Jump to content

infected with Trojan Horse Generic29.AFQ


Recommended Posts

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Jeff C at 9:15:00 on 2012-08-05

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3581.2605 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Funk Software\Proxy Host\PH32SVC.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Funk Software\Proxy Host\phtray.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\WINDOWS\system32\wscntfy.exe

D:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Real\RealPlayer\update\realsched.exe

C:\Documents and Settings\Jeff C\Local Settings\Application Data\Akamai\netsession_win.exe

C:\Program Files\Nevis Systems\CheckPOP\checkpop.exe

C:\Documents and Settings\Jeff C\Local Settings\Application Data\Akamai\netsession_win.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\OUTLOOK EXPRESS\MSIMN.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.bing.com

uSearch Bar = hxxp://www.bing.com/sphome.aspx

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

mSearchAssistant = hxxp://www.bing.com/sphome.aspx

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [Akamai NetSession Interface] "c:\documents and settings\jeff c\local settings\application data\akamai\netsession_win.exe"

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [ProxyHostTrayIcon] "c:\program files\funk software\proxy host\phtray.exe"

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"

mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r

mRun: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\checkpop.lnk - c:\program files\nevis systems\checkpop\checkpop.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1325097678890

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

TCP: Interfaces\{9C5A8602-80C1-4377-95F5-4B69097214DE} : NameServer = 65.43.19.26,206.141.192.60

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Notify: AtiExtEvent - Ati2evxx.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\jeff c\application data\mozilla\firefox\profiles\w71w8tnp.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll

FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 31952]

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2010-10-6 24064]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 235216]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 41040]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 193288]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-30 250056]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== File Associations ===============

.

.scr=AutoCADLTScriptFile

.

=============== Created Last 30 ================

.

2012-07-23 16:40:14 -------- d-----w- c:\program files\MediaFire

2012-07-13 20:25:05 -------- d-----w- c:\documents and settings\jeff c\application data\Malwarebytes

2012-07-13 20:24:55 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-07-13 20:24:54 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-13 20:24:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

==================== Find3M ====================

.

2012-08-03 17:38:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-03 17:38:21 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-05 21:08:06 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-07-05 21:08:06 348160 ----a-w- c:\windows\system32\msvcr71.dll

.

============= FINISH: 9:15:21.50 ===============

Link to post
Share on other sites

RogueKiller V7.6.5 [08/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Jeff C [Admin rights]

Mode: Scan -- Date: 08/05/2012 09:17:49

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{9C5A8602-80C1-4377-95F5-4B69097214DE} : NameServer (65.43.19.26,206.141.192.60) -> FOUND

[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{9C5A8602-80C1-4377-95F5-4B69097214DE} : NameServer (65.43.19.26,206.141.192.60) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3320418AS +++++

--- User ---

[MBR] d192f7de5bc26586e4692615a8c24809

[bSP] 57ebeff2313f991a6fe753b171cc7198 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 305203 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: ST3320418AS +++++

--- User ---

[MBR] cc5757a00ca0f3ed30e2c0c31b17b303

[bSP] d41a18f1611c91a26d186101c9518af9 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 16065 | Size: 305235 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

sorry, here is the other report from the DDS

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 12/28/2011 10:16:57 AM

System Uptime: 8/5/2012 6:18:49 AM (3 hours ago)

.

Motherboard: Dell Inc. | | 09KPNV

Processor: Intel® Xeon® CPU W3503 @ 2.40GHz | CPU | 2400/4800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 298 GiB total, 279.255 GiB free.

D: is FIXED (NTFS) - 298 GiB total, 292.522 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

X: is NetworkDisk (NTFS) - 1373 GiB total, 1358.44 GiB free.

Y: is NetworkDisk (NTFS) - 279 GiB total, 194.328 GiB free.

Z: is NetworkDisk (NTFS) - 15 GiB total, 13.283 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Broadcom NetXtreme 57xx Gigabit Controller

Device ID: PCI\VEN_14E4&DEV_1681&SUBSYS_02931028&REV_10\4&1A60CBFD&0&00E5

Manufacturer: Broadcom

Name: Broadcom NetXtreme 57xx Gigabit Controller

PNP Device ID: PCI\VEN_14E4&DEV_1681&SUBSYS_02931028&REV_10\4&1A60CBFD&0&00E5

Service: b57w2k

.

==== System Restore Points ===================

.

