00:55:10.0809 4032 WANARP - ok

00:55:10.0812 4032 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

00:55:10.0852 4032 Wanarpv6 - ok

00:55:10.0931 4032 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe

00:55:10.0980 4032 WatAdminSvc - ok

00:55:11.0038 4032 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe

00:55:11.0205 4032 wbengine - ok

00:55:11.0222 4032 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll

00:55:11.0400 4032 WbioSrvc - ok

00:55:11.0635 4032 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll

00:55:11.0827 4032 wcncsvc - ok

00:55:11.0868 4032 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll

00:55:12.0015 4032 WcsPlugInService - ok

00:55:12.0052 4032 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

00:55:12.0085 4032 Wd - ok

00:55:12.0117 4032 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

00:55:12.0157 4032 Wdf01000 - ok

00:55:12.0167 4032 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

00:55:12.0315 4032 WdiServiceHost - ok

00:55:12.0318 4032 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

00:55:12.0456 4032 WdiSystemHost - ok

00:55:12.0486 4032 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll

00:55:12.0633 4032 WebClient - ok

00:55:12.0649 4032 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll

00:55:12.0803 4032 Wecsvc - ok

00:55:12.0809 4032 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll

00:55:12.0952 4032 wercplsupport - ok

00:55:12.0977 4032 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll

00:55:13.0122 4032 WerSvc - ok

00:55:13.0134 4032 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

00:55:13.0177 4032 WfpLwf - ok

00:55:13.0187 4032 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

00:55:13.0219 4032 WIMMount - ok

00:55:13.0289 4032 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll

00:55:13.0332 4032 WinDefend - ok

00:55:13.0334 4032 WinHttpAutoProxySvc - ok

00:55:13.0377 4032 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll

00:55:13.0427 4032 Winmgmt - ok

00:55:13.0503 4032 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll

00:55:13.0680 4032 WinRM - ok

00:55:13.0747 4032 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.sys

00:55:13.0788 4032 WinUsb - ok

00:55:13.0833 4032 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll

00:55:13.0987 4032 Wlansvc - ok

00:55:14.0036 4032 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

00:55:14.0054 4032 wlcrasvc - ok

00:55:14.0153 4032 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

00:55:14.0188 4032 wlidsvc - ok

00:55:14.0264 4032 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

00:55:14.0300 4032 WmiAcpi - ok

00:55:14.0344 4032 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe

00:55:14.0381 4032 wmiApSrv - ok

00:55:14.0491 4032 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe

00:55:14.0536 4032 WMPNetworkSvc - ok

00:55:14.0621 4032 WMZuneComm (017695393afffed8de58abd1b085be6d) C:\Program Files\Zune\WMZuneComm.exe

00:55:14.0649 4032 WMZuneComm - ok

00:55:14.0691 4032 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll

00:55:14.0841 4032 WPCSvc - ok

00:55:14.0869 4032 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll

00:55:15.0019 4032 WPDBusEnum - ok

00:55:15.0049 4032 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

00:55:15.0100 4032 ws2ifsl - ok

00:55:15.0140 4032 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys

00:55:15.0170 4032 WsAudio_DeviceS(1) - ok

00:55:15.0211 4032 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys

00:55:15.0240 4032 WsAudio_DeviceS(2) - ok

00:55:15.0254 4032 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys

00:55:15.0284 4032 WsAudio_DeviceS(3) - ok

00:55:15.0293 4032 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys

00:55:15.0319 4032 WsAudio_DeviceS(4) - ok

00:55:15.0329 4032 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys

00:55:15.0355 4032 WsAudio_DeviceS(5) - ok

00:55:15.0369 4032 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll

00:55:15.0523 4032 wscsvc - ok

00:55:15.0526 4032 WSearch - ok

00:55:15.0624 4032 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll

00:55:15.0803 4032 wuauserv - ok

00:55:15.0886 4032 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

00:55:15.0931 4032 WudfPf - ok

00:55:15.0963 4032 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

00:55:16.0018 4032 WUDFRd - ok

00:55:16.0051 4032 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll

00:55:16.0201 4032 wudfsvc - ok

00:55:16.0216 4032 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll

00:55:16.0371 4032 WwanSvc - ok

00:55:16.0670 4032 ZuneNetworkSvc (1076df9ade4e13ea3bf39d2165aeb903) C:\Program Files\Zune\ZuneNss.exe

