Jump to content

I removed Windows Antivirus Release, please review my DDS log to verify I'm clean


Recommended Posts

I removed Windows Antivirus Release, please review my DDS log to verify I'm clean. Thank you for your time. dds and attach below:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Char at 13:40:28 on 2012-08-09

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1487 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe

C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

svchost.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe

C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe

C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\TeamViewer\Version7\TeamViewer.exe

C:\Program Files\TeamViewer\Version7\tv_w32.exe

C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe

c:\program files\teamviewer\version7\TeamViewer_Desktop.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.foxnews.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [Google Update] "c:\documents and settings\char\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [Conime] %windir%\system32\conime.exe

mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized

dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"

StartupFolder: c:\docume~1\char\startm~1\programs\startup\memeoa~1.lnk - c:\documents and settings\char\application data\microsoft\installer\{39a908fd-7322-41ae-b374-c7a076b2fc97}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341965725196

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342018473515

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{FDE19266-FE4E-47B7-BB64-10ED2D9CFBF4} : DhcpNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2012-6-18 394712]

R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\kodak\aio\statusmonitor\EKPrinterSDK.exe [2012-6-19 777728]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2011-8-24 430136]

R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-7-16 2673064]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-10 250056]

S3 hitmanpro36;HitmanPro 3.6 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-8-9 27424]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-8-8 32072]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

.

=============== Created Last 30 ================

.

2012-08-09 20:26:35 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys

2012-08-09 20:19:33 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys

2012-08-09 20:19:33 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys

2012-08-09 20:19:27 14208 -c--a-w- c:\windows\system32\dllcache\battc.sys

2012-08-09 20:19:27 14208 ----a-w- c:\windows\system32\drivers\battc.sys

2012-08-09 20:19:17 20352 -c--a-w- c:\windows\system32\dllcache\hidbatt.sys

2012-08-09 20:19:17 20352 ----a-w- c:\windows\system32\drivers\hidbatt.sys

2012-08-09 18:29:59 12872 ----a-w- c:\windows\system32\bootdelete.exe

2012-08-09 18:24:43 -------- d-----w- c:\program files\HitmanPro

2012-08-09 18:24:39 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro

2012-08-09 17:33:27 -------- d-----w- c:\windows\pss

2012-08-09 17:25:37 -------- d-----w- C:\temp

2012-08-09 17:11:09 -------- d-----w- C:\AV scan logs

2012-08-09 17:11:06 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c9413591-7960-4a3c-84c8-27b968b90545}\mpengine.dll

2012-08-09 16:12:53 -------- d-----w- c:\documents and settings\char\application data\Malwarebytes

2012-08-09 03:58:44 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-08-08 13:20:51 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-08-01 15:05:44 -------- d-----w- c:\documents and settings\char\local settings\application data\Ilivid Player

2012-08-01 15:03:02 -------- d-----w- c:\program files\Conduit

2012-08-01 15:02:58 -------- d-----w- c:\documents and settings\char\local settings\application data\Conduit

2012-07-30 17:58:06 -------- d-----w- c:\documents and settings\all users\application data\Garmin

2012-07-30 17:49:15 -------- d-----w- c:\documents and settings\char\application data\Garmin

2012-07-30 17:48:18 -------- d-----w- c:\program files\Garmin

2012-07-23 21:41:15 -------- d-----w- c:\program files\Microsoft Synchronization Services

2012-07-23 21:40:36 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2012-07-23 21:38:34 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2012-07-23 15:08:30 -------- d-----w- c:\documents and settings\all users\Kodak

2012-07-20 01:44:01 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys

2012-07-20 01:44:00 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll

2012-07-20 01:44:00 465920 ------w- c:\windows\system32\imapi2fs.dll

2012-07-20 01:43:59 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll

2012-07-20 01:43:59 317952 ------w- c:\windows\system32\imapi2.dll

2012-07-20 00:35:47 -------- d-----w- c:\program files\MSXML 4.0

2012-07-20 00:35:32 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll

2012-07-20 00:35:01 -------- d-----w- c:\windows\Logs

2012-07-20 00:33:06 -------- d-----w- c:\program files\Sony

2012-07-20 00:33:05 -------- d-----w- c:\documents and settings\all users\application data\Sony Corporation

2012-07-19 20:11:59 -------- d-----w- c:\documents and settings\char\local settings\application data\Temp

2012-07-19 20:11:59 -------- d-----w- c:\documents and settings\char\local settings\application data\Adobe

2012-07-19 15:09:19 -------- d-----w- c:\program files\NetViewer

2012-07-15 15:00:54 -------- d-----w- c:\documents and settings\char\application data\Windows Search

2012-07-15 01:58:31 -------- d-----w- c:\documents and settings\char\local settings\application data\Identities

2012-07-15 01:58:27 -------- d-----w- c:\documents and settings\char\application data\Windows Desktop Search

2012-07-15 01:54:36 73728 ----a-r- c:\documents and settings\char\application data\microsoft\installer\{39a908fd-7322-41ae-b374-c7a076b2fc97}\NewShortcut6_6EA2867D4E8340A5A3471FF71A363544.exe

2012-07-15 01:54:36 73728 ----a-r- c:\documents and settings\char\application data\microsoft\installer\{39a908fd-7322-41ae-b374-c7a076b2fc97}\NewShortcut5_6EA2867D4E8340A5A3471FF71A363544.exe

2012-07-15 01:54:36 73728 ----a-r- c:\documents and settings\char\application data\microsoft\installer\{39a908fd-7322-41ae-b374-c7a076b2fc97}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe

2012-07-15 01:54:32 -------- d-----w- c:\program files\common files\eSellerate

2012-07-15 01:54:24 -------- d-----w- c:\program files\Memeo

2012-07-15 01:54:18 -------- d-s---w- c:\documents and settings\char\local settings\application data\Memeo

2012-07-15 01:54:18 -------- d-s---w- c:\documents and settings\all users\application data\Memeo

2012-07-15 01:54:08 -------- d-----w- c:\documents and settings\char\local settings\application data\{9E5C7B4F-5A46-458E-9BAE-0001A6640C4A}

2012-07-15 01:52:33 -------- d-----w- c:\program files\Windows Desktop Search

2012-07-15 01:52:30 -------- d-----w- c:\windows\system32\GroupPolicy

2012-07-15 01:50:55 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll

2012-07-15 01:50:55 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll

2012-07-15 01:50:54 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll

2012-07-15 01:44:37 40960 ----a-r- c:\documents and settings\char\application data\microsoft\installer\{0ab76f69-e761-4cfa-b9b0-a1906b4e9e4b}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe

2012-07-15 01:44:36 -------- d-----w- c:\program files\Western Digital Technologies

2012-07-15 00:43:59 -------- d-----w- c:\documents and settings\char\application data\Scooter Software

2012-07-15 00:43:45 -------- d-----w- c:\program files\Beyond Compare 3

2012-07-12 17:54:08 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-07-11 15:32:39 -------- d-----w- c:\documents and settings\all users\Microsoft

2012-07-11 15:30:02 -------- d-----w- c:\program files\Microsoft Analysis Services

2012-07-11 15:29:50 -------- d-----w- c:\windows\SHELLNEW

2012-07-11 15:29:22 -------- d-----w- c:\documents and settings\char\local settings\application data\Microsoft Help

2012-07-11 15:12:53 -------- d-----w- c:\windows\system32\XPSViewer

2012-07-11 15:12:22 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

2012-07-11 15:11:04 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2012-07-11 15:11:04 117760 ------w- c:\windows\system32\prntvpt.dll

2012-07-11 15:11:03 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2012-07-11 15:11:03 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2012-07-11 15:11:02 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2012-07-11 15:11:02 575488 ------w- c:\windows\system32\xpsshhdr.dll

2012-07-11 15:11:01 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2012-07-11 15:11:01 1676288 ------w- c:\windows\system32\xpssvcs.dll

2012-07-11 14:34:10 -------- d-----w- c:\documents and settings\char\local settings\application data\MicrosoftStore

2012-07-11 14:31:34 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2012-07-11 14:31:34 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2012-07-11 09:43:19 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2012-07-11 06:53:45 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-07-11 06:53:45 222448 ----a-w- c:\windows\system32\muweb.dll

2012-07-11 06:53:45 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-07-11 05:33:11 -------- d-----w- c:\windows\ie8updates

2012-07-11 05:22:31 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2012-07-11 05:22:26 629760 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2012-07-11 05:22:26 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2012-07-11 05:22:25 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2012-07-11 05:22:25 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2012-07-11 05:22:24 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-07-11 05:22:24 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll

2012-07-11 05:22:23 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2012-07-11 05:19:48 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-07-11 05:19:48 3072 ------w- c:\windows\system32\iacenc.dll

2012-07-11 05:15:57 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2012-07-11 05:15:47 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2012-07-11 05:15:21 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2012-07-11 05:13:09 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2012-07-11 05:12:56 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2012-07-11 05:12:51 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll

2012-07-11 05:12:37 978944 -c--a-w- c:\windows\system32\dllcache\mfc42.dll

2012-07-11 05:12:37 978944 ----a-w- c:\windows\system32\mfc42.dll

2012-07-11 05:12:37 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2012-07-11 05:12:10 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2012-07-11 05:11:33 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2012-07-11 05:11:09 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2012-07-11 05:09:08 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2012-07-11 05:09:08 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2012-07-11 05:07:23 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2012-07-11 05:05:08 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2012-07-11 05:05:08 284160 -c----w- c:\windows\system32\dllcache\pdh.dll

2012-07-11 05:05:07 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2012-07-11 05:05:07 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2012-07-11 05:05:07 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2012-07-11 05:05:07 110592 -c----w- c:\windows\system32\dllcache\services.exe

2012-07-11 05:05:06 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll

2012-07-11 05:05:06 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll

2012-07-11 05:05:06 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll

2012-07-11 05:05:05 2192640 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2012-07-11 05:05:05 2148352 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2012-07-11 05:05:04 2026496 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2012-07-11 05:04:43 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2012-07-11 05:04:42 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe

2012-07-11 05:04:26 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2012-07-11 05:04:18 331776 -c----w- c:\windows\system32\dllcache\msadce.dll

2012-07-11 05:03:29 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2012-07-11 05:03:24 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2012-07-11 05:02:46 -------- d-----w- c:\windows\system32\PreInstall

2012-07-11 05:00:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-07-11 05:00:23 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-07-11 05:00:23 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-07-11 05:00:22 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-07-11 05:00:22 -------- d-----w- c:\windows\system32\SoftwareDistribution

2012-07-11 04:49:59 650752 ------w- c:\windows\system32\dot3ui.dll

2012-07-11 04:41:16 -------- d-----w- c:\windows\ServicePackFiles

2012-07-11 04:32:15 19569 ----a-w- c:\windows\003303_.tmp

2012-07-11 03:35:03 53248 ----a-w- c:\windows\system32\CSVer.dll

2012-07-11 03:32:41 -------- d-----w- c:\documents and settings\char\local settings\application data\Eastman_Kodak_Company

2012-07-11 03:31:47 -------- d-----w- C:\Intel

2012-07-11 03:29:38 -------- d-----w- c:\documents and settings\char\local settings\application data\Eastman Kodak Company

2012-07-11 03:28:33 -------- d-----w- c:\windows\system32\kodak

2012-07-11 03:27:03 425984 ----a-w- c:\windows\system32\EKIJ5000MON.dll

2012-07-11 03:27:03 196608 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll

2012-07-11 03:27:03 131072 ----a-w- c:\windows\system32\EKIJCOINST12.dll

2012-07-11 03:26:02 -------- d-----w- c:\program files\Kodak

2012-07-11 03:25:49 -------- d-----w- c:\program files\MSXML 6.0

2012-07-11 03:19:07 -------- d-----w- c:\documents and settings\char\application data\Temp

2012-07-11 03:19:06 -------- d-----w- c:\documents and settings\all users\application data\Kodak

2012-07-11 03:08:05 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys

2012-07-11 03:08:05 16128 ----a-w- c:\windows\system32\drivers\MODEMCSA.sys

2012-07-11 03:07:56 -------- d-----w- c:\program files\CONEXANT

2012-07-11 03:07:51 90112 ----a-w- c:\windows\system32\mdmxsdk.dll

2012-07-11 03:07:51 680704 ----a-w- c:\windows\system32\drivers\HSF_CNXT.sys

2012-07-11 03:07:51 32218 ----a-w- c:\windows\system32\HSFCI008.dll

2012-07-11 03:07:51 212224 ----a-w- c:\windows\system32\drivers\HSFHWBS2.sys

2012-07-11 03:07:51 11043 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys

2012-07-11 03:07:51 1042432 ----a-w- c:\windows\system32\drivers\HSF_DP.sys

2012-07-11 03:07:14 6272 ----a-w- c:\windows\system32\drivers\splitter.sys

2012-07-11 03:07:11 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys

2012-07-11 03:07:10 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys

2012-07-11 03:07:01 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys

2012-07-11 03:05:56 172032 ----a-w- c:\windows\system32\stacapi.dll

2012-07-11 03:05:56 1047816 ----a-w- c:\windows\system32\drivers\sthda.sys

2012-07-11 03:05:55 -------- d-----w- c:\program files\SigmaTel

2012-07-11 03:05:51 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll

2012-07-11 03:05:51 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iuser.dll

2012-07-11 03:05:50 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iKernel.dll

2012-07-11 03:05:50 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\ctor.dll

2012-07-11 03:05:50 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\DotNetInstaller.exe

2012-07-11 03:05:50 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iscript.dll

2012-07-11 03:05:49 303104 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\setup.dll

2012-07-11 03:05:49 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iGdi.dll

2012-07-11 02:48:52 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2012-07-11 02:48:46 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe

2012-07-11 02:48:42 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe

2012-07-11 02:48:25 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe

2012-07-11 02:48:22 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys

2012-07-11 02:48:20 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys

2012-07-11 02:48:15 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys

2012-07-11 02:46:56 16925 -c--a-w- c:\windows\system32\dllcache\w940nd.sys

2012-07-11 02:46:53 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys

2012-07-11 02:46:50 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys

2012-07-11 02:46:44 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys

2012-07-11 02:46:39 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys

2012-07-11 02:46:34 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys

2012-07-11 02:46:31 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys

2012-07-11 02:46:27 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys

2012-07-11 02:46:18 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys

2012-07-11 02:46:14 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys

2012-07-11 02:46:10 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys

2012-07-11 02:46:07 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys

2012-07-11 02:46:03 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys

2012-07-11 02:44:55 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys

2012-07-11 02:44:43 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys

2012-07-11 02:44:40 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll

2012-07-11 02:44:36 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys

2012-07-11 02:44:33 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll

2012-07-11 02:44:29 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys

2012-07-11 02:44:26 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll

2012-07-11 02:44:22 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys

2012-07-11 02:44:19 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll

2012-07-11 02:44:15 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll

2012-07-11 02:44:06 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys

2012-07-11 02:44:03 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys

2012-07-11 02:42:59 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll

2012-07-11 02:41:57 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll

2012-07-11 02:40:57 28672 -c--a-w- c:\windows\system32\dllcache\sma0w.dll

2012-07-11 02:39:58 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys

2012-07-11 02:38:57 198400 -c--a-w- c:\windows\system32\dllcache\s3sav4.dll

2012-07-11 02:37:57 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys

2012-07-11 02:36:57 128286 -c--a-w- c:\windows\system32\dllcache\ptserli.sys

2012-07-11 02:36:53 5632 -c--a-w- c:\windows\system32\dllcache\ptpusb.dll

2012-07-11 02:36:49 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll

2012-07-11 02:36:46 16128 -c--a-w- c:\windows\system32\dllcache\pscr.sys

2012-07-11 02:36:38 17792 -c--a-w- c:\windows\system32\dllcache\ppa.sys

2012-07-11 02:36:32 7168 -c--a-w- c:\windows\system32\dllcache\pnrmc.sys

2012-07-11 02:36:23 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll

2012-07-11 02:36:19 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys

2012-07-11 02:36:16 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys

2012-07-11 02:36:13 173696 -c--a-w- c:\windows\system32\dllcache\philcam2.sys

2012-07-11 02:36:11 75776 -c--a-w- c:\windows\system32\dllcache\philcam1.sys

2012-07-11 02:36:08 16384 -c--a-w- c:\windows\system32\dllcache\philcam1.dll

2012-07-11 02:34:58 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys

2012-07-11 02:33:52 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys

2012-07-11 02:32:59 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys

2012-07-11 02:32:58 452736 -c--a-w- c:\windows\system32\dllcache\mtxparhm.sys

2012-07-11 02:32:56 1309184 -c--a-w- c:\windows\system32\dllcache\mtlstrm.sys

2012-07-11 02:32:55 126686 -c--a-w- c:\windows\system32\dllcache\mtlmnt5.sys

2012-07-11 02:32:43 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys

2012-07-11 02:32:31 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys

2012-07-11 02:32:16 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys

2012-07-11 02:32:13 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys

2012-07-11 02:32:03 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys

2012-07-11 02:31:34 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys

2012-07-11 02:31:28 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys

2012-07-11 02:31:26 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll

2012-07-11 02:31:21 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll

2012-07-11 02:31:18 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys

2012-07-11 02:31:12 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys

2012-07-11 02:31:05 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys

2012-07-11 02:31:01 48768 -c--a-w- c:\windows\system32\dllcache\maestro.sys

2012-07-11 02:29:47 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll

2012-07-11 02:29:44 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll

2012-07-11 02:29:29 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll

2012-07-11 02:29:27 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll

2012-07-11 02:29:25 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll

2012-07-11 02:29:19 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys

2012-07-11 02:29:17 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys

2012-07-11 02:29:14 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys

2012-07-11 02:29:06 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys

2012-07-11 02:29:03 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll

2012-07-11 02:29:01 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys

2012-07-11 02:27:59 100936 -c--a-w- c:\windows\system32\dllcache\ibmtok.sys

2012-07-11 02:26:57 289887 -c--a-w- c:\windows\system32\dllcache\hsf_fall.sys

2012-07-11 02:25:56 907456 -c--a-w- c:\windows\system32\dllcache\hcf_msft.sys

2012-07-11 02:24:58 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys

2012-07-11 02:23:59 114944 -c--a-w- c:\windows\system32\dllcache\epstw2k.sys

2012-07-11 02:22:59 28062 -c--a-w- c:\windows\system32\dllcache\dp83820.sys

2012-07-11 02:21:57 14720 -c--a-w- c:\windows\system32\dllcache\dac960nt.sys

2012-07-11 02:20:53 49182 -c--a-w- c:\windows\system32\dllcache\cem56n5.sys

2012-07-11 02:19:58 41472 -c--a-w- c:\windows\system32\dllcache\brmfusb.dll

2012-07-11 02:18:57 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys

2012-07-11 02:17:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll

2012-07-11 02:07:17 -------- d-sh--w- c:\documents and settings\char\IECompatCache

2012-07-11 02:06:15 -------- d-sh--w- c:\documents and settings\char\PrivacIE

2012-07-11 02:05:30 -------- d-sh--w- c:\documents and settings\char\IETldCache

2012-07-11 01:58:37 -------- dc-h--w- c:\windows\ie8

2012-07-11 01:13:55 -------- d-----w- c:\program files\Microsoft Security Client

2012-07-11 01:13:19 -------- d--h--w- c:\windows\$hf_mig$

2012-07-11 01:12:22 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-11 01:12:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-11 01:12:22 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-07-11 01:09:39 -------- d-----w- c:\program files\VideoLAN

2012-07-11 01:09:08 -------- d-----w- c:\windows\system32\Adobe

2012-07-11 01:08:54 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-07-11 01:08:54 476936 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-07-11 01:08:54 472840 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-11 01:08:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-11 01:08:11 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-11 01:07:50 -------- d-----w- c:\documents and settings\char\local settings\application data\Google

2012-07-11 01:02:52 876544 ----a-w- c:\windows\system32\TEACico2.dll

2012-07-11 00:13:02 -------- d-sh--w- c:\documents and settings\char\UserData

2012-07-11 00:11:08 -------- d-----w- c:\documents and settings\char\temp

2012-07-11 00:11:07 -------- d-----w- c:\documents and settings\char\application data\TeamViewer

2012-07-11 00:11:03 -------- d-----w- c:\program files\TeamViewer

2012-07-11 00:08:01 36864 ----a-w- c:\windows\system32\e100bmsg.dll

2012-07-11 00:08:01 19456 ----a-w- c:\windows\system32\IntelNic.dll

2012-07-11 00:08:01 155648 -c--a-w- c:\windows\system32\dllcache\e100b325.sys

2012-07-11 00:08:01 155648 ----a-w- c:\windows\system32\drivers\e100b325.sys

2012-07-11 00:08:01 126976 ----a-w- c:\windows\system32\Prounstl.exe

2012-07-11 00:08:01 -------- d-----w- C:\drvrtmp

2012-07-11 00:01:46 -------- d-----w- c:\windows\system32\vmm32

2012-07-11 00:01:44 -------- d-----w- c:\program files\Dell

.