RP164: 5/7/2012 6:48:46 PM - System Checkpoint

RP165: 5/8/2012 7:47:46 PM - System Checkpoint

RP166: 5/9/2012 8:47:46 PM - System Checkpoint

RP167: 5/10/2012 9:46:44 PM - System Checkpoint

RP168: 5/11/2012 10:46:45 PM - System Checkpoint

RP169: 5/12/2012 11:45:44 PM - System Checkpoint

RP170: 5/14/2012 12:45:45 AM - System Checkpoint

RP171: 5/15/2012 1:56:45 AM - System Checkpoint

RP172: 5/16/2012 2:43:43 AM - System Checkpoint

RP173: 5/17/2012 3:42:07 AM - System Checkpoint

RP174: 5/18/2012 3:42:43 AM - System Checkpoint

RP175: 5/19/2012 4:42:43 AM - System Checkpoint

RP176: 5/20/2012 9:25:54 AM - System Checkpoint

RP177: 5/21/2012 9:46:59 AM - System Checkpoint

RP178: 5/22/2012 9:58:15 AM - System Checkpoint

RP179: 5/23/2012 11:58:20 AM - System Checkpoint

RP180: 5/24/2012 12:11:13 PM - System Checkpoint

RP181: 5/25/2012 12:40:48 PM - System Checkpoint

RP182: 5/26/2012 1:39:44 PM - System Checkpoint

RP183: 5/27/2012 2:39:44 PM - System Checkpoint

RP184: 5/28/2012 3:39:44 PM - System Checkpoint

RP185: 5/29/2012 5:46:28 PM - System Checkpoint

RP186: 5/30/2012 5:59:44 PM - System Checkpoint

RP187: 5/31/2012 6:37:42 PM - System Checkpoint

RP188: 6/1/2012 7:37:43 PM - System Checkpoint

RP189: 6/2/2012 8:36:41 PM - System Checkpoint

RP190: 6/3/2012 8:48:42 PM - System Checkpoint

RP191: 6/4/2012 5:56:34 AM - Installed AVG 2012

RP192: 6/5/2012 7:21:13 AM - System Checkpoint

RP193: 6/6/2012 8:19:50 AM - System Checkpoint

RP194: 6/7/2012 10:30:05 AM - System Checkpoint

RP195: 6/8/2012 12:00:00 PM - System Checkpoint

RP196: 6/9/2012 12:33:42 PM - System Checkpoint

RP197: 6/10/2012 1:33:42 PM - System Checkpoint

RP198: 6/11/2012 1:50:32 PM - System Checkpoint

RP199: 6/12/2012 3:13:05 PM - System Checkpoint

RP200: 6/13/2012 4:28:01 PM - System Checkpoint

RP201: 6/14/2012 4:28:56 PM - System Checkpoint

RP202: 6/15/2012 5:07:37 PM - System Checkpoint

RP203: 6/16/2012 5:41:39 PM - System Checkpoint

RP204: 6/17/2012 6:41:39 PM - System Checkpoint

RP205: 6/18/2012 7:28:38 PM - System Checkpoint

RP206: 6/19/2012 8:27:37 PM - System Checkpoint

RP207: 6/20/2012 6:13:20 AM - Removed Microsoft Visual C++ 2005 Redistributable

RP208: 6/21/2012 6:39:38 AM - System Checkpoint

RP209: 6/22/2012 7:26:37 AM - System Checkpoint

RP210: 6/23/2012 8:38:38 AM - System Checkpoint

RP211: 6/24/2012 9:26:38 AM - System Checkpoint

RP212: 6/25/2012 9:57:38 AM - System Checkpoint

RP213: 6/26/2012 11:05:40 AM - System Checkpoint

RP214: 6/27/2012 11:56:38 AM - System Checkpoint

RP215: 6/28/2012 12:12:13 PM - System Checkpoint

RP216: 6/29/2012 12:55:36 PM - System Checkpoint

RP217: 6/30/2012 1:54:35 PM - System Checkpoint

RP218: 7/1/2012 2:53:34 PM - System Checkpoint

RP219: 7/2/2012 3:04:21 PM - System Checkpoint

RP220: 7/3/2012 3:39:29 PM - System Checkpoint

RP221: 7/4/2012 3:51:33 PM - System Checkpoint

RP222: 7/5/2012 4:54:23 PM - System Checkpoint

RP223: 7/6/2012 5:16:35 PM - System Checkpoint

RP224: 7/7/2012 5:49:32 PM - System Checkpoint

RP225: 7/8/2012 6:00:33 PM - System Checkpoint

RP226: 7/9/2012 6:48:32 PM - System Checkpoint

RP227: 7/10/2012 7:47:32 PM - System Checkpoint

RP228: 7/11/2012 8:46:31 PM - System Checkpoint

RP229: 7/12/2012 9:46:31 PM - System Checkpoint

RP230: 7/13/2012 10:45:31 PM - System Checkpoint

RP231: 7/14/2012 10:56:32 PM - System Checkpoint

RP232: 7/15/2012 11:43:30 PM - System Checkpoint

RP233: 7/17/2012 12:43:30 AM - System Checkpoint

RP234: 7/18/2012 1:42:30 AM - System Checkpoint

RP235: 7/19/2012 2:41:30 AM - System Checkpoint

RP236: 7/20/2012 3:40:29 AM - System Checkpoint

RP237: 7/21/2012 4:40:29 AM - System Checkpoint

RP238: 7/22/2012 7:59:42 AM - System Checkpoint

RP239: 7/23/2012 8:07:56 AM - System Checkpoint

RP240: 7/24/2012 8:47:40 AM - System Checkpoint

RP241: 7/24/2012 4:14:49 PM - Software Distribution Service 3.0

RP242: 7/25/2012 4:38:31 PM - System Checkpoint

RP243: 7/26/2012 5:37:26 PM - System Checkpoint

RP244: 7/27/2012 6:49:27 PM - System Checkpoint

RP245: 7/28/2012 7:49:27 PM - System Checkpoint

RP246: 7/29/2012 8:49:27 PM - System Checkpoint

RP247: 7/30/2012 9:36:25 PM - System Checkpoint

RP248: 7/31/2012 10:35:24 PM - System Checkpoint

RP249: 8/1/2012 11:35:24 PM - System Checkpoint

RP250: 8/3/2012 12:34:24 AM - System Checkpoint

RP251: 8/4/2012 1:33:24 AM - System Checkpoint

RP252: 8/5/2012 1:37:03 AM - System Checkpoint

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.1)

Adobe SVG Viewer 3.0

Akamai NetSession Interface

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Catalyst Control Center

ATI Display Driver

AutoCAD LT 2004

AutoCAD LT 97

Autodesk Architectural 2004 Object Enabler

Autodesk Express Viewer

AVG 2012

BioAPI Framework

Bonjour

Broadcom NetXtreme-I Netlink Driver and Management Installer

CAPS (Partner)

CAPS Reporting Library

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Localization All

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CheckPOP

COMcheck 3.9.0.3 (Current User)

Compatibility Pack for the 2007 Office system

Creative System Information

CutePDF Writer 2.8

DWG TrueView 2010

EPMS 3.0

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB932716-v2)

Hotfix for Windows XP (KB942288-v3)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB953955)

Hotfix for Windows XP (KB954434)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB958244)

Hotfix for Windows XP (KB958347)

Hotfix for Windows XP (KB959252)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB968764)

Hotfix for Windows XP (KB969084)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Install Network Printer Wizard

ICP Equipment Selection

Intel® Matrix Storage Manager

iTunes

Java Auto Updater

Java 6 Update 20

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office XP Small Business

Microsoft Silverlight

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual J# 2.0 Redistributable Package

Mozilla Firefox 11.0 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser (KB973685)

MSXML 6.0 Parser (KB927977)

Oce WPD

Pandora

PowerDVD DX

Proxy Host

Proxy Master

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

REScheck 4.4.2.2 (Current User)

REScheck 4.4.3.1 (Current User)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2483614)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544521)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618444)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB976325)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

Skins

Sound Blaster X-Fi Xtreme Audio

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2641690)

Update for Windows XP (KB898461)

Update for Windows XP (KB951618-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB980182)

UPEK TouchChip Fingerprint Reader

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Management Framework Core

Windows Presentation Foundation

Windows Rights Management Client Backwards Compatibility SP2

Windows Rights Management Client with Service Pack 2

Windows Search 4.0

XML Paper Specification Shared Components Pack 1.0

.

