Jump to content

Infected (I think)


Recommended Posts

Hello. My computer has been acting strangely. I tried to remove everything the usual way but nothing is working. Here is DDS Logs. Hoping one of the experts can help. Here is DDS Logs. I await further instructions.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1

Run by Nick at 14:47:59 on 2012-08-24

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.508 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\Program Files\Jetico\BCWipe\BCWipeTM.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\WLTRAY.exe

C:\PROGRA~1\Jetico\BCWipe\BCResident.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Real\RealPlayer\update\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Jetico\BCWipe\BCWipeTM.exe

C:\WINDOWS\system32\wifimon.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

C:\Program Files\PANDORA.TV\PanService\PandoraService.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = <local>;*.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

EB: Shell Search Band: {6dd2c1e6-7619-2193-1fe9-f82d6deeba28} - %SystemRoot%\system32\browseui.dll

uRun: [WIFIServiceAP] c:\windows\system32\wifiap.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY

mRun: [bCWipeTM Startup] "c:\program files\jetico\bcwipe\BCWipeTM.exe" startup

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

IE: Free YouTube to iPod Converter - c:\documents and settings\nick\application data\dvdvideosoftiehelpers\freeyoutubetoipodconverter.htm

IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\nick\start menu\programs\imvu\Run IMVU.lnk

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.0.1 205.171.2.65

TCP: Interfaces\{5FD7399A-C0BF-4E0D-994E-6B463EDF0D45} : DhcpNameServer = 192.168.0.1 205.171.2.65

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\nick\application data\mozilla\firefox\profiles\flfgd2ka.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\dtplugin\npdeployJava1.dll

FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll

.

============= SERVICES / DRIVERS ===============

.

R1 fsh;fsh;c:\windows\system32\drivers\fsh.sys [2009-7-23 39360]

R2 BCWipeSvc;BCWipe service;c:\program files\jetico\bcwipe\BCWipeSvc.exe [2009-12-24 95544]

R2 PanService;PandoraService;c:\program files\pandora.tv\panservice\PandoraService.exe [2012-4-30 624856]

S0 jgie;jgie;c:\windows\system32\drivers\mjpc.sys --> c:\windows\system32\drivers\mjpc.sys [?]

S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 113120]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\bcswap.sys [2009-7-23 92096]

.

=============== Created Last 30 ================

.

2012-08-24 18:28:02 40960 ----a-w- c:\windows\system32\wifimon.exe

2012-08-24 18:28:02 151552 ----a-w- c:\windows\system32\wifiap.dll

2012-08-24 17:38:50 98816 ----a-w- c:\windows\sed.exe

2012-08-24 17:38:50 518144 ----a-w- c:\windows\SWREG.exe

2012-08-24 17:38:50 256000 ----a-w- c:\windows\PEV.exe

2012-08-24 17:38:50 208896 ----a-w- c:\windows\MBR.exe

2012-08-12 18:18:03 -------- d-----w- c:\documents and settings\nick\local settings\application data\Sun

2012-08-11 21:34:26 192531 ----a-w- c:\windows\system32\wifiap.exe

2012-08-11 21:31:30 -------- d-----w- c:\program files\Oracle

2012-08-05 17:43:14 -------- d-----w- c:\program files\iPod

2012-08-05 17:43:02 -------- d-----w- c:\program files\iTunes

2012-08-05 17:39:56 -------- d-----w- c:\program files\Bonjour

2012-08-04 20:55:11 94208 ----a-w- c:\windows\system32\HPZipt12.dll

2012-08-04 20:55:11 69632 ----a-w- c:\windows\system32\HPZipm12.exe

2012-08-04 20:55:11 65536 ----a-w- c:\windows\system32\HPZinw12.exe

2012-08-04 20:55:11 57344 ----a-w- c:\windows\system32\HPZisn12.dll

2012-08-04 20:55:11 282680 ----a-w- c:\windows\system32\HPZidr12.dll

2012-08-04 20:55:11 204800 ----a-w- c:\windows\system32\HPZipr12.dll

2012-08-04 20:55:02 306688 ----a-w- c:\windows\IsUninst.exe

2012-08-04 20:54:31 -------- d-----w- c:\program files\HP

2012-08-04 20:54:00 56 ----a-w- C:\ut9x.bat

2012-08-04 20:54:00 54 ----a-w- C:\ut.bat

2012-08-04 20:35:29 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys

2012-08-04 20:35:29 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2012-07-30 21:52:13 103904 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2012-08-24 17:35:06 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2012-07-30 02:36:59 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-30 02:36:59 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-11 23:45:47 231760 ----a-w- c:\windows\system32\drivers\truecrypt.sys

2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-06 03:07:08 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-07-06 03:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49:32 43520 ------w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05:43 385024 ------w- c:\windows\system32\html.iec

2012-06-17 00:03:04 476936 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-06-07 01:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-06-01 01:00:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-06-01 01:00:14 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

.

============= FINISH: 14:48:08.28 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 1/1/2006 12:31:26 AM

System Uptime: 8/24/2012 2:32:10 PM (0 hours ago)

.

Motherboard: Acer | | FI946GZ

Processor: Intel® Core2 CPU 6300 @ 1.86GHz | Socket 775 | 1581/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 233 GiB total, 22.73 GiB free.