==================== Find3M ====================

.

2012-06-25 23:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll

2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-11 18:42:54 323624 ----a-w- c:\windows\system32\wiaaut.dll

2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll

.

============= FINISH: 13:41:55.59 ===============

.

.

.

.

.

.

.

.

.attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 7/10/2012 4:32:36 PM

System Uptime: 8/9/2012 1:33:29 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0HJ054

Processor: Intel® Pentium® 4 CPU 3.20GHz | Microprocessor | 3192/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 144 GiB total, 79.25 GiB free.

D: is Removable

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is CDROM ()

J: is FIXED (FAT32) - 596 GiB total, 450.151 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP85: 8/9/2012 12:15:04 PM - System Checkpoint

RP86: 8/9/2012 12:16:05 PM - Cleaned

.

==== Installed Programs ======================

.

32 bit Windows Card Reader Driver

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

Adobe Shockwave Player 11.6

aioprnt

aioscnnr

ATI - Software Uninstall Utility

ATI Control Panel

ATI Display Driver

Beyond Compare Version 3.3.4

C4USelfUpdater

center

Conexant D850 56K V.9x DFVc Modem

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell Resource CD

ESPNMotion

essentials

Garmin Lifetime Updater

GemMaster Mystic

Google Chrome

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB932716-v2)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Intel® PRO Network Connections Drivers

Java Auto Updater

Java 6 Update 33

Kodak AIO Printer

KODAK AiO Software

Malwarebytes Anti-Malware version 1.62.0.1300

Memeo AutoBackup

Microsoft .NET Framework 1.0 Hotfix (KB2604042)

Microsoft .NET Framework 1.0 Hotfix (KB2656378)

Microsoft .NET Framework 1.0 Hotfix (KB979904)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Security Client

Microsoft Security Essentials

Microsoft Software Update for Web Folders (English) 14

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 6.0 Parser

NetViewer 1.2.7.239

ocr

Otto

PMB

PreReq

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982665)

SigmaTel Audio

Sonic Encoders

swMSM

TeamViewer 7

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Windows XP (KB2345886)

Update for Windows XP (KB2718704)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB973815)

Update Rollup 2 for Windows XP Media Center Edition 2005

VLC media player 2.0.2

WD Diagnostics

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format Runtime

Windows Search 4.0

Windows XP Media Center Edition 2005 KB2502898

Windows XP Media Center Edition 2005 KB2619340

Windows XP Media Center Edition 2005 KB2628259

Windows XP Media Center Edition 2005 KB973768

Windows XP Service Pack 3

.

==== Event Viewer Messages From Past Week ========

.

8/9/2012 9:58:33 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

8/9/2012 9:18:08 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

8/9/2012 9:08:26 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter

8/9/2012 9:07:45 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/9/2012 9:00:23 AM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.10.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Char :: CHARLENE-8AB23C [administrator]

8/9/2012 6:51:59 PM

mbam-log-2012-08-09 (18-51-59).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 184039

Time elapsed: 7 minute(s), 18 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

.

.

.

.

.

.

and the combo fix....

ComboFix 12-08-09.01 - Char 08/09/2012 19:40:03.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1524 [GMT -7:00]

Running from: c:\temp\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Char\Application Data\result.db

c:\documents and settings\Default User\Application Data\DPInst.exe

c:\documents and settings\Default User\Application Data\gacutil.exe

c:\documents and settings\Default User\Application Data\PnPutil.exe

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))

.

.

2012-08-09 22:34 . 2012-08-09 22:34 -------- d-----w- c:\documents and settings\Char\Local Settings\Application Data\PowerPanel Personal Edition

2012-08-09 22:34 . 2012-08-10 02:33 -------- d-----w- c:\program files\CyberPower PowerPanel Personal Edition

2012-08-09 21:04 . 2012-08-09 21:04 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C9413591-7960-4A3C-84C8-27B968B90545}\offreg.dll

2012-08-09 20:41 . 2012-08-09 20:41 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C9413591-7960-4A3C-84C8-27B968B90545}\MpKslf1432dfe.sys

2012-08-09 20:19 . 2008-04-14 07:06 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys

2012-08-09 20:19 . 2008-04-14 07:06 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys

2012-08-09 20:19 . 2008-04-14 07:06 14208 -c--a-w- c:\windows\system32\dllcache\battc.sys

2012-08-09 20:19 . 2008-04-14 07:06 14208 ----a-w- c:\windows\system32\drivers\battc.sys

2012-08-09 20:19 . 2008-04-14 07:06 20352 -c--a-w- c:\windows\system32\dllcache\hidbatt.sys

2012-08-09 20:19 . 2008-04-14 07:06 20352 ----a-w- c:\windows\system32\drivers\hidbatt.sys

2012-08-09 18:29 . 2012-08-09 18:29 12872 ----a-w- c:\windows\system32\bootdelete.exe

2012-08-09 18:24 . 2012-08-09 18:24 -------- d-----w- c:\program files\HitmanPro

2012-08-09 18:24 . 2012-08-09 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro

2012-08-09 17:25 . 2012-08-10 02:04 -------- d-----w- C:\temp

2012-08-09 17:11 . 2012-08-09 21:18 -------- d-----w- C:\AV scan logs

2012-08-09 17:11 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C9413591-7960-4A3C-84C8-27B968B90545}\mpengine.dll

2012-08-09 16:12 . 2012-08-09 16:12 -------- d-----w- c:\documents and settings\Char\Application Data\Malwarebytes

2012-08-09 03:58 . 2012-08-09 04:00 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-08-08 13:20 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-02 19:56 . 2012-08-02 19:56 -------- d-----w- c:\windows\Sun

2012-08-01 15:05 . 2012-08-01 15:05 -------- d-----w- c:\documents and settings\Char\Local Settings\Application Data\Ilivid Player

2012-08-01 15:03 . 2012-08-01 15:03 -------- d-----w- c:\program files\Conduit

2012-08-01 15:02 . 2012-08-09 17:18 -------- d-----w- c:\documents and settings\Char\Local Settings\Application Data\Conduit

2012-07-30 17:58 . 2012-07-30 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Garmin

2012-07-30 17:49 . 2012-07-30 17:49 -------- d-----w- c:\documents and settings\Char\Application Data\Garmin

2012-07-30 17:48 . 2012-07-30 17:48 -------- d-----w- c:\program files\Garmin

2012-07-24 10:04 . 2012-07-24 10:04 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help

2012-07-24 03:18 . 2012-08-09 22:21 -------- d-----w- c:\documents and settings\Char\Application Data\vlc

2012-07-23 21:41 . 2012-07-23 21:41 -------- d-----w- c:\program files\Microsoft Synchronization Services

2012-07-23 21:40 . 2012-07-23 21:40 -------- d-----w- c:\program files\Microsoft Sync Framework

2012-07-23 21:40 . 2012-07-23 21:40 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2012-07-23 21:38 . 2012-07-23 21:38 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2012-07-23 15:12 . 2012-07-23 15:12 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Eastman_Kodak_Company

2012-07-23 15:08 . 2012-07-23 15:08 -------- d-----w- c:\documents and settings\All Users\Kodak

2012-07-23 15:05 . 2012-07-23 15:05 -------- d-----w- c:\documents and settings\Default User\Application Data\KODAK AiO Home Center1618960531

2012-07-23 15:05 . 2012-07-23 15:05 -------- d-----w- c:\documents and settings\Default User\Application Data\Temp

2012-07-23 15:04 . 2012-07-23 15:04 -------- d-----w- c:\documents and settings\LocalService\Application Data\KODAK AiO Home Center1750761374

2012-07-22 04:12 . 2012-07-22 04:12 -------- d-----w- c:\documents and settings\LocalService\Application Data\KODAK AiO Home Center1990432752

2012-07-21 04:08 . 2012-07-21 04:08 -------- d-----w- c:\documents and settings\LocalService\Application Data\KODAK AiO Home Center333321269

2012-07-20 01:44 . 2008-05-02 10:49 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys

2012-07-20 01:44 . 2008-05-02 13:25 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll

2012-07-20 01:44 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll

2012-07-20 01:43 . 2008-05-02 13:25 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll

2012-07-20 01:43 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll

2012-07-20 00:36 . 2012-07-20 00:36 -------- d-----w- c:\documents and settings\Char\Application Data\Sony Corporation

2012-07-20 00:35 . 2012-07-20 00:35 -------- d-----w- c:\program files\MSXML 4.0

2012-07-20 00:35 . 2007-07-20 01:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll

2012-07-20 00:35 . 2012-07-20 00:35 -------- d-----w- c:\windows\Logs

2012-07-20 00:33 . 2012-07-20 00:33 -------- d-----w- c:\program files\Sony

2012-07-20 00:33 . 2012-07-20 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation

2012-07-19 20:11 . 2012-08-01 15:02 -------- d-----w- c:\documents and settings\Char\Local Settings\Application Data\Temp

2012-07-19 20:11 . 2012-07-19 20:11 -------- d-----w- c:\documents and settings\Char\Local Settings\Application Data\Adobe

2012-07-19 15:09 . 2012-07-19 15:09 -------- d-----w- c:\program files\NetViewer

2012-07-15 15:00 . 2012-07-15 15:00 -------- d-----w- c:\documents and settings\Char\Application Data\Windows Search

2012-07-15 01:58 . 2012-07-15 01:58 -------- d-----w- c:\documents and settings\Char\Local Settings\Application Data\Identities

2012-07-15 01:58 . 2012-07-15 01:58 -------- d-----w- c:\documents and settings\Char\Application Data\Windows Desktop Search

2012-07-15 01:54 . 2012-07-15 01:54 73728 ----a-r- c:\documents and settings\Char\Application Data\Microsoft\Installer\{39A908FD-7322-41AE-B374-C7A076B2FC97}\NewShortcut6_6EA2867D4E8340A5A3471FF71A363544.exe

2012-07-15 01:54 . 2012-07-15 01:54 73728 ----a-r- c:\documents and settings\Char\Application Data\Microsoft\Installer\{39A908FD-7322-41AE-B374-C7A076B2FC97}\NewShortcut5_6EA2867D4E8340A5A3471FF71A363544.exe

2012-07-15 01:54 . 2012-07-15 01:54 73728 ----a-r- c:\documents and settings\Char\Application Data\Microsoft\Installer\{39A908FD-7322-41AE-B374-C7A076B2FC97}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe

2012-07-15 01:54 . 2012-07-15 01:54 -------- d-----w- c:\program files\Common Files\eSellerate

2012-07-15 01:54 . 2012-07-15 01:54 -------- d-----w- c:\program files\Memeo

2012-07-15 01:54 . 2012-07-15 01:54 -------- d-s---w- c:\documents and settings\Char\Local Settings\Application Data\Memeo

2012-07-15 01:54 . 2012-07-15 01:54 -------- d-s---w- c:\documents and settings\All Users\Application Data\Memeo

2012-07-15 01:54 . 2012-07-15 01:54 -------- d-----w- c:\documents and settings\Char\Local Settings\Application Data\{9E5C7B4F-5A46-458E-9BAE-0001A6640C4A}

2012-07-15 01:53 . 2012-07-15 01:53 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2012-07-15 01:52 . 2012-07-16 10:16 -------- d-----w- c:\program files\Windows Desktop Search

2012-07-15 01:52 . 2012-07-15 01:52 -------- d-----w- c:\windows\system32\GroupPolicy

2012-07-15 01:50 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll

2012-07-15 01:50 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll

2012-07-15 01:50 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll

2012-07-15 01:44 . 2012-07-15 01:44 40960 ----a-r- c:\documents and settings\Char\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe

2012-07-15 01:44 . 2012-07-15 01:44 -------- d-----w- c:\program files\Western Digital Technologies

2012-07-15 00:43 . 2012-07-15 00:43 -------- d-----w- c:\documents and settings\Char\Application Data\Scooter Software

2012-07-15 00:43 . 2012-07-15 00:43 -------- d-----w- c:\program files\Beyond Compare 3

2012-07-12 17:54 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-07-12 03:34 . 2012-07-12 03:34 -------- d-----w- c:\documents and settings\LocalService\Application Data\Temp

2012-07-11 15:32 . 2012-07-11 15:32 -------- d-----w- c:\documents and settings\All Users\Microsoft

2012-07-11 15:30 . 2012-07-11 15:30 -------- d-----w- c:\program files\Microsoft Analysis Services

2012-07-11 15:29 . 2012-07-23 21:42 -------- d-----w- c:\windows\SHELLNEW

2012-07-11 15:29 . 2012-07-11 15:29 -------- d-----w- c:\documents and settings\Char\Local Settings\Application Data\Microsoft Help

2012-07-11 15:29 . 2012-08-09 22:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2012-07-11 15:28 . 2012-07-11 15:28 -------- d-----r- C:\MSOCache

2012-07-11 15:12 . 2012-07-11 17:17 -------- d-----w- c:\windows\system32\XPSViewer

2012-07-11 15:12 . 2012-07-23 21:41 -------- d-----w- c:\program files\MSBuild

2012-07-11 15:12 . 2012-07-11 15:12 -------- d-----w- c:\program files\Reference Assemblies

2012-07-11 15:12 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2012-07-11 15:11 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2012-07-11 15:11 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2012-07-11 15:11 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2012-07-11 15:11 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2012-07-11 15:11 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2012-07-11 15:11 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2012-07-11 15:11 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2012-07-11 15:11 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2012-07-11 14:34 . 2012-07-11 14:34 -------- d-----w- c:\documents and settings\Char\Local Settings\Application Data\MicrosoftStore

2012-07-11 14:31 . 2008-04-14 07:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2012-07-11 14:31 . 2008-04-14 07:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2012-07-11 12:43 . 2012-07-11 12:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2012-07-11 09:43 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2012-07-11 06:53 . 2012-06-05 00:35 222448 ----a-w- c:\windows\system32\muweb.dll

2012-07-11 06:53 . 2012-06-02 22:18 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-07-11 05:33 . 2012-07-11 05:33 -------- d-----w- c:\windows\ie8updates

2012-07-11 05:22 . 2012-05-02 13:46 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2012-07-11 05:22 . 2012-05-11 14:42 629760 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2012-07-11 05:22 . 2012-05-11 14:42 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2012-07-11 05:22 . 2012-05-11 14:42 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2012-07-11 05:22 . 2012-05-11 14:42 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2012-07-11 05:22 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-07-11 05:22 . 2012-05-11 14:42 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll

2012-07-11 05:22 . 2012-05-11 14:42 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2012-07-11 05:19 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-07-11 05:19 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll

2012-07-11 05:15 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2012-07-11 05:15 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2012-07-11 05:15 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2012-07-11 05:13 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2012-07-11 05:12 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2012-07-11 05:12 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll

2012-07-11 05:12 . 2011-02-08 13:33 978944 -c--a-w- c:\windows\system32\dllcache\mfc42.dll

2012-07-11 05:12 . 2011-02-08 13:33 978944 ----a-w- c:\windows\system32\mfc42.dll

2012-07-11 05:12 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2012-07-11 05:12 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2012-07-11 05:11 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2012-07-11 05:11 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2012-07-11 05:09 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-03 00:04 . 2012-07-11 01:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-03 00:04 . 2012-07-11 01:08 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-11 01:08 . 2012-07-11 01:08 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-07-11 01:08 . 2012-07-11 01:08 476936 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-07-11 01:08 . 2012-07-11 01:08 472840 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-03 20:46 . 2012-07-11 01:12 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-25 23:04 . 2012-06-25 23:04 1394248 ----a-w- c:\windows\system32\msxml4.dll

2012-06-13 13:19 . 2004-08-10 11:00 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-11 18:42 . 2012-06-11 18:42 323624 ----a-w- c:\windows\system32\wiaaut.dll

2012-06-05 15:50 . 2006-12-04 21:37 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2004-08-10 11:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-05 00:35 . 2012-07-10 23:27 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-04 04:32 . 2004-08-10 11:00 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 22:19 . 2012-07-10 23:27 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 22:19 . 2012-07-10 23:27 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 22:19 . 2012-07-10 23:27 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-07-10 23:27 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2004-08-10 11:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 22:19 . 2012-07-10 23:27 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-07-10 23:27 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-05-31 13:22 . 2004-08-10 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08 . 2004-08-10 11:00 916992 ----a-w- c:\windows\system32\wininet.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]

"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]

"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2011-06-17 2510848]

"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-25 651832]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]

"PowerPanel Personal Edition User Interaction"="c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2011-06-17 353728]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-06-19 2234840]

.

c:\documents and settings\Char\Start Menu\Programs\Startup\

Memeo AutoBackup Launcher.lnk - c:\documents and settings\Char\Application Data\Microsoft\Installer\{39A908FD-7322-41AE-B374-C7A076B2FC97}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [2012-7-14 73728]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=

"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=

"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=

"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:UDP"= 5353:UDP:Bonjour Port 5353

"9322:TCP"= 9322:TCP:EKDiscovery

.

R1 MpKslf1432dfe;MpKslf1432dfe;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C9413591-7960-4A3C-84C8-27B968B90545}\MpKslf1432dfe.sys [8/9/2012 1:41 PM 29904]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [6/18/2012 9:13 PM 394712]

R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [6/19/2012 1:44 PM 777728]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [8/24/2011 5:30 PM 430136]

R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [7/16/2012 7:31 AM 2673064]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [7/10/2012 6:08 PM 250056]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [8/8/2012 8:58 PM 32072]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 00:04]

.

2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-651377827-1801674531-1003Core.job

- c:\documents and settings\Char\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-11 01:07]

.

2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-651377827-1801674531-1003UA.job

- c:\documents and settings\Char\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-11 01:07]

.

2012-08-10 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-27 00:03]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.foxnews.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.254

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-09 19:47

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2012-08-09 19:51:44

ComboFix-quarantined-files.txt 2012-08-10 02:51

.

Pre-Run: 82,549,854,208 bytes free

Post-Run: 82,923,171,840 bytes free

.

- - End Of File - - 050709A911AA38E2CB247DFB762847C2

Link to post
Share on other sites

  • Staff

Hi,

Sorry for the delay. Bumping pushes you to the bottom of my queue. Please stop..

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Export the threats found (if any), and post them here.

Next, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Let me first say... sorry for the bump, I thought it was getting buried. It wont happen again. Secondly, thank you for the response. It is appreciated.