==== End Of File ===========================

Link to post
Share on other sites

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

============================================

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

Link to post
Share on other sites

10:03:28.0796 6276 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

10:03:29.0062 6276 ============================================================

10:03:29.0062 6276 Current date / time: 2012/08/05 10:03:29.0062

10:03:29.0062 6276 SystemInfo:

10:03:29.0062 6276

10:03:29.0062 6276 OS Version: 5.1.2600 ServicePack: 3.0

10:03:29.0062 6276 Product type: Workstation

10:03:29.0062 6276 ComputerName: JEFF2

10:03:29.0078 6276 UserName: Jeff C

10:03:29.0078 6276 Windows directory: C:\WINDOWS

10:03:29.0078 6276 System windows directory: C:\WINDOWS

10:03:29.0078 6276 Processor architecture: Intel x86

10:03:29.0078 6276 Number of processors: 2

10:03:29.0078 6276 Page size: 0x1000

10:03:29.0078 6276 Boot type: Normal boot

10:03:29.0078 6276 ============================================================

10:03:29.0312 6276 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

10:03:29.0312 6276 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

10:03:29.0328 6276 ============================================================

10:03:29.0328 6276 \Device\Harddisk0\DR0:

10:03:29.0328 6276 MBR partitions:

10:03:29.0328 6276 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x25419CFC

10:03:29.0328 6276 \Device\Harddisk1\DR1:

10:03:29.0328 6276 MBR partitions:

10:03:29.0328 6276 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3EC1, BlocksNum 0x25429800

10:03:29.0328 6276 ============================================================

10:03:29.0328 6276 C: <-> \Device\Harddisk0\DR0\Partition0

10:03:29.0359 6276 D: <-> \Device\Harddisk1\DR1\Partition0

10:03:29.0359 6276 ============================================================

10:03:29.0359 6276 Initialize success

10:03:29.0359 6276 ============================================================

10:03:53.0343 12168 ============================================================

10:03:53.0343 12168 Scan started

10:03:53.0343 12168 Mode: Manual; SigCheck; TDLFS;

10:03:53.0343 12168 ============================================================

10:03:55.0828 12168 Abiosdsk - ok

10:03:55.0859 12168 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

10:03:56.0046 12168 abp480n5 - ok

10:03:56.0078 12168 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

10:03:56.0140 12168 ACPI - ok

10:03:56.0140 12168 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

10:03:56.0250 12168 ACPIEC - ok

10:03:56.0281 12168 ADIHdAudAddService (053a070bd25649abbbad7862aea051d0) C:\WINDOWS\system32\drivers\ADIHdAud.sys

10:03:56.0312 12168 ADIHdAudAddService - ok

10:03:56.0421 12168 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

10:03:56.0421 12168 AdobeFlashPlayerUpdateSvc - ok

10:03:56.0500 12168 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

10:03:56.0562 12168 adpu160m - ok

10:03:56.0593 12168 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

10:03:56.0656 12168 aec - ok

10:03:56.0687 12168 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

10:03:56.0703 12168 AFD - ok

10:03:56.0718 12168 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

10:03:56.0781 12168 agp440 - ok

10:03:56.0781 12168 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

10:03:56.0875 12168 agpCPQ - ok

10:03:56.0875 12168 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

10:03:56.0906 12168 Aha154x - ok

10:03:56.0906 12168 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

10:03:56.0984 12168 aic78u2 - ok

10:03:56.0984 12168 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

10:03:57.0046 12168 aic78xx - ok

10:03:57.0062 12168 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

10:03:57.0125 12168 Alerter - ok

10:03:57.0140 12168 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

10:03:57.0171 12168 ALG - ok

10:03:57.0171 12168 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

10:03:57.0234 12168 AliIde - ok

10:03:57.0250 12168 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

10:03:57.0312 12168 alim1541 - ok

10:03:57.0312 12168 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

10:03:57.0375 12168 amdagp - ok

10:03:57.0375 12168 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

10:03:57.0421 12168 amsint - ok

10:03:57.0500 12168 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

10:03:57.0515 12168 Apple Mobile Device - ok

10:03:57.0531 12168 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

10:03:57.0562 12168 AppMgmt - ok

10:03:57.0562 12168 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

10:03:57.0640 12168 asc - ok

10:03:57.0656 12168 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

10:03:57.0671 12168 asc3350p - ok

10:03:57.0687 12168 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

10:03:57.0750 12168 asc3550 - ok

10:03:57.0812 12168 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

10:03:57.0812 12168 aspnet_state - ok

10:03:57.0828 12168 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

10:03:57.0890 12168 AsyncMac - ok

10:03:57.0906 12168 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

10:03:57.0968 12168 atapi - ok

10:03:57.0968 12168 Atdisk - ok

10:03:58.0109 12168 ati2mtag (257ec6953fc5e03f3fd3ddc722595844) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

10:03:58.0203 12168 ati2mtag - ok

10:03:58.0312 12168 AtiHdmiService (e3b9fe6d478dc12ee9fb5169ee98d1ba) C:\WINDOWS\system32\drivers\AtiHdmi.sys