E: is Removable

H: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Broadcom 802.11g Network Adapter

Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_03121468&REV_02\4&1AF1648C&0&38F0

Manufacturer: Broadcom

Name: Broadcom 802.11g Network Adapter

PNP Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_03121468&REV_02\4&1AF1648C&0&38F0

Service: BCM43XX

.

==== System Restore Points ===================

.

RP1: 8/24/2012 12:44:25 PM - System Checkpoint

.

==== Installed Programs ======================

.

.

7-Zip 9.20

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Media Player

Adobe Photoshop CS5

Adobe Reader 9.5.2

Adobe Shockwave Player 11.6

Any Video Converter 3.0.7

Apple Application Support

Apple Mobile Device Support

Apple Software Update

BCWipe 4.0

Bonjour

Broadcom 802.11 Network Adapter

BufferChm

CCleaner

ChessBase 10

ChessBase 11

DeviceManagementQFolder

FastStone Image Viewer 4.6

FlvRecorder

Fritz11

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB981793)

Houdini 2.0 Pro

HP Imaging Device Functions 7.0

HP Photosmart and Deskjet 7.0 Software

hph_software_req

Intel® Graphics Media Accelerator Driver

iTunes

Java Auto Updater

Java 6 Update 33

Java 7 Update 5

JavaFX 2.1.1

K-Lite Mega Codec Pack 6.2.0

MagicDisc 2.7.106

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ Run Time Lib Setup

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSXML 6.0 Parser (KB925673)

muvee Reveal Seagate Edition

Pandora Service

PDF Settings CS5

PokerStars.net

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2482017)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2497640)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2530548)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544521)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2559049)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2586448)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618444)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SmartFind

swMSM

System Requirements Lab for Intel

The KMPlayer (remove only)

Toolbox

TrueCrypt

Tweak UI

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VideoCam Suite

VideoCam Suite 1.0

VLC media player 2.0.2

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Media Format Runtime

Windows Media Player Firefox Plugin

Windows Presentation Foundation

Windows XP Service Pack 3

WinPcap 4.0.2

Winrar 3.92

XML Paper Specification Shared Components Pack 1.0

.

==== Event Viewer Messages From Past Week ========

.

8/24/2012 2:09:07 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

8/24/2012 12:06:44 PM, error: Service Control Manager [7034] - The Broadcom Wireless LAN Tray Service service terminated unexpectedly. It has done this 1 time(s).

8/24/2012 12:06:44 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

8/24/2012 12:06:44 PM, error: Service Control Manager [7034] - The BCWipe service service terminated unexpectedly. It has done this 1 time(s).

8/24/2012 12:02:50 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.

8/24/2012 11:58:03 AM, error: DCOM [10005] - DCOM got error "%230" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

8/24/2012 11:40:23 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

8/24/2012 11:31:37 AM, error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 1 time(s).

8/24/2012 11:31:37 AM, error: Service Control Manager [7034] - The Wireless Zero Configuration service terminated unexpectedly. It has done this 1 time(s).

8/24/2012 11:31:37 AM, error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 1 time(s).

8/24/2012 11:31:37 AM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 1 time(s).

8/24/2012 11:31:37 AM, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s).

8/24/2012 11:31:37 AM, error: Service Control Manager [7034] - The CryptSvc service terminated unexpectedly. It has done this 1 time(s).

8/24/2012 11:31:37 AM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

8/24/2012 11:31:37 AM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

8/24/2012 11:31:37 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm truecrypt

8/24/2012 11:30:24 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/24/2012 11:19:15 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

8/24/2012 11:16:19 AM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.

8/24/2012 11:16:18 AM, error: SRService [104] - The System Restore initialization process failed.

8/24/2012 10:21:22 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

8/24/2012 10:19:45 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

8/24/2012 10:08:37 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

8/23/2012 8:41:26 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).

8/23/2012 8:40:19 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

8/23/2012 8:40:19 PM, error: PlugPlayManager [11] - The device Root\LEGACY_.CDROM\0000 disappeared from the system without first being prepared for removal.

8/23/2012 8:40:18 PM, error: PlugPlayManager [12] - The device 'Network Monitor Driver' (Root\LEGACY_NM\0000) disappeared from the system without first being prepared for removal.

8/23/2012 10:44:57 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).

8/23/2012 10:44:35 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

8/23/2012 10:44:29 PM, error: Service Control Manager [7034] - The PandoraService service terminated unexpectedly. It has done this 1 time(s).

8/19/2012 11:56:35 AM, error: Service Control Manager [7022] - The PandoraService service hung on starting.

8/19/2012 11:55:09 AM, error: Service Control Manager [7000] - The B's Recorder GOLD Library General Service service failed to start due to the following error: The system cannot find the file specified.

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

Hello and Thanks MrCharlie. Here is the log.

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Nick [Admin rights]

Mode: Scan -- Date: 08/24/2012 16:50:09

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤

[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HDT722525DLA380 +++++

--- User ---

[MBR] 5395808ed7fe1631e01ea862d0722e24

[bSP] 07b5ee431a8e2494a37a49d41c5033e0 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Not much showing...lets run some scans >>>>>

Please read the directions carefully so you don't end up deleting something that is good!!