00:55:16.0803 4032 ZuneNetworkSvc - ok

00:55:16.0943 4032 ZuneWlanCfgSvc (de1cdb333a402b279f04d627122fa08e) C:\Program Files\Zune\ZuneWlanCfgSvc.exe

00:55:16.0981 4032 ZuneWlanCfgSvc - ok

00:55:17.0013 4032 MBR (0x1B8) (3dfbd33517922022aab2367021b4bbec) \Device\Harddisk1\DR1

00:55:17.0013 4032 \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - infected

00:55:17.0014 4032 \Device\Harddisk1\DR1 - detected Rootkit.Boot.Wistler.a (0)

00:55:17.0079 4032 MBR (0x1B8) (3dfbd33517922022aab2367021b4bbec) \Device\Harddisk0\DR0

00:55:17.0105 4032 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - infected

00:55:17.0105 4032 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Wistler.a (0)

00:55:17.0162 4032 Boot (0x1200) (cebfdbc78ba272bf81848735d64959d4) \Device\Harddisk1\DR1\Partition0

00:55:17.0163 4032 \Device\Harddisk1\DR1\Partition0 - ok

00:55:17.0189 4032 Boot (0x1200) (8d15facad6c373948c49cc2bba9b1f54) \Device\Harddisk0\DR0\Partition0

00:55:17.0190 4032 \Device\Harddisk0\DR0\Partition0 - ok

00:55:17.0199 4032 Boot (0x1200) (5bbbf6c859f2d5bfcdcb3cca8e2f226d) \Device\Harddisk0\DR0\Partition1

00:55:17.0200 4032 \Device\Harddisk0\DR0\Partition1 - ok

00:55:17.0200 4032 ============================================================

00:55:17.0200 4032 Scan finished

00:55:17.0200 4032 ============================================================

00:55:17.0207 3420 Detected object count: 13

00:55:17.0207 3420 Actual detected object count: 13

00:56:26.0345 3420 EIO_XP ( UnsignedFile.Multi.Generic ) - skipped by user

00:56:26.0345 3420 EIO_XP ( UnsignedFile.Multi.Generic ) - User select action: Skip

00:56:26.0345 3420 Foxtel ( UnsignedFile.Multi.Generic ) - skipped by user

00:56:26.0346 3420 Foxtel ( UnsignedFile.Multi.Generic ) - User select action: Skip

00:56:26.0346 3420 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user

00:56:26.0346 3420 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip

00:56:26.0347 3420 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user

00:56:26.0347 3420 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

00:56:26.0348 3420 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user

00:56:26.0348 3420 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip

00:56:26.0349 3420 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

00:56:26.0349 3420 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

00:56:26.0350 3420 MDM ( UnsignedFile.Multi.Generic ) - skipped by user

00:56:26.0350 3420 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip

00:56:26.0351 3420 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

00:56:26.0351 3420 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

00:56:26.0352 3420 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

00:56:26.0352 3420 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

00:56:26.0353 3420 ULCDRHlp ( UnsignedFile.Multi.Generic ) - skipped by user

00:56:26.0353 3420 ULCDRHlp ( UnsignedFile.Multi.Generic ) - User select action: Skip

00:56:26.0355 3420 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user

00:56:26.0355 3420 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip

00:56:26.0454 3420 \Device\Harddisk1\DR1\# - copied to quarantine

00:56:26.0454 3420 \Device\Harddisk1\DR1 - copied to quarantine

00:56:26.0455 3420 \Device\Harddisk1\DR1 - processing error

01:02:27.0286 3420 \Device\Harddisk1\DR1 - will be restored on reboot

01:02:27.0286 3420 \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - User select action: Cure Restore

01:02:28.0018 3420 \Device\Harddisk0\DR0\# - copied to quarantine

01:02:28.0019 3420 \Device\Harddisk0\DR0 - copied to quarantine

01:02:28.0027 3420 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - will be cured on reboot

01:02:28.0028 3420 \Device\Harddisk0\DR0 - ok

01:02:28.0028 3420 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - User select action: Cure

01:02:43.0380 2852 Deinitialize success

Link to post
Share on other sites

That's good news :)

Please do this: (I have to leave the forum for a while, I'll be back later)

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Hi MrC,

I had to uninstall Total Defence as Combofix wouldn't run with it installed (even after disabling - it said it was dangerous :o )

Here is the Combofix.txt. I am going to bed now, (it is just past 2am here) so take your time to respond... Thanks again.