10:03:58.0328 12168 AtiHdmiService - ok

10:03:58.0375 12168 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

10:03:58.0453 12168 Atmarpc - ok

10:03:58.0468 12168 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

10:03:58.0531 12168 AudioSrv - ok

10:03:58.0546 12168 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

10:03:58.0609 12168 audstub - ok

10:03:58.0812 12168 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

10:03:58.0921 12168 AVGIDSAgent - ok

10:03:59.0031 12168 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys

10:03:59.0046 12168 AVGIDSDriver - ok

10:03:59.0078 12168 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys

10:03:59.0078 12168 AVGIDSFilter - ok

10:03:59.0093 12168 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys

10:03:59.0093 12168 AVGIDSHX - ok

10:03:59.0109 12168 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys

10:03:59.0109 12168 AVGIDSShim - ok

10:03:59.0125 12168 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

10:03:59.0125 12168 Avgldx86 - ok

10:03:59.0140 12168 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

10:03:59.0140 12168 Avgmfx86 - ok

10:03:59.0140 12168 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

10:03:59.0156 12168 Avgrkx86 - ok

10:03:59.0218 12168 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe

10:03:59.0234 12168 avgwd - ok

10:03:59.0265 12168 b57w2k (741dfbf3a4dc41a400dbc71199564853) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

10:03:59.0281 12168 b57w2k - ok

10:03:59.0312 12168 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

10:03:59.0375 12168 Beep - ok

10:03:59.0406 12168 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

10:03:59.0484 12168 BITS - ok

10:03:59.0500 12168 Blfp (673c79036ab4a47bb8ad555d84ffe42d) C:\WINDOWS\system32\DRIVERS\baspxp32.sys

10:03:59.0531 12168 Blfp - ok

10:03:59.0578 12168 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

10:03:59.0593 12168 Bonjour Service - ok

10:03:59.0625 12168 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

10:03:59.0687 12168 Browser - ok

10:03:59.0703 12168 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

10:03:59.0781 12168 cbidf - ok

10:03:59.0781 12168 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

10:03:59.0859 12168 cbidf2k - ok

10:03:59.0859 12168 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

10:03:59.0906 12168 cd20xrnt - ok

10:03:59.0937 12168 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

10:04:00.0000 12168 Cdaudio - ok

10:04:00.0015 12168 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

10:04:00.0078 12168 Cdfs - ok

10:04:00.0109 12168 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

10:04:00.0140 12168 Cdrom - ok

10:04:00.0140 12168 Changer - ok

10:04:00.0156 12168 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

10:04:00.0234 12168 CiSvc - ok

10:04:00.0234 12168 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

10:04:00.0312 12168 ClipSrv - ok

10:04:00.0359 12168 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:04:00.0359 12168 clr_optimization_v2.0.50727_32 - ok

10:04:00.0390 12168 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

10:04:00.0406 12168 clr_optimization_v4.0.30319_32 - ok

10:04:00.0421 12168 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

10:04:00.0484 12168 CmdIde - ok

10:04:00.0500 12168 COMSysApp - ok

10:04:00.0500 12168 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

10:04:00.0578 12168 Cpqarray - ok

10:04:00.0593 12168 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

10:04:00.0656 12168 CryptSvc - ok

10:04:00.0671 12168 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

10:04:00.0734 12168 dac2w2k - ok

10:04:00.0734 12168 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

10:04:00.0796 12168 dac960nt - ok

10:04:00.0828 12168 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

10:04:00.0843 12168 DcomLaunch - ok

10:04:00.0875 12168 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

10:04:00.0937 12168 Dhcp - ok

10:04:00.0968 12168 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

10:04:01.0031 12168 Disk - ok

10:04:01.0031 12168 dmadmin - ok

10:04:01.0093 12168 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

10:04:01.0156 12168 dmboot - ok

10:04:01.0171 12168 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

10:04:01.0234 12168 dmio - ok

10:04:01.0250 12168 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

10:04:01.0312 12168 dmload - ok

10:04:01.0312 12168 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

10:04:01.0484 12168 dmserver - ok

10:04:01.0500 12168 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

10:04:01.0578 12168 DMusic - ok

10:04:01.0609 12168 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

10:04:01.0625 12168 Dnscache - ok

10:04:01.0640 12168 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

10:04:01.0703 12168 Dot3svc - ok

10:04:01.0718 12168 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

10:04:01.0781 12168 dpti2o - ok

10:04:01.0796 12168 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

10:04:01.0859 12168 drmkaud - ok

10:04:01.0890 12168 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

10:04:01.0968 12168 EapHost - ok

10:04:01.0968 12168 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

10:04:02.0046 12168 ERSvc - ok

10:04:02.0078 12168 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

10:04:02.0093 12168 Eventlog - ok

10:04:02.0093 12168 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

10:04:02.0140 12168 EventSystem - ok

10:04:02.0187 12168 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

10:04:02.0250 12168 Fastfat - ok

10:04:02.0265 12168 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

10:04:02.0296 12168 FastUserSwitchingCompatibility - ok

10:04:02.0296 12168 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

10:04:02.0375 12168 Fdc - ok

10:04:02.0390 12168 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

10:04:02.0453 12168 Fips - ok

10:04:02.0468 12168 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

10:04:02.0531 12168 Flpydisk - ok

10:04:02.0546 12168 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

10:04:02.0609 12168 FltMgr - ok

10:04:02.0671 12168 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

10:04:02.0687 12168 FontCache3.0.0.0 - ok

10:04:02.0687 12168 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

10:04:02.0750 12168 Fs_Rec - ok

10:04:02.0765 12168 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

10:04:02.0828 12168 Ftdisk - ok

10:04:02.0859 12168 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

10:04:02.0875 12168 GEARAspiWDM - ok

10:04:02.0875 12168 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

10:04:02.0937 12168 Gpc - ok

10:04:02.0953 12168 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

10:04:03.0015 12168 HDAudBus - ok

10:04:03.0078 12168 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

10:04:03.0140 12168 helpsvc - ok

10:04:03.0171 12168 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

10:04:03.0234 12168 HidServ - ok

10:04:03.0250 12168 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

10:04:03.0312 12168 hidusb - ok

10:04:03.0328 12168 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

10:04:03.0406 12168 hkmsvc - ok

10:04:03.0421 12168 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

10:04:03.0484 12168 hpn - ok

10:04:03.0515 12168 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

10:04:03.0546 12168 HTTP - ok

10:04:03.0562 12168 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

10:04:03.0640 12168 HTTPFilter - ok

10:04:03.0671 12168 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

10:04:03.0734 12168 i2omgmt - ok

10:04:03.0750 12168 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

10:04:03.0812 12168 i2omp - ok

10:04:03.0828 12168 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

10:04:03.0890 12168 i8042prt - ok

10:04:03.0968 12168 IAANTMON (52e8a3cc8269adb27d25182284c5e650) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