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

Hi MrCharlie. Here is the log from TDS. Should have mentioned this earlier but you said there isn't much showing. I downloaded and ran an exe that I probably shouldn't have. Computer started acting up so I ran MBAM and CF. CF detected a rootkit and rebooted then ran. After CF was done I ran it again and it did the exact same thing. That is when I decided to post here. Maybe its gone, maybe it isnt. I now defer to the experts....although haven't been redirected in a day for so. Thanks

11:50:57.0781 7196 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

11:50:58.0125 7196 ============================================================

11:50:58.0125 7196 Current date / time: 2012/08/25 11:50:58.0125

11:50:58.0125 7196 SystemInfo:

11:50:58.0125 7196

11:50:58.0125 7196 OS Version: 5.1.2600 ServicePack: 3.0

11:50:58.0125 7196 Product type: Workstation

11:50:58.0125 7196 ComputerName: USER

11:50:58.0125 7196 UserName: Nick

11:50:58.0125 7196 Windows directory: C:\WINDOWS

11:50:58.0125 7196 System windows directory: C:\WINDOWS

11:50:58.0125 7196 Processor architecture: Intel x86

11:50:58.0125 7196 Number of processors: 2

11:50:58.0125 7196 Page size: 0x1000

11:50:58.0125 7196 Boot type: Normal boot

11:50:58.0125 7196 ============================================================

11:50:59.0296 7196 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054

11:50:59.0296 7196 ============================================================

11:50:59.0296 7196 \Device\Harddisk0\DR0:

11:50:59.0296 7196 MBR partitions:

11:50:59.0296 7196 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681

11:50:59.0296 7196 ============================================================

11:50:59.0312 7196 C: <-> \Device\Harddisk0\DR0\Partition1

11:50:59.0312 7196 ============================================================

11:50:59.0312 7196 Initialize success

11:50:59.0312 7196 ============================================================

11:51:07.0125 7416 ============================================================

11:51:07.0125 7416 Scan started

11:51:07.0125 7416 Mode: Manual; SigCheck; TDLFS;

11:51:07.0125 7416 ============================================================

11:51:07.0687 7416 ================ Scan system memory ========================

11:51:07.0687 7416 System memory - ok

11:51:07.0687 7416 ================ Scan services =============================

11:51:07.0765 7416 Abiosdsk - ok

11:51:07.0765 7416 abp480n5 - ok

11:51:07.0812 7416 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

11:51:09.0343 7416 ACPI - ok

11:51:09.0375 7416 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

11:51:09.0500 7416 ACPIEC - ok

11:51:09.0500 7416 adpu160m - ok

11:51:09.0531 7416 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

11:51:09.0640 7416 aec - ok

11:51:09.0656 7416 [ 2C5C22990156A1063E19AD162191DC1D ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys

11:51:09.0671 7416 AegisP ( UnsignedFile.Multi.Generic ) - warning

11:51:09.0671 7416 AegisP - detected UnsignedFile.Multi.Generic (1)

11:51:09.0703 7416 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

11:51:09.0765 7416 AFD - ok

11:51:09.0765 7416 Aha154x - ok

11:51:09.0765 7416 aic78u2 - ok

11:51:09.0781 7416 aic78xx - ok

11:51:09.0828 7416 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

11:51:09.0937 7416 Alerter - ok

11:51:09.0953 7416 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

11:51:10.0062 7416 ALG - ok

11:51:10.0078 7416 AliIde - ok

11:51:10.0078 7416 amsint - ok

11:51:10.0156 7416 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

11:51:10.0171 7416 Apple Mobile Device - ok

11:51:10.0171 7416 AppMgmt - ok

11:51:10.0203 7416 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys

11:51:10.0312 7416 Arp1394 - ok

11:51:10.0328 7416 asc - ok

11:51:10.0328 7416 asc3350p - ok

11:51:10.0328 7416 asc3550 - ok

11:51:10.0406 7416 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

11:51:10.0421 7416 aspnet_state - ok

11:51:10.0453 7416 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

11:51:10.0531 7416 AsyncMac - ok

11:51:10.0578 7416 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

11:51:10.0687 7416 atapi - ok

11:51:10.0703 7416 Atdisk - ok

11:51:10.0734 7416 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

11:51:10.0828 7416 Atmarpc - ok

11:51:10.0859 7416 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

11:51:10.0968 7416 AudioSrv - ok

11:51:10.0984 7416 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

11:51:11.0078 7416 audstub - ok

11:51:11.0125 7416 [ 38CA1443660D0F5F06887C6A2E692AEB ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

11:51:11.0171 7416 BCM43XX - ok

11:51:11.0234 7416 [ EF192AC8664700136C9021A79DA28700 ] BCSWAP C:\WINDOWS\system32\drivers\BCSWAP.sys

11:51:11.0375 7416 BCSWAP - ok

11:51:11.0437 7416 [ 718F751F4530E5ED37D7F1D3A0540AC9 ] BCWipeSvc C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe

11:51:11.0437 7416 BCWipeSvc - ok

11:51:11.0468 7416 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

11:51:11.0578 7416 Beep - ok

11:51:11.0593 7416 bgsvcgen - ok

11:51:11.0625 7416 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

11:51:11.0656 7416 Bonjour Service - ok

11:51:11.0671 7416 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll

11:51:11.0765 7416 Browser - ok

11:51:11.0875 7416 catchme - ok

11:51:11.0890 7416 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

11:51:12.0000 7416 cbidf2k - ok

11:51:12.0031 7416 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

11:51:12.0125 7416 CCDECODE - ok

11:51:12.0125 7416 cd20xrnt - ok

11:51:12.0140 7416 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

11:51:12.0250 7416 Cdaudio - ok

11:51:12.0281 7416 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

11:51:12.0390 7416 Cdfs - ok

11:51:12.0406 7416 [ E0042BD5BEF17A6A3EF1DF576BDE24D1 ] cdrbsdrv C:\WINDOWS\system32\drivers\cdrbsdrv.sys

11:51:12.0421 7416 cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning

11:51:12.0421 7416 cdrbsdrv - detected UnsignedFile.Multi.Generic (1)

11:51:12.0437 7416 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

11:51:12.0531 7416 Cdrom - ok

11:51:12.0531 7416 Changer - ok

11:51:12.0562 7416 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

11:51:12.0656 7416 CiSvc - ok

11:51:12.0687 7416 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

11:51:12.0781 7416 ClipSrv - ok

11:51:12.0812 7416 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

11:51:12.0875 7416 clr_optimization_v2.0.50727_32 - ok

11:51:12.0875 7416 CmdIde - ok

11:51:12.0875 7416 COMSysApp - ok

11:51:12.0890 7416 Cpqarray - ok

11:51:12.0921 7416 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys

11:51:12.0937 7416 cpudrv - ok

11:51:12.0968 7416 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

11:51:13.0062 7416 CryptSvc - ok

11:51:13.0062 7416 dac2w2k - ok

11:51:13.0078 7416 dac960nt - ok

11:51:13.0109 7416 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

11:51:13.0203 7416 DcomLaunch - ok

11:51:13.0218 7416 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

11:51:13.0328 7416 Dhcp - ok

11:51:13.0343 7416 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

11:51:13.0453 7416 Disk - ok

11:51:13.0453 7416 dmadmin - ok

11:51:13.0500 7416 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

11:51:13.0625 7416 dmboot - ok

11:51:13.0640 7416 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

11:51:13.0750 7416 dmio - ok

11:51:13.0765 7416 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

11:51:13.0859 7416 dmload - ok

11:51:13.0890 7416 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

11:51:14.0000 7416 dmserver - ok

11:51:14.0015 7416 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

11:51:14.0109 7416 DMusic - ok

11:51:14.0140 7416 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

11:51:14.0218 7416 Dnscache - ok

11:51:14.0250 7416 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

11:51:14.0343 7416 Dot3svc - ok

11:51:14.0343 7416 dpti2o - ok

11:51:14.0359 7416 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

11:51:14.0468 7416 drmkaud - ok

11:51:14.0468 7416 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

11:51:14.0578 7416 EapHost - ok

11:51:14.0609 7416 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

11:51:14.0718 7416 ERSvc - ok

11:51:14.0734 7416 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

11:51:14.0781 7416 Eventlog - ok

11:51:14.0828 7416 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

11:51:14.0890 7416 EventSystem - ok

11:51:14.0937 7416 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

11:51:15.0046 7416 Fastfat - ok

11:51:15.0078 7416 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

11:51:15.0140 7416 FastUserSwitchingCompatibility - ok

11:51:15.0156 7416 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys

11:51:15.0265 7416 Fdc - ok

11:51:15.0281 7416 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

11:51:15.0375 7416 Fips - ok

11:51:15.0390 7416 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys

11:51:15.0468 7416 Flpydisk - ok

11:51:15.0500 7416 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

11:51:15.0593 7416 FltMgr - ok

11:51:15.0640 7416 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

11:51:15.0656 7416 FontCache3.0.0.0 - ok

11:51:15.0671 7416 [ E9CFA6E1FF5A64CB1D2274B2CB4BA548 ] fsh C:\WINDOWS\system32\drivers\fsh.sys

11:51:15.0687 7416 fsh - ok

11:51:15.0687 7416 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

11:51:15.0796 7416 Fs_Rec - ok

11:51:15.0796 7416 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

11:51:15.0906 7416 Ftdisk - ok

11:51:15.0953 7416 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

11:51:15.0953 7416 GEARAspiWDM - ok

11:51:15.0984 7416 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

11:51:16.0093 7416 Gpc - ok

11:51:16.0109 7416 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

11:51:16.0218 7416 HDAudBus - ok

11:51:16.0281 7416 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

11:51:16.0390 7416 helpsvc - ok

11:51:16.0390 7416 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll

11:51:16.0484 7416 HidServ - ok

11:51:16.0515 7416 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys

11:51:16.0593 7416 hidusb - ok

11:51:16.0640 7416 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

11:51:16.0734 7416 hkmsvc - ok

11:51:16.0734 7416 hpn - ok

11:51:16.0765 7416 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

11:51:16.0812 7416 HTTP - ok

11:51:16.0843 7416 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

11:51:16.0937 7416 HTTPFilter - ok

11:51:16.0937 7416 i2omgmt - ok

11:51:16.0953 7416 i2omp - ok

11:51:16.0968 7416 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys

11:51:17.0062 7416 i8042prt - ok

11:51:17.0218 7416 [ 66A685B05066683621920BC14A45CFE8 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