07:26:27.0812 1528 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05

07:26:28.0375 1528 ============================================================

07:26:28.0375 1528 Current date / time: 2012/08/15 07:26:28.0375

07:26:28.0375 1528 SystemInfo:

07:26:28.0375 1528

07:26:28.0375 1528 OS Version: 5.1.2600 ServicePack: 3.0

07:26:28.0375 1528 Product type: Workstation

07:26:28.0375 1528 ComputerName: CHARLENE-8AB23C

07:26:28.0375 1528 UserName: Char

07:26:28.0375 1528 Windows directory: C:\WINDOWS

07:26:28.0375 1528 System windows directory: C:\WINDOWS

07:26:28.0375 1528 Processor architecture: Intel x86

07:26:28.0375 1528 Number of processors: 2

07:26:28.0375 1528 Page size: 0x1000

07:26:28.0375 1528 Boot type: Normal boot

07:26:28.0375 1528 ============================================================

07:26:30.0578 1528 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

07:26:30.0703 1528 ============================================================

07:26:30.0703 1528 \Device\Harddisk0\DR0:

07:26:30.0703 1528 MBR partitions:

07:26:30.0703 1528 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x120BC3DF

07:26:30.0703 1528 ============================================================

07:26:30.0734 1528 C: <-> \Device\Harddisk0\DR0\Partition1

07:26:30.0734 1528 ============================================================

07:26:30.0734 1528 Initialize success

07:26:30.0734 1528 ============================================================

07:26:40.0500 3236 ============================================================

07:26:40.0500 3236 Scan started

07:26:40.0500 3236 Mode: Manual;

07:26:40.0500 3236 ============================================================

07:26:42.0546 3236 ================ Scan services =============================

07:26:42.0640 3236 Abiosdsk - ok

07:26:42.0640 3236 abp480n5 - ok

07:26:42.0703 3236 [ 8fd99680a539792a30e97944fdaecf17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

07:26:42.0703 3236 ACPI - ok

07:26:42.0734 3236 [ 9859c0f6936e723e4892d7141b1327d5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

07:26:42.0734 3236 ACPIEC - ok

07:26:42.0812 3236 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

07:26:42.0984 3236 AdobeFlashPlayerUpdateSvc - ok

07:26:42.0984 3236 adpu160m - ok

07:26:43.0031 3236 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys

07:26:43.0031 3236 aec - ok

07:26:43.0078 3236 [ 1e44bc1e83d8fd2305f8d452db109cf9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

07:26:43.0078 3236 AFD - ok

07:26:43.0078 3236 Aha154x - ok

07:26:43.0093 3236 aic78u2 - ok

07:26:43.0093 3236 aic78xx - ok

07:26:43.0140 3236 [ a9a3daa780ca6c9671a19d52456705b4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

07:26:43.0140 3236 Alerter - ok

07:26:43.0156 3236 [ 8c515081584a38aa007909cd02020b3d ] ALG C:\WINDOWS\System32\alg.exe

07:26:43.0156 3236 ALG - ok

07:26:43.0171 3236 AliIde - ok

07:26:43.0171 3236 amsint - ok

07:26:43.0218 3236 [ d8849f77c0b66226335a59d26cb4edc6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

07:26:43.0234 3236 AppMgmt - ok

07:26:43.0234 3236 asc - ok

07:26:43.0234 3236 asc3350p - ok

07:26:43.0250 3236 asc3550 - ok

07:26:43.0390 3236 [ 776acefa0ca9df0faa51a5fb2f435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

07:26:43.0406 3236 aspnet_state - ok

07:26:43.0437 3236 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

07:26:43.0437 3236 AsyncMac - ok

07:26:43.0453 3236 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

07:26:43.0453 3236 atapi - ok

07:26:43.0468 3236 Atdisk - ok

07:26:43.0515 3236 [ abc57a6f6070baf9786c318f59f29f0b ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe

07:26:43.0531 3236 Ati HotKey Poller - ok

07:26:43.0562 3236 [ 1a73f763dfad0ca36dbb45bbe1ab66e5 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe

07:26:43.0562 3236 ATI Smart - ok

07:26:43.0640 3236 [ 03621f7f968ff63713943405deb777f9 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

07:26:43.0656 3236 ati2mtag - ok

07:26:43.0687 3236 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

07:26:43.0687 3236 Atmarpc - ok

07:26:43.0734 3236 [ def7a7882bec100fe0b2ce2549188f9d ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

07:26:43.0734 3236 AudioSrv - ok

07:26:43.0781 3236 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

07:26:43.0781 3236 audstub - ok

07:26:43.0828 3236 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

07:26:43.0828 3236 Beep - ok

07:26:43.0890 3236 [ 574738f61fca2935f5265dc4e5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

07:26:43.0921 3236 BITS - ok

07:26:43.0968 3236 [ cfd4e51402da9838b5a04ae680af54a0 ] Browser C:\WINDOWS\System32\browser.dll

07:26:43.0968 3236 Browser - ok

07:26:44.0109 3236 catchme - ok

07:26:44.0156 3236 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

07:26:44.0156 3236 cbidf2k - ok

07:26:44.0171 3236 cd20xrnt - ok

07:26:44.0171 3236 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

07:26:44.0171 3236 Cdaudio - ok

07:26:44.0203 3236 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

07:26:44.0203 3236 Cdfs - ok

07:26:44.0250 3236 [ 4b0a100eaf5c49ef3cca8c641431eacc ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

07:26:44.0343 3236 Cdrom - ok

07:26:44.0359 3236 [ 84853b3fd012251690570e9e7e43343f ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys

07:26:44.0375 3236 cercsr6 - ok

07:26:44.0390 3236 Changer - ok

07:26:44.0437 3236 [ 1cfe720eb8d93a7158a4ebc3ab178bde ] CiSvc C:\WINDOWS\system32\cisvc.exe

07:26:44.0453 3236 CiSvc - ok

07:26:44.0453 3236 [ 34cbe729f38138217f9c80212a2a0c82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

07:26:44.0453 3236 ClipSrv - ok

07:26:44.0546 3236 [ d87acaed61e417bba546ced5e7e36d9c ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

07:26:44.0593 3236 clr_optimization_v2.0.50727_32 - ok

07:26:44.0625 3236 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

07:26:44.0687 3236 clr_optimization_v4.0.30319_32 - ok

07:26:44.0687 3236 CmdIde - ok

07:26:44.0703 3236 [ 6e4c9f21f0fae8940661144f41b13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys

07:26:44.0718 3236 Compbatt - ok

07:26:44.0718 3236 COMSysApp - ok

07:26:44.0734 3236 Cpqarray - ok

07:26:44.0750 3236 [ 3d4e199942e29207970e04315d02ad3b ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

07:26:44.0750 3236 CryptSvc - ok

07:26:44.0750 3236 dac2w2k - ok

07:26:44.0765 3236 dac960nt - ok

07:26:44.0812 3236 [ 6b27a5c03dfb94b4245739065431322c ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

07:26:44.0812 3236 DcomLaunch - ok

07:26:44.0859 3236 [ 5e38d7684a49cacfb752b046357e0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

07:26:44.0859 3236 Dhcp - ok

07:26:44.0875 3236 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

07:26:44.0875 3236 Disk - ok

07:26:44.0875 3236 dmadmin - ok

07:26:44.0953 3236 [ d992fe1274bde0f84ad826acae022a41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

07:26:45.0218 3236 dmboot - ok

07:26:45.0250 3236 [ 7c824cf7bbde77d95c08005717a95f6f ] dmio C:\WINDOWS\system32\drivers\dmio.sys

07:26:45.0281 3236 dmio - ok

07:26:45.0296 3236 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys

07:26:45.0296 3236 dmload - ok

07:26:45.0328 3236 [ 57edec2e5f59f0335e92f35184bc8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

07:26:45.0343 3236 dmserver - ok

07:26:45.0359 3236 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

07:26:45.0359 3236 DMusic - ok

07:26:45.0453 3236 [ 5f7e24fa9eab896051ffb87f840730d2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

07:26:45.0453 3236 Dnscache - ok

07:26:45.0578 3236 [ 0f0f6e687e5e15579ef4da8dd6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

07:26:45.0703 3236 Dot3svc - ok

07:26:45.0718 3236 dpti2o - ok

07:26:45.0750 3236 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

07:26:45.0750 3236 drmkaud - ok

07:26:45.0812 3236 [ 95974e66d3de4951d29e28e8bc0b644c ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys

07:26:45.0843 3236 E100B - ok

07:26:45.0875 3236 [ 2187855a7703adef0cef9ee4285182cc ] EapHost C:\WINDOWS\System32\eapsvc.dll

07:26:45.0890 3236 EapHost - ok

07:26:45.0984 3236 [ 95d859f8b4da8e1871ff4381ff974aad ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe

07:26:45.0984 3236 ehRecvr - ok

07:26:46.0000 3236 [ a53243709439ac2a4c216b817f8d7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe

07:26:46.0000 3236 ehSched - ok

07:26:46.0015 3236 [ bc93b4a066477954555966d77fec9ecb ] ERSvc C:\WINDOWS\System32\ersvc.dll

07:26:46.0015 3236 ERSvc - ok

07:26:46.0062 3236 [ 65df52f5b8b6e9bbd183505225c37315 ] Eventlog C:\WINDOWS\system32\services.exe

07:26:46.0062 3236 Eventlog - ok

07:26:46.0078 3236 [ d4991d98f2db73c60d042f1aef79efae ] EventSystem C:\WINDOWS\system32\es.dll

07:26:46.0093 3236 EventSystem - ok

07:26:46.0109 3236 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

07:26:46.0109 3236 Fastfat - ok

07:26:46.0156 3236 [ 99bc0b50f511924348be19c7c7313bbf ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

07:26:46.0171 3236 FastUserSwitchingCompatibility - ok

07:26:46.0187 3236 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys

07:26:46.0187 3236 Fdc - ok

07:26:46.0203 3236 [ d45926117eb9fa946a6af572fbe1caa3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

07:26:46.0203 3236 Fips - ok

07:26:46.0203 3236 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys

07:26:46.0203 3236 Flpydisk - ok

07:26:46.0250 3236 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

07:26:46.0250 3236 FltMgr - ok

07:26:46.0296 3236 [ 8ba7c024070f2b7fdd98ed8a4ba41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