10:04:03.0984 12168 IAANTMON - ok

10:04:04.0046 12168 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\WINDOWS\system32\drivers\iaStor.sys

10:04:04.0046 12168 iaStor - ok

10:04:04.0140 12168 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

10:04:04.0171 12168 idsvc - ok

10:04:04.0187 12168 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

10:04:04.0250 12168 Imapi - ok

10:04:04.0281 12168 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

10:04:04.0343 12168 ImapiService - ok

10:04:04.0359 12168 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

10:04:04.0421 12168 ini910u - ok

10:04:04.0437 12168 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

10:04:04.0515 12168 IntelIde - ok

10:04:04.0531 12168 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

10:04:04.0593 12168 intelppm - ok

10:04:04.0609 12168 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

10:04:04.0671 12168 Ip6Fw - ok

10:04:04.0671 12168 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

10:04:04.0734 12168 IpFilterDriver - ok

10:04:04.0734 12168 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

10:04:04.0796 12168 IpInIp - ok

10:04:04.0812 12168 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

10:04:04.0875 12168 IpNat - ok

10:04:04.0953 12168 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe

10:04:04.0968 12168 iPod Service - ok

10:04:05.0000 12168 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

10:04:05.0062 12168 IPSec - ok

10:04:05.0062 12168 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

10:04:05.0093 12168 IRENUM - ok

10:04:05.0125 12168 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

10:04:05.0187 12168 isapnp - ok

10:04:05.0218 12168 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Program Files\Java\jre6\bin\jqs.exe

10:04:05.0218 12168 JavaQuickStarterService - ok

10:04:05.0234 12168 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

10:04:05.0296 12168 Kbdclass - ok

10:04:05.0312 12168 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

10:04:05.0375 12168 kbdhid - ok

10:04:05.0406 12168 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

10:04:05.0468 12168 kmixer - ok

10:04:05.0484 12168 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

10:04:05.0531 12168 KSecDD - ok

10:04:05.0562 12168 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

10:04:05.0578 12168 LanmanServer - ok

10:04:05.0609 12168 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

10:04:05.0625 12168 lanmanworkstation - ok

10:04:05.0625 12168 lbrtfdc - ok

10:04:05.0656 12168 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

10:04:05.0703 12168 LmHosts - ok

10:04:05.0734 12168 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

10:04:05.0796 12168 Messenger - ok

10:04:05.0812 12168 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

10:04:05.0875 12168 mnmdd - ok

10:04:05.0906 12168 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

10:04:05.0984 12168 mnmsrvc - ok

10:04:06.0000 12168 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

10:04:06.0062 12168 Modem - ok

10:04:06.0078 12168 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

10:04:06.0140 12168 Mouclass - ok

10:04:06.0140 12168 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

10:04:06.0218 12168 mouhid - ok

10:04:06.0234 12168 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

10:04:06.0296 12168 MountMgr - ok

10:04:06.0296 12168 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

10:04:06.0359 12168 mraid35x - ok

10:04:06.0375 12168 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

10:04:06.0437 12168 MRxDAV - ok

10:04:06.0484 12168 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

10:04:06.0500 12168 MRxSmb - ok

10:04:06.0531 12168 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

10:04:06.0578 12168 MSDTC - ok

10:04:06.0593 12168 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

10:04:06.0656 12168 Msfs - ok

10:04:06.0656 12168 MSIServer - ok

10:04:06.0671 12168 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

10:04:06.0734 12168 MSKSSRV - ok

10:04:06.0750 12168 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

10:04:06.0812 12168 MSPCLOCK - ok

10:04:06.0812 12168 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

10:04:06.0859 12168 MSPQM - ok

10:04:06.0875 12168 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

10:04:06.0937 12168 mssmbios - ok

10:04:06.0953 12168 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

10:04:06.0968 12168 Mup - ok

10:04:06.0984 12168 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

10:04:07.0046 12168 napagent - ok

10:04:07.0062 12168 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

10:04:07.0125 12168 NDIS - ok

10:04:07.0140 12168 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

10:04:07.0140 12168 NdisTapi - ok

10:04:07.0156 12168 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

10:04:07.0203 12168 Ndisuio - ok

10:04:07.0218 12168 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

10:04:07.0281 12168 NdisWan - ok

10:04:07.0296 12168 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

10:04:07.0296 12168 NDProxy - ok

10:04:07.0312 12168 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

10:04:07.0390 12168 NetBIOS - ok

10:04:07.0406 12168 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

10:04:07.0468 12168 NetBT - ok

10:04:07.0500 12168 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

10:04:07.0562 12168 NetDDE - ok

10:04:07.0562 12168 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

10:04:07.0625 12168 NetDDEdsdm - ok

10:04:07.0656 12168 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

10:04:07.0718 12168 Netlogon - ok

10:04:07.0718 12168 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

10:04:07.0781 12168 Netman - ok

10:04:07.0843 12168 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

10:04:07.0859 12168 NetTcpPortSharing - ok

10:04:07.0890 12168 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

10:04:07.0890 12168 Nla - ok

10:04:07.0921 12168 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

10:04:07.0984 12168 Npfs - ok

10:04:08.0046 12168 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

10:04:08.0125 12168 Ntfs - ok

10:04:08.0125 12168 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

10:04:08.0187 12168 NtLmSsp - ok

10:04:08.0203 12168 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

10:04:08.0265 12168 NtmsSvc - ok

10:04:08.0281 12168 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

10:04:08.0359 12168 Null - ok

10:04:08.0375 12168 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

10:04:08.0437 12168 NwlnkFlt - ok

10:04:08.0437 12168 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

10:04:08.0515 12168 NwlnkFwd - ok

10:04:08.0578 12168 P17 (576b19c67e792c2545336ccc4e080ea3) C:\WINDOWS\system32\drivers\P17.sys