11:51:17.0640 7416 ialm - ok

11:51:17.0718 7416 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

11:51:17.0765 7416 idsvc - ok

11:51:17.0781 7416 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

11:51:17.0875 7416 Imapi - ok

11:51:17.0906 7416 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

11:51:18.0015 7416 ImapiService - ok

11:51:18.0015 7416 ini910u - ok

11:51:18.0156 7416 [ 909D03B3B7FB7C830B74F74F4D0EA7CE ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys

11:51:18.0312 7416 IntcAzAudAddService - ok

11:51:18.0312 7416 IntelIde - ok

11:51:18.0328 7416 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

11:51:18.0421 7416 intelppm - ok

11:51:18.0453 7416 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

11:51:18.0562 7416 Ip6Fw - ok

11:51:18.0578 7416 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

11:51:18.0671 7416 IpInIp - ok

11:51:18.0687 7416 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

11:51:18.0796 7416 IpNat - ok

11:51:18.0843 7416 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

11:51:18.0875 7416 iPod Service - ok

11:51:18.0906 7416 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

11:51:19.0000 7416 IPSec - ok

11:51:19.0015 7416 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

11:51:19.0125 7416 IRENUM - ok

11:51:19.0140 7416 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

11:51:19.0250 7416 isapnp - ok

11:51:19.0296 7416 [ 4F2143570D2250CA4C4A4C98553C82CD ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

11:51:19.0312 7416 JavaQuickStarterService - ok

11:51:19.0312 7416 jgie - ok

11:51:19.0328 7416 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

11:51:19.0437 7416 Kbdclass - ok

11:51:19.0453 7416 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys

11:51:19.0546 7416 kbdhid - ok

11:51:19.0578 7416 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

11:51:19.0687 7416 kmixer - ok

11:51:19.0703 7416 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

11:51:19.0765 7416 KSecDD - ok

11:51:19.0796 7416 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

11:51:19.0859 7416 lanmanserver - ok

11:51:19.0906 7416 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

11:51:19.0953 7416 lanmanworkstation - ok

11:51:19.0968 7416 lbrtfdc - ok

11:51:20.0015 7416 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

11:51:20.0109 7416 LmHosts - ok

11:51:20.0140 7416 [ 8FD868E32459ECE2A1BB0169F513D31E ] mcdbus C:\WINDOWS\system32\DRIVERS\mcdbus.sys

11:51:20.0156 7416 mcdbus ( UnsignedFile.Multi.Generic ) - warning

11:51:20.0156 7416 mcdbus - detected UnsignedFile.Multi.Generic (1)