07:26:46.0296 3236 FontCache3.0.0.0 - ok

07:26:46.0296 3236 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

07:26:46.0296 3236 Fs_Rec - ok

07:26:46.0312 3236 [ 6ac26732762483366c3969c9e4d2259d ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

07:26:46.0312 3236 Ftdisk - ok

07:26:46.0328 3236 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

07:26:46.0328 3236 Gpc - ok

07:26:46.0359 3236 [ 573c7d0a32852b48f3058cfd8026f511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

07:26:46.0359 3236 HDAudBus - ok

07:26:46.0390 3236 [ 4fcca060dfe0c51a09dd5c3843888bcd ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

07:26:46.0390 3236 helpsvc - ok

07:26:46.0421 3236 [ 748031ff4fe45ccc47546294905feab8 ] HidBatt C:\WINDOWS\system32\DRIVERS\HidBatt.sys

07:26:46.0453 3236 HidBatt - ok

07:26:46.0484 3236 [ deb04da35cc871b6d309b77e1443c796 ] HidServ C:\WINDOWS\System32\hidserv.dll

07:26:46.0484 3236 HidServ - ok

07:26:46.0500 3236 [ ccf82c5ec8a7326c3066de870c06daf1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys

07:26:46.0500 3236 hidusb - ok

07:26:46.0531 3236 [ 8878bd685e490239777bfe51320b88e9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

07:26:46.0531 3236 hkmsvc - ok

07:26:46.0531 3236 hpn - ok

07:26:46.0593 3236 [ 77e4ff0b73bc0aeaaf39bf0c8104231f ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

07:26:46.0593 3236 HSFHWBS2 - ok

07:26:46.0640 3236 [ 60e1604729a15ef4a3b05f298427b3b1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

07:26:46.0656 3236 HSF_DP - ok

07:26:46.0718 3236 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

07:26:46.0718 3236 HTTP - ok

07:26:46.0750 3236 [ 6100a808600f44d999cebdef8841c7a3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

07:26:46.0750 3236 HTTPFilter - ok

07:26:46.0750 3236 i2omgmt - ok

07:26:46.0765 3236 i2omp - ok

07:26:46.0796 3236 [ 4a0b06aa8943c1e332520f7440c0aa30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys

07:26:46.0796 3236 i8042prt - ok

07:26:47.0031 3236 [ c01ac32dc5c03076cfb852cb5da5229c ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

07:26:47.0156 3236 idsvc - ok

07:26:47.0171 3236 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

07:26:47.0171 3236 Imapi - ok

07:26:47.0218 3236 [ 30deaf54a9755bb8546168cfe8a6b5e1 ] ImapiService C:\WINDOWS\system32\imapi.exe

07:26:47.0218 3236 ImapiService - ok

07:26:47.0234 3236 ini910u - ok

07:26:47.0250 3236 IntelIde - ok

07:26:47.0296 3236 [ 8c953733d8f36eb2133f5bb58808b66b ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

07:26:47.0296 3236 intelppm - ok

07:26:47.0328 3236 [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

07:26:47.0328 3236 Ip6Fw - ok

07:26:47.0375 3236 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

07:26:47.0375 3236 IpFilterDriver - ok

07:26:47.0390 3236 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

07:26:47.0390 3236 IpInIp - ok

07:26:47.0421 3236 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

07:26:47.0421 3236 IpNat - ok

07:26:47.0421 3236 [ 23c74d75e36e7158768dd63d92789a91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

07:26:47.0421 3236 IPSec - ok

07:26:47.0453 3236 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

07:26:47.0453 3236 IRENUM - ok

07:26:47.0484 3236 [ 05a299ec56e52649b1cf2fc52d20f2d7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

07:26:47.0484 3236 isapnp - ok

07:26:47.0593 3236 [ de5d05fd449798ef88cc34ad4b1e7f85 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe

07:26:47.0609 3236 JavaQuickStarterService - ok

07:26:47.0625 3236 [ 463c1ec80cd17420a542b7f36a36f128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

07:26:47.0625 3236 Kbdclass - ok

07:26:47.0625 3236 [ 9ef487a186dea361aa06913a75b3fa99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys

07:26:47.0625 3236 kbdhid - ok

07:26:47.0656 3236 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

07:26:47.0656 3236 kmixer - ok

07:26:47.0765 3236 [ 162a5e3a691b903111526147c8d29e6d ] Kodak AiO Network Discovery Service C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe

07:26:47.0765 3236 Kodak AiO Network Discovery Service - ok

07:26:47.0796 3236 [ b5e53fca219a6491e9a1ba146a5d2452 ] Kodak AiO Status Monitor Service C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe

07:26:47.0812 3236 Kodak AiO Status Monitor Service - ok

07:26:47.0859 3236 [ b467646c54cc746128904e1654c750c1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

07:26:47.0859 3236 KSecDD - ok

07:26:47.0906 3236 [ 3a7c3cbe5d96b8ae96ce81f0b22fb527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

07:26:47.0921 3236 lanmanserver - ok

07:26:47.0953 3236 [ a8888a5327621856c0cec4e385f69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

07:26:48.0046 3236 lanmanworkstation - ok

07:26:48.0046 3236 lbrtfdc - ok

07:26:48.0093 3236 [ a7db739ae99a796d91580147e919cc59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

07:26:48.0109 3236 LmHosts - ok

07:26:48.0156 3236 [ e0e22c8a2c5528919c45b834ca68e5ef ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys

07:26:48.0156 3236 mbamchameleon - ok

07:26:48.0203 3236 [ df0a511f38f16016bf658fca0090cb87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe

07:26:48.0203 3236 McrdSvc - ok

07:26:48.0234 3236 [ eeaea6514ba7c9d273b5e87c4e1aab30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

07:26:48.0234 3236 mdmxsdk - ok

07:26:48.0250 3236 [ 986b1ff5814366d71e0ac5755c88f2d3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

07:26:48.0250 3236 Messenger - ok

07:26:48.0281 3236 [ b7521f69c0a9b29d356157229376fb21 ] MHN C:\WINDOWS\System32\mhn.dll

07:26:48.0296 3236 MHN - ok

07:26:48.0296 3236 [ 7f2f1d2815a6449d346fcccbc569fbd6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys

07:26:48.0296 3236 MHNDRV - ok

07:26:48.0343 3236 Microsoft SharePoint Workspace Audit Service - ok

07:26:48.0390 3236 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

07:26:48.0390 3236 mnmdd - ok

07:26:48.0437 3236 [ d18f1f0c101d06a1c1adf26eed16fcdd ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

07:26:48.0437 3236 mnmsrvc - ok

07:26:48.0484 3236 [ dfcbad3cec1c5f964962ae10e0bcc8e1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

07:26:48.0484 3236 Modem - ok

07:26:48.0515 3236 [ 1992e0d143b09653ab0f9c5e04b0fd65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys

07:26:48.0515 3236 MODEMCSA - ok

07:26:48.0531 3236 [ 35c9e97194c8cfb8430125f8dbc34d04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

07:26:48.0531 3236 Mouclass - ok

07:26:48.0562 3236 [ b1c303e17fb9d46e87a98e4ba6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

07:26:48.0562 3236 mouhid - ok

07:26:48.0562 3236 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

07:26:48.0562 3236 MountMgr - ok

07:26:48.0593 3236 [ d993bea500e7382dc4e760bf4f35efcb ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys

07:26:48.0609 3236 MpFilter - ok

07:26:48.0734 3236 [ a69630d039c38018689190234f866d77 ] MpKsl31f69a50 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66ABFE4C-28DF-45F0-9DA8-5B86266DA5DE}\MpKsl31f69a50.sys

07:26:48.0734 3236 MpKsl31f69a50 - ok

07:26:48.0734 3236 mraid35x - ok

07:26:48.0765 3236 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

07:26:48.0765 3236 MRxDAV - ok

07:26:48.0828 3236 [ 7d304a5eb4344ebeeab53a2fe3ffb9f0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

07:26:48.0828 3236 MRxSmb - ok

07:26:48.0843 3236 [ a137f1470499a205abbb9aafb3b6f2b1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

07:26:48.0843 3236 MSDTC - ok

07:26:48.0875 3236 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

07:26:48.0890 3236 Msfs - ok

07:26:48.0890 3236 MSIServer - ok

07:26:48.0921 3236 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

07:26:48.0953 3236 MSKSSRV - ok

07:26:48.0984 3236 [ 24516bf4e12a46cb67302e2cdcb8cddf ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe

07:26:48.0984 3236 MsMpSvc - ok

07:26:49.0015 3236 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

07:26:49.0015 3236 MSPCLOCK - ok

07:26:49.0031 3236 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

07:26:49.0031 3236 MSPQM - ok

07:26:49.0078 3236 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

07:26:49.0078 3236 mssmbios - ok

07:26:49.0109 3236 [ de6a75f5c270e756c5508d94b6cf68f5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

07:26:49.0109 3236 Mup - ok

07:26:49.0156 3236 [ 0102140028fad045756796e1c685d695 ] napagent C:\WINDOWS\System32\qagentrt.dll

07:26:49.0156 3236 napagent - ok

07:26:49.0187 3236 [ 1df7f42665c94b825322fae71721130d ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

07:26:49.0187 3236 NDIS - ok

07:26:49.0218 3236 [ 0109c4f3850dfbab279542515386ae22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

07:26:49.0218 3236 NdisTapi - ok

07:26:49.0234 3236 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

07:26:49.0234 3236 Ndisuio - ok

07:26:49.0250 3236 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

07:26:49.0265 3236 NdisWan - ok

07:26:49.0281 3236 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

07:26:49.0281 3236 NDProxy - ok

07:26:49.0296 3236 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

07:26:49.0296 3236 NetBIOS - ok

07:26:49.0328 3236 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

07:26:49.0328 3236 NetBT - ok

07:26:49.0375 3236 [ b857ba82860d7ff85ae29b095645563b ] NetDDE C:\WINDOWS\system32\netdde.exe

07:26:49.0375 3236 NetDDE - ok

07:26:49.0390 3236 [ b857ba82860d7ff85ae29b095645563b ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