10:04:08.0734 12168 P17 - ok

10:04:08.0781 12168 P17xfi (230780e5ace287e0a550a523d494b3d0) C:\WINDOWS\system32\drivers\P17xfi.sys

10:04:08.0812 12168 P17xfi - ok

10:04:08.0890 12168 p17xfilt (13229088b5fac03fdf1dd72f114618b6) C:\WINDOWS\system32\drivers\p17xfilt.sys

10:04:08.0921 12168 p17xfilt - ok

10:04:09.0015 12168 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

10:04:09.0125 12168 Parport - ok

10:04:09.0140 12168 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

10:04:09.0203 12168 PartMgr - ok

10:04:09.0218 12168 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

10:04:09.0281 12168 ParVdm - ok

10:04:09.0281 12168 PBADRV - ok

10:04:09.0281 12168 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

10:04:09.0375 12168 PCI - ok

10:04:09.0375 12168 PCIDump - ok

10:04:09.0375 12168 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

10:04:09.0437 12168 PCIIde - ok

10:04:09.0437 12168 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

10:04:09.0500 12168 Pcmcia - ok

10:04:09.0500 12168 PDCOMP - ok

10:04:09.0500 12168 PDFRAME - ok

10:04:09.0515 12168 PDRELI - ok

10:04:09.0515 12168 PDRFRAME - ok

10:04:09.0515 12168 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

10:04:09.0578 12168 perc2 - ok

10:04:09.0578 12168 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

10:04:09.0640 12168 perc2hib - ok

10:04:09.0671 12168 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

10:04:09.0687 12168 PlugPlay - ok

10:04:09.0687 12168 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

10:04:09.0750 12168 PolicyAgent - ok

10:04:09.0750 12168 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

10:04:09.0812 12168 PptpMiniport - ok

10:04:09.0812 12168 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

10:04:09.0875 12168 ProtectedStorage - ok

10:04:09.0906 12168 ProxyHostDriver (89204c087201667469b5c68a48e00eb6) C:\WINDOWS\system32\Drivers\PHW2KSYS.SYS

10:04:09.0906 12168 ProxyHostDriver - ok

10:04:09.0921 12168 ProxyHostMirrorDisplay (f4e493b2a920681f260627590343de1f) C:\WINDOWS\system32\Drivers\phmmini.sys

10:04:09.0921 12168 ProxyHostMirrorDisplay - ok

10:04:09.0984 12168 ProxyHostService (c6d13ca8220c4b07fb72b186a1a22f7e) C:\Program Files\Funk Software\Proxy Host\PH32SVC.EXE