11:51:20.0171 7416 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

11:51:20.0281 7416 Messenger - ok

11:51:20.0312 7416 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

11:51:20.0406 7416 mnmdd - ok

11:51:20.0437 7416 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

11:51:20.0531 7416 mnmsrvc - ok

11:51:20.0546 7416 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

11:51:20.0640 7416 Modem - ok

11:51:20.0656 7416 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

11:51:20.0765 7416 Mouclass - ok

11:51:20.0781 7416 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

11:51:20.0890 7416 mouhid - ok

11:51:20.0906 7416 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

11:51:21.0000 7416 MountMgr - ok

11:51:21.0062 7416 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

11:51:21.0078 7416 MozillaMaintenance - ok

11:51:21.0078 7416 mraid35x - ok

11:51:21.0093 7416 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

11:51:21.0203 7416 MRxDAV - ok

11:51:21.0234 7416 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

11:51:21.0296 7416 MRxSmb - ok

11:51:21.0328 7416 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

11:51:21.0437 7416 MSDTC - ok

11:51:21.0437 7416 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

11:51:21.0531 7416 Msfs - ok

11:51:21.0531 7416 MSIServer - ok

11:51:21.0562 7416 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

11:51:21.0671 7416 MSKSSRV - ok

11:51:21.0671 7416 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

11:51:21.0765 7416 MSPCLOCK - ok

11:51:21.0781 7416 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

11:51:21.0875 7416 MSPQM - ok

11:51:21.0890 7416 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

11:51:22.0000 7416 mssmbios - ok

11:51:22.0015 7416 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys

11:51:22.0125 7416 MSTEE - ok

11:51:22.0156 7416 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

11:51:22.0171 7416 Mup - ok

11:51:22.0203 7416 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

11:51:22.0296 7416 NABTSFEC - ok

11:51:22.0343 7416 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

11:51:22.0453 7416 napagent - ok

11:51:22.0484 7416 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

11:51:22.0578 7416 NDIS - ok

11:51:22.0593 7416 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys

11:51:22.0703 7416 NdisIP - ok

11:51:22.0734 7416 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

11:51:22.0765 7416 NdisTapi - ok

11:51:22.0796 7416 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

11:51:22.0906 7416 Ndisuio - ok

11:51:22.0906 7416 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

11:51:23.0015 7416 NdisWan - ok

11:51:23.0031 7416 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

11:51:23.0078 7416 NDProxy - ok

11:51:23.0093 7416 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

11:51:23.0203 7416 NetBIOS - ok

11:51:23.0218 7416 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

11:51:23.0328 7416 NetBT - ok

11:51:23.0359 7416 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

11:51:23.0468 7416 NetDDE - ok

11:51:23.0468 7416 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

11:51:23.0562 7416 NetDDEdsdm - ok

11:51:23.0578 7416 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

11:51:23.0671 7416 Netlogon - ok

11:51:23.0687 7416 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

11:51:23.0781 7416 Netman - ok

11:51:23.0828 7416 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

11:51:23.0843 7416 NetTcpPortSharing - ok

11:51:23.0875 7416 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys

11:51:23.0984 7416 NIC1394 - ok

11:51:24.0015 7416 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

11:51:24.0062 7416 Nla - ok

11:51:24.0078 7416 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys

11:51:24.0171 7416 nm - ok

11:51:24.0187 7416 [ 6623E51595C0076755C29C00846C4EB2 ] NPF C:\WINDOWS\system32\drivers\npf.sys

11:51:24.0203 7416 NPF - ok

11:51:24.0218 7416 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

11:51:24.0312 7416 Npfs - ok

11:51:24.0343 7416 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

11:51:24.0453 7416 Ntfs - ok

11:51:24.0468 7416 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

11:51:24.0546 7416 NtLmSsp - ok

11:51:24.0609 7416 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

11:51:24.0734 7416 NtmsSvc - ok

11:51:24.0750 7416 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

11:51:24.0843 7416 Null - ok

11:51:24.0859 7416 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

11:51:24.0984 7416 NwlnkFlt - ok

11:51:24.0984 7416 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

11:51:25.0078 7416 NwlnkFwd - ok

11:51:25.0187 7416 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

11:51:25.0203 7416 odserv - ok

11:51:25.0234 7416 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys

11:51:25.0343 7416 ohci1394 - ok

11:51:25.0390 7416 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

11:51:25.0406 7416 ose - ok

11:51:25.0468 7416 [ 77CDC6C43D8C3E05D0E21B36EAABEBAE ] PanService C:\Program Files\PANDORA.TV\PanService\PandoraService.exe

11:51:25.0500 7416 PanService - ok

11:51:25.0531 7416 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys

11:51:25.0625 7416 Parport - ok

11:51:25.0640 7416 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

11:51:25.0750 7416 PartMgr - ok

11:51:25.0765 7416 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

11:51:25.0875 7416 ParVdm - ok

11:51:25.0875 7416 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

11:51:25.0984 7416 PCI - ok

11:51:25.0984 7416 PCIDump - ok

11:51:25.0984 7416 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

11:51:26.0093 7416 PCIIde - ok

11:51:26.0109 7416 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

11:51:26.0203 7416 Pcmcia - ok

11:51:26.0218 7416 PDCOMP - ok

11:51:26.0218 7416 PDFRAME - ok

11:51:26.0218 7416 PDRELI - ok

11:51:26.0218 7416 PDRFRAME - ok

11:51:26.0234 7416 perc2 - ok

11:51:26.0234 7416 perc2hib - ok

11:51:26.0265 7416 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

11:51:26.0312 7416 PlugPlay - ok

11:51:26.0328 7416 [ D31F88C5F19EEFA366A415D6BC5F2ABC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe

11:51:26.0375 7416 Pml Driver HPZ12 - ok

11:51:26.0375 7416 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

11:51:26.0453 7416 PolicyAgent - ok

11:51:26.0484 7416 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

11:51:26.0593 7416 PptpMiniport - ok

11:51:26.0593 7416 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

11:51:26.0687 7416 ProtectedStorage - ok

11:51:26.0687 7416 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

11:51:26.0796 7416 PSched - ok

11:51:26.0812 7416 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

11:51:26.0906 7416 Ptilink - ok

11:51:26.0921 7416 ql1080 - ok

11:51:26.0921 7416 Ql10wnt - ok

11:51:26.0921 7416 ql12160 - ok

11:51:26.0921 7416 ql1240 - ok

11:51:26.0937 7416 ql1280 - ok

11:51:26.0953 7416 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

11:51:27.0046 7416 RasAcd - ok

11:51:27.0062 7416 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

11:51:27.0156 7416 RasAuto - ok

11:51:27.0171 7416 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

11:51:27.0265 7416 Rasl2tp - ok

11:51:27.0296 7416 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

11:51:27.0390 7416 RasMan - ok

11:51:27.0390 7416 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

11:51:27.0484 7416 RasPppoe - ok

11:51:27.0500 7416 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

11:51:27.0609 7416 Raspti - ok

11:51:27.0625 7416 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

11:51:27.0734 7416 Rdbss - ok

11:51:27.0750 7416 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

11:51:27.0843 7416 RDPCDD - ok

11:51:27.0875 7416 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

11:51:27.0937 7416 RDPWD - ok

11:51:27.0968 7416 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

11:51:28.0078 7416 RDSessMgr - ok

11:51:28.0078 7416 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

11:51:28.0171 7416 redbook - ok

11:51:28.0203 7416 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

11:51:28.0281 7416 RemoteAccess - ok

11:51:28.0328 7416 [ E51A8D02B4BD33EBA1F7A5B76C3766ED ] rpcapd C:\Program Files\WinPcap\rpcapd.exe