ComboFix 12-06-28.03 - Daniel 01/07/2012 1:45.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3327.1964 [GMT 10:00]

Running from: c:\users\Daniel\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_NPF

.

.

((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-30 )))))))))))))))))))))))))))))))

.

.

2012-06-30 15:52 . 2012-06-30 15:52 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-06-30 15:52 . 2012-06-30 15:52 -------- d-----w- c:\users\Stephanie\AppData\Local\temp

2012-06-30 15:52 . 2012-06-30 15:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-30 15:52 . 2012-06-30 15:52 -------- d-----w- c:\users\Amanda\AppData\Local\temp

2012-06-28 20:58 . 2012-06-28 20:58 -------- d-----w- c:\users\Daniel\AppData\Local\Qurb4

2012-06-28 12:47 . 2011-12-20 07:08 97328 ----a-w- c:\windows\system32\Vetredir.dll

2012-06-28 12:47 . 2011-12-20 07:08 130096 ----a-w- c:\windows\system32\Isafeif.dll

2012-06-28 12:44 . 2012-06-30 15:37 -------- d-----w- c:\windows\rnapxs

2012-06-28 12:44 . 2012-06-28 12:44 -------- d-----w- c:\program files\Common Files\Scanner

2012-06-21 04:49 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 04:49 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 04:49 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 04:49 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 04:49 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-21 04:49 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 04:49 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 04:49 . 2012-06-02 05:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 04:49 . 2012-06-02 05:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-20 10:56 . 2012-06-20 10:56 -------- d-----w- c:\users\Daniel\AppData\Roaming\print@camerahouse

2012-06-20 10:55 . 2012-06-20 10:55 -------- d-----w- c:\programdata\print@camerahouse

2012-06-20 10:55 . 2012-06-20 10:55 -------- d-----w- c:\program files\print@camerahouse

2012-06-14 02:35 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys

2012-06-14 02:35 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll

2012-06-14 02:35 . 2012-04-28 04:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll

2012-06-14 02:35 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-14 02:35 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-14 02:35 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-14 02:35 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-14 02:35 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-06-14 02:35 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll

2012-06-14 02:35 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-14 02:35 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-10 00:21 . 2012-06-10 00:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2012-06-10 00:21 . 2012-06-10 00:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2012-06-10 00:21 . 2012-06-10 00:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2012-06-10 00:21 . 2012-06-10 00:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2012-06-10 00:21 . 2012-06-10 00:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2012-06-10 00:21 . 2012-06-10 00:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2012-06-10 00:21 . 2012-06-10 00:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2012-06-10 00:21 . 2012-06-10 00:21 -------- d-----w- c:\program files\QuickTime

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-14 09:32 . 2012-04-10 08:23 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-14 09:32 . 2011-06-14 09:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-18 10:56 . 2012-04-18 10:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-04-18 10:56 . 2012-04-18 10:56 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"

[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]

2012-01-18 02:25 1476448 ----a-w- c:\program files\ASUS\ASUS WebStorage\3.0.130.270\AsusWSShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"

[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]

2012-01-18 02:25 1476448 ----a-w- c:\program files\ASUS\ASUS WebStorage\3.0.130.270\AsusWSShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]

@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"

[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]

2012-01-18 02:25 1476448 ----a-w- c:\program files\ASUS\ASUS WebStorage\3.0.130.270\AsusWSShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2008-06-30 1150976]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2008-07-23 5625344]

"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-05-26 1423360]

"QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2008-05-05 594432]

"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-24 7514656]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1298320]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]

"ASUS Sync Loader"="c:\program files\ASUS\ASUS Sync\asusUPCTLoader.exe" [2012-04-20 638976]