07:26:49.0406 3236 NetDDEdsdm - ok

07:26:49.0453 3236 [ bf2466b3e18e970d8a976fb95fc1ca85 ] Netlogon C:\WINDOWS\system32\lsass.exe

07:26:49.0453 3236 Netlogon - ok

07:26:49.0468 3236 [ 13e67b55b3abd7bf3fe7aae5a0f9a9de ] Netman C:\WINDOWS\System32\netman.dll

07:26:49.0484 3236 Netman - ok

07:26:49.0546 3236 [ d34612c5d02d026535b3095d620626ae ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

07:26:49.0562 3236 NetTcpPortSharing - ok

07:26:49.0593 3236 [ 943337d786a56729263071623bbb9de5 ] Nla C:\WINDOWS\System32\mswsock.dll

07:26:49.0593 3236 Nla - ok

07:26:49.0609 3236 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

07:26:49.0609 3236 Npfs - ok

07:26:49.0640 3236 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

07:26:49.0656 3236 Ntfs - ok

07:26:49.0671 3236 [ bf2466b3e18e970d8a976fb95fc1ca85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

07:26:49.0671 3236 NtLmSsp - ok

07:26:49.0718 3236 [ 156f64a3345bd23c600655fb4d10bc08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

07:26:49.0734 3236 NtmsSvc - ok

07:26:49.0765 3236 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\WINDOWS\system32\drivers\Null.sys

07:26:49.0765 3236 Null - ok

07:26:49.0796 3236 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

07:26:49.0812 3236 NwlnkFlt - ok

07:26:49.0953 3236 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

07:26:49.0953 3236 NwlnkFwd - ok

07:26:50.0015 3236 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

07:26:50.0015 3236 ose - ok

07:26:50.0234 3236 [ 358a9cca612c68eb2f07ddad4ce1d8d7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

07:26:50.0296 3236 osppsvc - ok

07:26:50.0359 3236 [ 5575faf8f97ce5e713d108c2a58d7c7c ] Parport C:\WINDOWS\system32\drivers\Parport.sys

07:26:50.0359 3236 Parport - ok

07:26:50.0375 3236 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

07:26:50.0375 3236 PartMgr - ok

07:26:50.0406 3236 [ 70e98b3fd8e963a6a46a2e6247e0bea1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

07:26:50.0406 3236 ParVdm - ok

07:26:50.0421 3236 [ a219903ccf74233761d92bef471a07b1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

07:26:50.0421 3236 PCI - ok

07:26:50.0421 3236 PCIDump - ok

07:26:50.0453 3236 [ ccf5f451bb1a5a2a522a76e670000ff0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

07:26:50.0453 3236 PCIIde - ok

07:26:50.0500 3236 [ 9e89ef60e9ee05e3f2eef2da7397f1c1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

07:26:50.0515 3236 Pcmcia - ok

07:26:50.0515 3236 PDCOMP - ok

07:26:50.0515 3236 PDFRAME - ok

07:26:50.0531 3236 PDRELI - ok

07:26:50.0546 3236 PDRFRAME - ok

07:26:50.0546 3236 perc2 - ok

07:26:50.0562 3236 perc2hib - ok

07:26:50.0593 3236 [ 65df52f5b8b6e9bbd183505225c37315 ] PlugPlay C:\WINDOWS\system32\services.exe

07:26:50.0609 3236 PlugPlay - ok

07:26:50.0718 3236 [ ae6c778717de2f6b0c0b5335036d3363 ] PMBDeviceInfoProvider C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

07:26:50.0750 3236 PMBDeviceInfoProvider - ok

07:26:50.0750 3236 [ bf2466b3e18e970d8a976fb95fc1ca85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

07:26:50.0750 3236 PolicyAgent - ok

07:26:50.0812 3236 [ 7f2b5faafbdb55fb617e7d56f78c0a8a ] ppped C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe

07:26:50.0828 3236 ppped - ok

07:26:50.0843 3236 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

07:26:50.0843 3236 PptpMiniport - ok

07:26:50.0843 3236 [ bf2466b3e18e970d8a976fb95fc1ca85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

07:26:50.0859 3236 ProtectedStorage - ok

07:26:50.0859 3236 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

07:26:50.0859 3236 PSched - ok

07:26:50.0875 3236 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

07:26:50.0875 3236 Ptilink - ok

07:26:50.0906 3236 [ 617accada2e0a0f43ec6030bbac49513 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys

07:26:50.0906 3236 PxHelp20 - ok

07:26:50.0921 3236 ql1080 - ok

07:26:50.0921 3236 Ql10wnt - ok

07:26:50.0921 3236 ql12160 - ok

07:26:50.0937 3236 ql1240 - ok

07:26:50.0937 3236 ql1280 - ok

07:26:50.0968 3236 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

07:26:50.0968 3236 RasAcd - ok

07:26:51.0000 3236 [ ad188be7bdf94e8df4ca0a55c00a5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

07:26:51.0000 3236 RasAuto - ok

07:26:51.0031 3236 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

07:26:51.0031 3236 Rasl2tp - ok

07:26:51.0078 3236 [ 76a9a3cbeadd68cc57cda5e1d7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

07:26:51.0093 3236 RasMan - ok

07:26:51.0093 3236 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

07:26:51.0093 3236 RasPppoe - ok

07:26:51.0109 3236 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

07:26:51.0109 3236 Raspti - ok

07:26:51.0125 3236 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

07:26:51.0125 3236 Rdbss - ok

07:26:51.0140 3236 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

07:26:51.0140 3236 RDPCDD - ok

07:26:51.0171 3236 [ 15cabd0f7c00c47c70124907916af3f1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

07:26:51.0171 3236 rdpdr - ok

07:26:51.0218 3236 [ 43af5212bd8fb5ba6eed9754358bd8f7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

07:26:51.0234 3236 RDPWD - ok

07:26:51.0250 3236 [ 3c37bf86641bda977c3bf8a840f3b7fa ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

07:26:51.0250 3236 RDSessMgr - ok

07:26:51.0265 3236 [ f828dd7e1419b6653894a8f97a0094c5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

07:26:51.0265 3236 redbook - ok

07:26:51.0312 3236 [ 7e699ff5f59b5d9de5390e3c34c67cf5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

07:26:51.0312 3236 RemoteAccess - ok

07:26:51.0343 3236 [ 5b19b557b0c188210a56a6b699d90b8f ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

07:26:51.0343 3236 RemoteRegistry - ok

07:26:51.0343 3236 [ aaed593f84afa419bbae8572af87cf6a ] RpcLocator C:\WINDOWS\system32\locator.exe

07:26:51.0359 3236 RpcLocator - ok

07:26:51.0375 3236 [ 6b27a5c03dfb94b4245739065431322c ] RpcSs C:\WINDOWS\System32\rpcss.dll

07:26:51.0390 3236 RpcSs - ok

07:26:51.0406 3236 [ 471b3f9741d762abe75e9deea4787e47 ] RSVP C:\WINDOWS\system32\rsvp.exe

07:26:51.0421 3236 RSVP - ok

07:26:51.0437 3236 [ bf2466b3e18e970d8a976fb95fc1ca85 ] SamSs C:\WINDOWS\system32\lsass.exe

07:26:51.0453 3236 SamSs - ok

07:26:51.0453 3236 [ 86d007e7a654b9a71d1d7d856b104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

07:26:51.0453 3236 SCardSvr - ok

07:26:51.0484 3236 [ 0a9a7365a1ca4319aa7c1d6cd8e4eafa ] Schedule C:\WINDOWS\system32\schedsvc.dll

07:26:51.0484 3236 Schedule - ok

07:26:51.0515 3236 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

07:26:51.0515 3236 Secdrv - ok

07:26:51.0515 3236 [ cbe612e2bb6a10e3563336191eda1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

07:26:51.0531 3236 seclogon - ok

07:26:51.0562 3236 [ 7fdd5d0684eca8c1f68b4d99d124dcd0 ] SENS C:\WINDOWS\system32\sens.dll

07:26:51.0562 3236 SENS - ok

07:26:51.0578 3236 [ cca207a8896d4c6a0c9ce29a4ae411a7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys

07:26:51.0578 3236 Serial - ok

07:26:51.0625 3236 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

07:26:51.0625 3236 Sfloppy - ok

07:26:51.0671 3236 [ 83f41d0d89645d7235c051ab1d9523ac ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

07:26:51.0687 3236 SharedAccess - ok

07:26:51.0703 3236 [ 99bc0b50f511924348be19c7c7313bbf ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

07:26:51.0703 3236 ShellHWDetection - ok

07:26:51.0703 3236 Simbad - ok

07:26:51.0718 3236 Sparrow - ok

07:26:51.0750 3236 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\WINDOWS\system32\drivers\splitter.sys

07:26:51.0750 3236 splitter - ok

07:26:51.0796 3236 [ 60784f891563fb1b767f70117fc2428f ] Spooler C:\WINDOWS\system32\spoolsv.exe

07:26:51.0796 3236 Spooler - ok

07:26:51.0812 3236 [ 76bb022c2fb6902fd5bdd4f78fc13a5d ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

07:26:51.0812 3236 sr - ok

07:26:51.0828 3236 [ 3805df0ac4296a34ba4bf93b346cc378 ] srservice C:\WINDOWS\system32\srsvc.dll

07:26:51.0828 3236 srservice - ok

07:26:51.0890 3236 [ 47ddfc2f003f7f9f0592c6874962a2e7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

07:26:51.0890 3236 Srv - ok

07:26:51.0906 3236 [ 0a5679b3714edab99e357057ee88fca6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

07:26:51.0906 3236 SSDPSRV - ok

07:26:51.0984 3236 [ 2a2dc39623adef8ab3703ab9fac4b440 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys

07:26:51.0984 3236 STHDA - ok

07:26:52.0031 3236 [ 8bad69cbac032d4bbacfce0306174c30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