11:51:28.0328 7416 rpcapd - ok

11:51:28.0375 7416 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

11:51:28.0468 7416 RpcLocator - ok

11:51:28.0500 7416 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll

11:51:28.0546 7416 RpcSs - ok

11:51:28.0578 7416 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

11:51:28.0687 7416 RSVP - ok

11:51:28.0703 7416 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

11:51:28.0796 7416 SamSs - ok

11:51:28.0843 7416 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

11:51:28.0937 7416 SCardSvr - ok

11:51:28.0968 7416 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

11:51:29.0078 7416 Schedule - ok

11:51:29.0093 7416 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

11:51:29.0187 7416 Secdrv - ok

11:51:29.0203 7416 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

11:51:29.0296 7416 seclogon - ok

11:51:29.0296 7416 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

11:51:29.0406 7416 SENS - ok

11:51:29.0421 7416 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys

11:51:29.0531 7416 Serial - ok

11:51:29.0562 7416 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

11:51:29.0656 7416 Sfloppy - ok

11:51:29.0687 7416 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

11:51:29.0812 7416 SharedAccess - ok

11:51:29.0828 7416 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

11:51:29.0843 7416 ShellHWDetection - ok

11:51:29.0859 7416 Simbad - ok

11:51:29.0875 7416 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys

11:51:29.0968 7416 SLIP - ok

11:51:29.0968 7416 Sparrow - ok

11:51:30.0015 7416 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

11:51:30.0109 7416 splitter - ok

11:51:30.0140 7416 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

11:51:30.0187 7416 Spooler - ok

11:51:30.0218 7416 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

11:51:30.0312 7416 sr - ok

11:51:30.0343 7416 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

11:51:30.0421 7416 srservice - ok

11:51:30.0468 7416 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

11:51:30.0546 7416 Srv - ok

11:51:30.0578 7416 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

11:51:30.0687 7416 SSDPSRV - ok

11:51:30.0718 7416 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

11:51:30.0812 7416 stisvc - ok

11:51:30.0828 7416 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys

11:51:30.0921 7416 streamip - ok

11:51:30.0953 7416 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

11:51:31.0062 7416 swenum - ok

11:51:31.0156 7416 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

11:51:31.0187 7416 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning

11:51:31.0187 7416 SwitchBoard - detected UnsignedFile.Multi.Generic (1)

11:51:31.0203 7416 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

11:51:31.0296 7416 swmidi - ok

11:51:31.0296 7416 SwPrv - ok

11:51:31.0296 7416 symc810 - ok

11:51:31.0312 7416 symc8xx - ok

11:51:31.0312 7416 sym_hi - ok

11:51:31.0312 7416 sym_u3 - ok

11:51:31.0328 7416 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

11:51:31.0421 7416 sysaudio - ok

11:51:31.0453 7416 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

11:51:31.0546 7416 SysmonLog - ok

11:51:31.0578 7416 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

11:51:31.0671 7416 TapiSrv - ok

11:51:31.0718 7416 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

11:51:31.0765 7416 Tcpip - ok

11:51:31.0796 7416 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

11:51:31.0906 7416 TDPIPE - ok

11:51:31.0921 7416 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

11:51:32.0015 7416 TDTCP - ok

11:51:32.0031 7416 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

11:51:32.0140 7416 TermDD - ok

11:51:32.0171 7416 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

11:51:32.0281 7416 TermService - ok

11:51:32.0296 7416 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

11:51:32.0312 7416 Themes - ok

11:51:32.0312 7416 TosIde - ok

11:51:32.0328 7416 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

11:51:32.0421 7416 TrkWks - ok

11:51:32.0453 7416 [ ED5E4CE36C54F55E7698642E94D32EC7 ] truecrypt C:\WINDOWS\system32\drivers\truecrypt.sys