"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.130.270\AsusWSPanel.exe" [2012-01-18 740192]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

PC Probe II V1.04.60.lnk - c:\program files\ASUS\PC Probe II\Probe2.exe [2010-4-24 2142720]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-6-28 813584]

Philips Device Manager.lnk - c:\program files\Philips\GoGear Mix Device Manager\main.exe [2011-6-29 124816]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2009-07-20 02:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R3 14132;14132;c:\windows\system32\DRIVERS\14132 [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 RDID1104;ME-25;c:\windows\system32\Drivers\rdwm1104.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [x]

R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]

R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]

R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]

R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]

R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

S2 Foxtel;Foxtel Download Manager;c:\program files\FOXTEL\Download Player\Download Control\DCBin\DCService.exe [x]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S3 AVerBDA6x;AVerBDA6x service;c:\windows\system32\DRIVERS\AVerBDA716x.sys [x]

S3 AVerIR;AVerMedia Infrared Receiver;c:\windows\system32\DRIVERS\AVerIR.sys [x]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [x]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 09:32]

.

2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3561972997-2194248060-3187249888-1001Core.job

- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-13 15:25]

.

2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3561972997-2194248060-3187249888-1001UA.job

- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-13 15:25]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: jr.com.au\remote

Trusted Zone: qld.gov.au\citrixgw.treasury

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe

Notify-PFW - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Foxtel]

"ImagePath"="\"c:\program files\FOXTEL\Download Player\Download Control\DCBin\DCService.exe\" /accountid:Foxtel"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\14132]

"ImagePath"="System32\DRIVERS\14132"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,

07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,

6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,

9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,

fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42

"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,

51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:a6,ca,e3,fc,dc,07,cd,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,12,92,2b,e1,a4,cd,22,46,83,da,99,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,12,92,2b,e1,a4,cd,22,46,83,da,99,\

.

[HKEY_USERS\S-1-5-21-3561972997-2194248060-3187249888-1001\Software\SecuROM\License information*]

"datasecu"=hex:c4,70,b6,32,56,26,5e,e7,fb,c4,1d,70,5b,5f,1c,41,be,c7,5a,d3,c8,

76,db,98,c8,11,2a,23,58,d8,a9,e8,51,2d,f0,8c,28,3f,05,8c,62,fd,34,cd,44,06,\

"rkeysecu"=hex:20,b7,bd,f5,5f,1c,67,ae,50,39,82,4c,f3,1c,b3,69

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(4676)

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\program files\ASUS\ASUS WebStorage\3.0.130.270\ASUSWSShellExt.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\NVIDIA Corporation\Display\nvxdsync.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\program files\Citrix\ICA Client\wfcrun32.exe

c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

c:\program files\NVIDIA Corporation\Display\nvtray.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\ASUS\AASP\1.00.80\aaCenter.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

c:\windows\system32\DllHost.exe

c:\windows\system32\sppsvc.exe

c:\windows\system32\taskhost.exe

.

**************************************************************************

.

Completion time: 2012-07-01 02:05:02 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-30 16:04

.

Pre-Run: 365,051,281,408 bytes free

Post-Run: 366,018,895,872 bytes free

.

- - End Of File - - 57A136B77D4C22DFEBBA3FADF57B0B4D

Link to post
Share on other sites

HI MrC,

I ran a scan with MBAM, but it never picked anything up the whole time the problem was there (I have it scheduled to update and quick scan daily with weekly full scans). Here is the MBAM log

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.30.07

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Daniel :: OFFICE [administrator]

Protection: Enabled

1/07/2012 9:04:56 AM

mbam-log-2012-07-01 (09-04-56).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 279951

Time elapsed: 3 minute(s), 32 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Hi MrC,

The full scan came up with nothing. Is there anything further needed?

With Total Defense and MBAM not picking up the original rootkit, is there any online scanner that I can use to regularly test for these (without the ads playing I would have been none the wiser...)

Cheers

Dan

Link to post
Share on other sites

Well the scan DDS picked it up:

Warning: possible TDL4 rootkit infection !

TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

and RogueKiller sees it:

¤¤¤ Infection : Root.MBR ¤¤¤

but the key is prevention.

----------------------------------

A little clean up to do....

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.