10:04:09.0984 12168 ProxyHostService - ok

10:04:10.0000 12168 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

10:04:10.0062 12168 PSched - ok

10:04:10.0062 12168 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

10:04:10.0125 12168 Ptilink - ok

10:04:10.0140 12168 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

10:04:10.0203 12168 ql1080 - ok

10:04:10.0203 12168 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

10:04:10.0265 12168 Ql10wnt - ok

10:04:10.0265 12168 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

10:04:10.0328 12168 ql12160 - ok

10:04:10.0328 12168 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

10:04:10.0406 12168 ql1240 - ok

10:04:10.0406 12168 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

10:04:10.0468 12168 ql1280 - ok

10:04:10.0468 12168 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

10:04:10.0531 12168 RasAcd - ok

10:04:10.0546 12168 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

10:04:10.0609 12168 RasAuto - ok

10:04:10.0625 12168 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

10:04:10.0687 12168 Rasl2tp - ok

10:04:10.0703 12168 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

10:04:10.0765 12168 RasMan - ok

10:04:10.0765 12168 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

10:04:10.0828 12168 RasPppoe - ok

10:04:10.0828 12168 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

10:04:10.0890 12168 Raspti - ok

10:04:10.0890 12168 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

10:04:10.0953 12168 Rdbss - ok

10:04:10.0953 12168 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

10:04:11.0015 12168 RDPCDD - ok

10:04:11.0031 12168 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

10:04:11.0093 12168 rdpdr - ok

10:04:11.0125 12168 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

10:04:11.0156 12168 RDPWD - ok

10:04:11.0171 12168 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

10:04:11.0250 12168 RDSessMgr - ok

10:04:11.0281 12168 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

10:04:11.0343 12168 redbook - ok

10:04:11.0375 12168 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

10:04:11.0437 12168 RemoteAccess - ok

10:04:11.0468 12168 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

10:04:11.0531 12168 RemoteRegistry - ok

10:04:11.0562 12168 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

10:04:11.0609 12168 RpcLocator - ok

10:04:11.0656 12168 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

10:04:11.0656 12168 RpcSs - ok

10:04:11.0687 12168 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

10:04:11.0750 12168 RSVP - ok

10:04:11.0765 12168 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

10:04:11.0828 12168 SamSs - ok

10:04:11.0859 12168 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

10:04:11.0921 12168 SCardSvr - ok

10:04:11.0937 12168 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

10:04:12.0000 12168 Schedule - ok

10:04:12.0015 12168 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

10:04:12.0046 12168 Secdrv - ok

10:04:12.0062 12168 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

10:04:12.0125 12168 seclogon - ok

10:04:12.0140 12168 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

10:04:12.0203 12168 SENS - ok

10:04:12.0218 12168 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

10:04:12.0265 12168 Serenum - ok

10:04:12.0281 12168 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

10:04:12.0343 12168 Serial - ok

10:04:12.0375 12168 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys

10:04:12.0390 12168 SFAUDIO - ok

10:04:12.0390 12168 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

10:04:12.0453 12168 Sfloppy - ok

10:04:12.0484 12168 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

10:04:12.0546 12168 SharedAccess - ok

10:04:12.0562 12168 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

10:04:12.0578 12168 ShellHWDetection - ok

10:04:12.0578 12168 Simbad - ok

10:04:12.0593 12168 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

10:04:12.0656 12168 sisagp - ok

10:04:12.0671 12168 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

10:04:12.0734 12168 SONYPVU1 - ok

10:04:12.0750 12168 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

10:04:12.0781 12168 Sparrow - ok

10:04:12.0796 12168 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

10:04:12.0859 12168 splitter - ok

10:04:12.0890 12168 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

10:04:12.0890 12168 Spooler - ok

10:04:12.0906 12168 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

10:04:12.0921 12168 sr - ok

10:04:12.0953 12168 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

10:04:12.0984 12168 srservice - ok

10:04:13.0031 12168 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

10:04:13.0046 12168 Srv - ok

10:04:13.0078 12168 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

10:04:13.0109 12168 SSDPSRV - ok

10:04:13.0125 12168 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

10:04:13.0187 12168 stisvc - ok

10:04:13.0203 12168 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

10:04:13.0281 12168 swenum - ok

10:04:13.0296 12168 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

10:04:13.0359 12168 swmidi - ok

10:04:13.0359 12168 SwPrv - ok

10:04:13.0375 12168 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

10:04:13.0437 12168 symc810 - ok

10:04:13.0437 12168 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

10:04:13.0500 12168 symc8xx - ok

10:04:13.0500 12168 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

10:04:13.0562 12168 sym_hi - ok

10:04:13.0562 12168 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

10:04:13.0625 12168 sym_u3 - ok

10:04:13.0640 12168 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

10:04:13.0703 12168 sysaudio - ok

10:04:13.0734 12168 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

10:04:13.0796 12168 SysmonLog - ok

10:04:13.0812 12168 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

10:04:13.0875 12168 TapiSrv - ok

10:04:13.0875 12168 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

10:04:13.0906 12168 Tcpip - ok

10:04:13.0906 12168 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

10:04:13.0968 12168 TDPIPE - ok

10:04:13.0984 12168 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

10:04:14.0031 12168 TDTCP - ok

10:04:14.0046 12168 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

10:04:14.0109 12168 TermDD - ok

10:04:14.0125 12168 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

10:04:14.0203 12168 TermService - ok

10:04:14.0234 12168 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

10:04:14.0250 12168 Themes - ok

10:04:14.0265 12168 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

10:04:14.0296 12168 TlntSvr - ok

10:04:14.0296 12168 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

10:04:14.0359 12168 TosIde - ok

10:04:14.0375 12168 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

10:04:14.0421 12168 TrkWks - ok

10:04:14.0453 12168 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

10:04:14.0515 12168 Udfs - ok

10:04:14.0531 12168 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

10:04:14.0578 12168 ultra - ok

10:04:14.0593 12168 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

10:04:14.0656 12168 Update - ok

10:04:14.0671 12168 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

10:04:14.0718 12168 upnphost - ok

10:04:14.0718 12168 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

10:04:14.0781 12168 UPS - ok

10:04:14.0781 12168 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

10:04:14.0843 12168 usbccgp - ok

10:04:14.0875 12168 usbehci (4bac8df07f1d8434fc640e677a62204e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

10:04:14.0890 12168 usbehci - ok

10:04:14.0921 12168 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

10:04:14.0968 12168 usbhub - ok

10:04:15.0000 12168 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

10:04:15.0062 12168 USBSTOR - ok

10:04:15.0078 12168 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

10:04:15.0140 12168 usbuhci - ok

10:04:15.0140 12168 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

10:04:15.0203 12168 VgaSave - ok

10:04:15.0218 12168 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

10:04:15.0265 12168 viaagp - ok

10:04:15.0281 12168 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

10:04:15.0343 12168 ViaIde - ok

10:04:15.0359 12168 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

10:04:15.0406 12168 VolSnap - ok

10:04:15.0437 12168 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

10:04:15.0468 12168 VSS - ok

10:04:15.0500 12168 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

10:04:15.0562 12168 w32time - ok

10:04:15.0578 12168 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

10:04:15.0640 12168 Wanarp - ok

10:04:15.0640 12168 WDICA - ok

10:04:15.0671 12168 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

10:04:15.0734 12168 wdmaud - ok

10:04:15.0750 12168 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

10:04:15.0812 12168 WebClient - ok

10:04:15.0875 12168 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

10:04:15.0937 12168 winmgmt - ok

10:04:15.0984 12168 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll

10:04:16.0031 12168 WinRM - ok

10:04:16.0046 12168 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll

10:04:16.0109 12168 WmdmPmSN - ok

10:04:16.0156 12168 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

10:04:16.0171 12168 Wmi - ok

10:04:16.0218 12168 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

10:04:16.0281 12168 WmiAcpi - ok

10:04:16.0312 12168 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

10:04:16.0390 12168 WmiApSrv - ok

10:04:16.0484 12168 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

10:04:16.0500 12168 WPFFontCache_v0400 - ok

10:04:16.0546 12168 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

10:04:16.0609 12168 wscsvc - ok

10:04:16.0609 12168 WSearch - ok

10:04:16.0640 12168 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

10:04:16.0703 12168 wuauserv - ok

10:04:16.0718 12168 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

10:04:16.0796 12168 WZCSVC - ok

10:04:16.0812 12168 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

10:04:16.0875 12168 xmlprov - ok

10:04:16.0875 12168 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0

10:04:17.0078 12168 \Device\Harddisk0\DR0 - ok

10:04:17.0093 12168 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1

10:04:17.0156 12168 \Device\Harddisk1\DR1 - ok

10:04:17.0156 12168 Boot (0x1200) (48b984f8abb76aefdb3b0ef1946fcf55) \Device\Harddisk0\DR0\Partition0

10:04:17.0156 12168 \Device\Harddisk0\DR0\Partition0 - ok

10:04:17.0156 12168 Boot (0x1200) (2dd33be195be3b6402034b9530212cb2) \Device\Harddisk1\DR1\Partition0