07:26:52.0046 3236 stisvc - ok

07:26:52.0062 3236 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

07:26:52.0078 3236 swenum - ok

07:26:52.0093 3236 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

07:26:52.0093 3236 swmidi - ok

07:26:52.0093 3236 SwPrv - ok

07:26:52.0109 3236 symc810 - ok

07:26:52.0125 3236 symc8xx - ok

07:26:52.0125 3236 sym_hi - ok

07:26:52.0125 3236 sym_u3 - ok

07:26:52.0265 3236 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

07:26:52.0281 3236 sysaudio - ok

07:26:52.0359 3236 [ c7abbc59b43274b1109df6b24d617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

07:26:52.0406 3236 SysmonLog - ok

07:26:52.0468 3236 [ 3cb78c17bb664637787c9a1c98f79c38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

07:26:52.0500 3236 TapiSrv - ok

07:26:52.0703 3236 [ 9aefa14bd6b182d61e3119fa5f436d3d ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

07:26:52.0750 3236 Tcpip - ok

07:26:52.0921 3236 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

07:26:52.0953 3236 TDPIPE - ok

07:26:52.0984 3236 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

07:26:53.0031 3236 TDTCP - ok

07:26:53.0265 3236 [ 2bbb318ea9f34fdc508cea4aab98d770 ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

07:26:53.0296 3236 TeamViewer7 - ok

07:26:53.0296 3236 [ 88155247177638048422893737429d9e ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

07:26:53.0296 3236 TermDD - ok

07:26:53.0328 3236 [ ff3477c03be7201c294c35f684b3479f ] TermService C:\WINDOWS\System32\termsrv.dll

07:26:53.0328 3236 TermService - ok

07:26:53.0359 3236 [ 99bc0b50f511924348be19c7c7313bbf ] Themes C:\WINDOWS\System32\shsvcs.dll

07:26:53.0359 3236 Themes - ok

07:26:53.0406 3236 [ db7205804759ff62c34e3efd8a4cc76a ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

07:26:53.0406 3236 TlntSvr - ok

07:26:53.0421 3236 TosIde - ok

07:26:53.0468 3236 [ 55bca12f7f523d35ca3cb833c725f54e ] TrkWks C:\WINDOWS\system32\trkwks.dll

07:26:53.0468 3236 TrkWks - ok

07:26:53.0484 3236 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

07:26:53.0500 3236 Udfs - ok

07:26:53.0500 3236 ultra - ok

07:26:53.0531 3236 [ 9651e5d850b6f6bd7c77c70aa06f02bf ] UMWdf C:\WINDOWS\system32\wdfmgr.exe

07:26:53.0531 3236 UMWdf - ok

07:26:53.0562 3236 [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

07:26:53.0578 3236 Update - ok

07:26:53.0593 3236 [ 1ebafeb9a3fbdc41b8d9c7f0f687ad91 ] upnphost C:\WINDOWS\System32\upnphost.dll

07:26:53.0609 3236 upnphost - ok

07:26:53.0609 3236 [ 05365fb38fca1e98f7a566aaaf5d1815 ] UPS C:\WINDOWS\System32\ups.exe

07:26:53.0609 3236 UPS - ok

07:26:53.0656 3236 [ 173f317ce0db8e21322e71b7e60a27e8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

07:26:53.0656 3236 usbccgp - ok

07:26:53.0671 3236 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

07:26:53.0671 3236 usbehci - ok

07:26:53.0687 3236 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

07:26:53.0687 3236 usbhub - ok

07:26:53.0703 3236 [ a717c8721046828520c9edf31288fc00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

07:26:53.0703 3236 usbprint - ok

07:26:53.0718 3236 [ a0b8cf9deb1184fbdd20784a58fa75d4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

07:26:53.0718 3236 usbscan - ok

07:26:53.0734 3236 [ a32426d9b14a089eaa1d922e0c5801a9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

07:26:53.0734 3236 usbstor - ok

07:26:53.0765 3236 [ 26496f9dee2d787fc3e61ad54821ffe6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

07:26:53.0765 3236 usbuhci - ok

07:26:53.0765 3236 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

07:26:53.0765 3236 VgaSave - ok

07:26:53.0781 3236 ViaIde - ok

07:26:53.0796 3236 [ 4c8fcb5cc53aab716d810740fe59d025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

07:26:53.0796 3236 VolSnap - ok

07:26:53.0843 3236 [ 7a9db3a67c333bf0bd42e42b8596854b ] VSS C:\WINDOWS\System32\vssvc.exe

07:26:53.0859 3236 VSS - ok

07:26:53.0890 3236 [ 54af4b1d5459500ef0937f6d33b1914f ] W32Time C:\WINDOWS\system32\w32time.dll

07:26:53.0890 3236 W32Time - ok

07:26:53.0906 3236 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

07:26:53.0906 3236 Wanarp - ok

07:26:53.0921 3236 WDICA - ok

07:26:53.0937 3236 [ 6768acf64b18196494413695f0c3a00f ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

07:26:53.0937 3236 wdmaud - ok

07:26:53.0953 3236 [ 77a354e28153ad2d5e120a5a8687bc06 ] WebClient C:\WINDOWS\System32\webclnt.dll

07:26:53.0953 3236 WebClient - ok

07:26:54.0000 3236 [ f59ed5a43b988a18ef582bb07b2327a7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

07:26:54.0015 3236 winachsf - ok

07:26:54.0125 3236 [ 2d0e4ed081963804ccc196a0929275b5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

07:26:54.0125 3236 winmgmt - ok

07:26:54.0171 3236 [ b9715b9c18bc6c8f4b66733d208cc9f7 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

07:26:54.0171 3236 WmdmPmSN - ok

07:26:54.0203 3236 [ e76f8807070ed04e7408a86d6d3a6137 ] Wmi C:\WINDOWS\System32\advapi32.dll

07:26:54.0218 3236 Wmi - ok

07:26:54.0234 3236 [ e0673f1106e62a68d2257e376079f821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

07:26:54.0250 3236 WmiApSrv - ok

07:26:54.0343 3236 [ dcf3e3edf5109ee8bc02fe6e1f045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

07:26:54.0343 3236 WPFFontCache_v0400 - ok

07:26:54.0390 3236 [ 6abe6e225adb5a751622a9cc3bc19ce8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys

07:26:54.0390 3236 WS2IFSL - ok

07:26:54.0437 3236 [ 7c278e6408d1dce642230c0585a854d5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

07:26:54.0453 3236 wscsvc - ok

07:26:54.0453 3236 WSearch - ok

07:26:54.0468 3236 [ 35321fb577cdc98ce3eb3a3eb9e4610a ] wuauserv C:\WINDOWS\system32\wuauserv.dll

07:26:54.0468 3236 wuauserv - ok

07:26:54.0531 3236 [ 81dc3f549f44b1c1fff022dec9ecf30b ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

07:26:54.0546 3236 WZCSVC - ok

07:26:54.0578 3236 [ 295d21f14c335b53cb8154e5b1f892b9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

07:26:54.0578 3236 xmlprov - ok

07:26:54.0578 3236 ================ Scan global ===============================

07:26:54.0609 3236 (42f1f4c0afb08410e5f02d4b13ebb623) C:\WINDOWS\system32\basesrv.dll

07:26:54.0656 3236 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll

07:26:54.0671 3236 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll

07:26:54.0687 3236 (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

07:26:54.0687 3236 [Global] - ok

07:26:54.0687 3236 ================ Scan MBR ==================================

07:26:54.0718 3236 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

07:26:55.0125 3236 \Device\Harddisk0\DR0 - ok

07:26:55.0125 3236 ================ Scan VBR ==================================

07:26:55.0125 3236 Boot (0x1200) (370fad13e2c944d6a37cc2a50998a188) \Device\Harddisk0\DR0\Partition1

07:26:55.0140 3236 \Device\Harddisk0\DR0\Partition1 - ok

07:26:55.0140 3236 ============================================================

07:26:55.0140 3236 Scan finished

07:26:55.0140 3236 ============================================================

07:26:55.0156 3184 Detected object count: 0

07:26:55.0156 3184 Actual detected object count: 0

07:27:19.0593 0440 Deinitialize success

..... ESET found nothing.

# AdwCleaner v1.801 - Logfile created 08/15/2012 at 08:31:37

# Updated 14/08/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Char - CHARLENE-8AB23C

# Boot Mode : Normal

# Running from : C:\temp\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\Char\Local Settings\Application Data\Conduit

Folder Found : C:\Documents and Settings\Char\Local Settings\Application Data\Ilivid Player

Folder Found : C:\Program Files\Conduit

***** [Registry] *****

[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3209604

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\ConduitSearchScopes

Key Found : HKLM\SOFTWARE\Conduit

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [1073 octets] - [15/08/2012 08:31:37]

########## EOF - C:\AdwCleaner[R1].txt - [1201 octets] ##########

and security check...

Results of screen317's Security Check version 0.99.43

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.62.0.1300

Java 6 Update 33

Java version out of Date!

Adobe Flash Player 11.3.300.271

Adobe Reader X (10.1.3)

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 10%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number

Link to post
Share on other sites

# AdwCleaner v1.801 - Logfile created 08/21/2012 at 04:31:03

# Updated 14/08/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Char - CHARLENE-8AB23C

# Boot Mode : Normal

# Running from : C:\temp\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Char\Local Settings\Application Data\Conduit

Folder Deleted : C:\Documents and Settings\Char\Local Settings\Application Data\Ilivid Player

Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3209604

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\ConduitSearchScopes

Key Deleted : HKLM\SOFTWARE\Conduit

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [1202 octets] - [15/08/2012 08:31:37]

AdwCleaner[R2].txt - [1262 octets] - [21/08/2012 04:30:10]

AdwCleaner[s1].txt - [1211 octets] - [21/08/2012 04:31:03]

########## EOF - C:\AdwCleaner[s1].txt - [1339 octets] ##########

Link to post
Share on other sites

  • Staff

Hi,

Run TFC by OldTimer to clear temporary files:

  • Open TFC.exe if you already have it. If not, please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

  • Please double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with Yes.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Java™ 6 Update 33

Adobe Flash Player 11.3.300.271

Restart your computer.

Get the latest version of Java and Adobe Flash Player.

Let me know what issues remain.

Link to post
Share on other sites

  • Staff

Great!

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.