10:04:17.0156 12168 \Device\Harddisk1\DR1\Partition0 - ok

10:04:17.0156 12168 ============================================================

10:04:17.0156 12168 Scan finished

10:04:17.0156 12168 ============================================================

10:04:17.0265 12148 Detected object count: 0

10:04:17.0265 12148 Actual detected object count: 0

10:05:10.0046 4204 Deinitialize success

Link to post
Share on other sites

That was clean...please do this >>>>>

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 12-08-05.02 - Jeff C 08/05/2012 10:43:01.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3581.2875 [GMT -5:00]

Running from: c:\documents and settings\Jeff C\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\4XK84Wle.exe

c:\documents and settings\Jeff C\WINDOWS

c:\windows\system32\OLD3D.tmp

c:\windows\system32\test

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

c:\windows\Tasks\At1.job

c:\windows\Tasks\At12.job

.

.

((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))

.

.

2012-07-23 16:40 . 2012-07-23 16:40 -------- d-----w- c:\program files\MediaFire

2012-07-13 20:25 . 2012-07-13 20:25 -------- d-----w- c:\documents and settings\Jeff C\Application Data\Malwarebytes

2012-07-13 20:24 . 2012-07-13 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-07-13 20:24 . 2012-07-13 20:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-13 20:24 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-03 17:38 . 2012-04-30 12:50 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-03 17:38 . 2012-03-18 13:45 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-05 21:08 . 2006-08-14 15:02 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-07-05 21:08 . 2006-08-14 15:02 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-03-16 14:26 . 2011-12-28 18:28 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\documents and settings\Jeff C\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-26 4327744]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-01-19 1044480]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-28 98304]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]

"ProxyHostTrayIcon"="c:\program files\Funk Software\Proxy Host\phtray.exe" [2004-02-17 230544]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]

"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]

"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-28 122880]

"P17Helper"="SPIRun.dll" [2006-07-03 10752]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-07-05 296096]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

CheckPOP.lnk - c:\program files\Nevis Systems\CheckPOP\checkpop.exe [2011-12-28 151040]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"d:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

"1058:TCP"= 1058:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 7:30 AM 31952]

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [10/6/2010 1:00 PM 24064]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 7:23 AM 235216]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 7:09 AM 193288]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [7/4/2012 5:25 PM 5160568]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/30/2012 7:50 AM 250056]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 17:38]

.

2012-08-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1972552254-1182627830-1134659672-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 17:00]

.

2012-08-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1972552254-1182627830-1134659672-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 17:00]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

TCP: Interfaces\{9C5A8602-80C1-4377-95F5-4B69097214DE}: NameServer = 65.43.19.26,206.141.192.60

FF - ProfilePath - c:\documents and settings\Jeff C\Application Data\Mozilla\Firefox\Profiles\w71w8tnp.default\

FF - prefs.js: browser.startup.homepage - www.google.com

.

.

------- File Associations -------

.

.scr=AutoCADLTScriptFile

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Explorer_Run-39971 - c:\docume~1\ALLUSE~1\LOCALS~1\Temp\msayaue.com

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-05 10:52

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(976)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

.

Completion time: 2012-08-05 10:53:00

ComboFix-quarantined-files.txt 2012-08-05 15:52

.

Pre-Run: 299,723,149,312 bytes free

Post-Run: 300,801,806,336 bytes free

.

- - End Of File - - 87B17E21AD8E93FA70270974E01D52DC

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.05.06

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Jeff C :: JEFF2 [administrator]

8/5/2012 11:31:19 AM

mbam-log-2012-08-05 (11-31-19).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 207938

Time elapsed: 1 minute(s), 34 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|39971 (Trojan.Agent) -> Data: C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msayaue.com -> Delete on reboot.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Rebooting computer now as directed

Link to post
Share on other sites

FYI, I am seeing lots of "red X's" on most every website I go to including this one. I think those are photos that are not being loaded.

FYI, the background ads I was dealing with seem to be gone now however, here is the latest Rogue scan

RogueKiller V7.6.5 [08/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Jeff C [Admin rights]

Mode: Scan -- Date: 08/05/2012 11:39:07

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{9C5A8602-80C1-4377-95F5-4B69097214DE} : NameServer (65.43.19.26,206.141.192.60) -> FOUND

[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{9C5A8602-80C1-4377-95F5-4B69097214DE} : NameServer (65.43.19.26,206.141.192.60) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3320418AS +++++

--- User ---

[MBR] d192f7de5bc26586e4692615a8c24809

[bSP] 57ebeff2313f991a6fe753b171cc7198 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 305203 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: ST3320418AS +++++

--- User ---

[MBR] cc5757a00ca0f3ed30e2c0c31b17b303

[bSP] d41a18f1611c91a26d186101c9518af9 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 16065 | Size: 305235 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

No, don't delete anything unless I instruct you, those items in RogueKiller are GOOD!!

--------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassoci...T-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    c:\documents and settings\All Users\Local Settings\temp\msayaue.com
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
    "39971"=-
    :Commands
    [EMPTYJAVA]
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

still have the "red x's"

All processes killed

========== FILES ==========

File\Folder c:\documents and settings\All Users\Local Settings\temp\msayaue.com not found.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\39971 not found.

========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Jeff C

->Java cache emptied: 160437 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

->Temp folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32768 bytes

->Flash cache emptied: 56478 bytes

User: Jeff C

->Temp folder emptied: 899008 bytes

->Temporary Internet Files folder emptied: 20669200 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 1087279829 bytes

->Flash cache emptied: 506 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 483 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 5319 bytes

Total Files Cleaned = 1,058.00 mb

OTL by OldTimer - Version 3.2.56.0 log created on 08052012_121028

Link to post
Share on other sites

updated, scanned

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.05.07

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Jeff C :: JEFF2 [administrator]

8/5/2012 12:28:34 PM

mbam-log-2012-08-05 (12-28-34).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 208154

Time elapsed: 3 minute(s), 15 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Great thumbsup.gif

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.