11:51:32.0468 7416 truecrypt - ok

11:51:32.0500 7416 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

11:51:32.0609 7416 Udfs - ok

11:51:32.0609 7416 ultra - ok

11:51:32.0640 7416 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe

11:51:32.0671 7416 UMWdf - ok

11:51:32.0718 7416 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

11:51:32.0812 7416 Update - ok

11:51:32.0843 7416 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

11:51:32.0953 7416 upnphost - ok

11:51:32.0968 7416 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

11:51:33.0078 7416 UPS - ok

11:51:33.0109 7416 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys

11:51:33.0125 7416 USBAAPL - ok

11:51:33.0156 7416 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys

11:51:33.0265 7416 usbaudio - ok

11:51:33.0296 7416 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

11:51:33.0390 7416 usbccgp - ok

11:51:33.0421 7416 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

11:51:33.0515 7416 usbehci - ok

11:51:33.0546 7416 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

11:51:33.0640 7416 usbhub - ok

11:51:33.0671 7416 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

11:51:33.0765 7416 usbprint - ok

11:51:33.0812 7416 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

11:51:33.0921 7416 usbscan - ok

11:51:33.0921 7416 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

11:51:34.0015 7416 usbstor - ok

11:51:34.0046 7416 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

11:51:34.0140 7416 usbuhci - ok

11:51:34.0171 7416 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys

11:51:34.0250 7416 usbvideo - ok

11:51:34.0281 7416 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

11:51:34.0359 7416 VgaSave - ok

11:51:34.0375 7416 ViaIde - ok

11:51:34.0406 7416 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

11:51:34.0500 7416 VolSnap - ok

11:51:34.0531 7416 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

11:51:34.0640 7416 VSS - ok

11:51:34.0656 7416 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

11:51:34.0765 7416 W32Time - ok

11:51:34.0781 7416 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

11:51:34.0890 7416 Wanarp - ok

11:51:34.0890 7416 WDICA - ok

11:51:34.0921 7416 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

11:51:35.0015 7416 wdmaud - ok

11:51:35.0046 7416 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

11:51:35.0140 7416 WebClient - ok

11:51:35.0203 7416 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

11:51:35.0296 7416 winmgmt - ok

11:51:35.0312 7416 wltrysvc - ok

11:51:35.0328 7416 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

11:51:35.0359 7416 WmdmPmSN - ok

11:51:35.0390 7416 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

11:51:35.0484 7416 WmiApSrv - ok

11:51:35.0515 7416 [ 1385E5AA9C9821790D33A9563B8D2DD0 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys

11:51:35.0531 7416 WpdUsb - ok

11:51:35.0546 7416 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys

11:51:35.0656 7416 WS2IFSL - ok

11:51:35.0671 7416 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

11:51:35.0781 7416 wscsvc - ok

11:51:35.0796 7416 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

11:51:35.0890 7416 WSTCODEC - ok

11:51:35.0906 7416 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

11:51:36.0000 7416 wuauserv - ok

11:51:36.0031 7416 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

11:51:36.0156 7416 WZCSVC - ok

11:51:36.0171 7416 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

11:51:36.0281 7416 xmlprov - ok

11:51:36.0312 7416 [ 4322C32CED8C4772E039616DCBF01D3F ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys

11:51:36.0343 7416 yukonwxp - ok

11:51:36.0359 7416 ================ Scan global ===============================

11:51:36.0375 7416 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

11:51:36.0421 7416 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

11:51:36.0437 7416 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

11:51:36.0437 7416 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

11:51:36.0437 7416 [Global] - ok

11:51:36.0437 7416 ================ Scan MBR ==================================

11:51:36.0468 7416 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

11:51:36.0640 7416 \Device\Harddisk0\DR0 - ok

11:51:36.0640 7416 ================ Scan VBR ==================================

11:51:36.0640 7416 [ 0ED9F068C98F30FE9300FB6E810CF3A2 ] \Device\Harddisk0\DR0\Partition1

11:51:36.0640 7416 \Device\Harddisk0\DR0\Partition1 - ok

11:51:36.0640 7416 ============================================================

11:51:36.0640 7416 Scan finished

11:51:36.0640 7416 ============================================================

11:51:36.0750 7228 Detected object count: 4

11:51:36.0750 7228 Actual detected object count: 4

11:51:46.0625 7228 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user

11:51:46.0625 7228 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:51:46.0625 7228 cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user

11:51:46.0625 7228 cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:51:46.0625 7228 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user

11:51:46.0625 7228 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:51:46.0640 7228 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user

11:51:46.0640 7228 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

I have since deleted the old logs. Ran CF again and it updated. No Rootkit detection and in ran normally! It did however delete the same files as before. Don't know why they keep coming back. Also, I have not for the longest time been able to delete the CF folder "Qoobox". It contains a subfolder named "BackEnv" to which "access is denied". Therefore I cannot open or delete it. Any ideas for this? Here is the CF log. Thanks.

ComboFix 12-08-25.04 - Nick 08/25/2012 13:29:07.34.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.531 [GMT -5:00]

Running from: c:\documents and settings\Nick\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\wifiap.dll

c:\windows\system32\wifimon.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-25 to 2012-08-25 )))))))))))))))))))))))))))))))

.

.

2012-08-24 16:44 . 2012-08-24 16:52 -------- d-----w- c:\documents and settings\Administrator

2012-08-12 18:18 . 2012-08-12 18:18 -------- d-----w- c:\documents and settings\Nick\Local Settings\Application Data\Sun

2012-08-11 21:34 . 2012-08-24 01:41 192531 ----a-w- c:\windows\system32\wifiap.exe

2012-08-11 21:31 . 2012-08-11 21:31 -------- d-----w- c:\program files\Oracle

2012-08-11 21:31 . 2012-08-11 21:31 -------- d-----w- c:\documents and settings\Nick\Application Data\Oracle

2012-08-11 21:30 . 2012-08-11 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2012-08-05 17:43 . 2012-08-05 17:43 -------- d-----w- c:\program files\iPod

2012-08-05 17:43 . 2012-08-05 17:43 -------- d-----w- c:\program files\iTunes

2012-08-05 17:39 . 2012-08-05 17:39 -------- d-----w- c:\program files\Bonjour

2012-08-04 20:55 . 2006-03-04 02:03 282680 ----a-w- c:\windows\system32\HPZidr12.dll

2012-08-04 20:55 . 2006-03-04 02:03 65536 ----a-w- c:\windows\system32\HPZinw12.exe

2012-08-04 20:55 . 2006-03-04 02:03 69632 ----a-w- c:\windows\system32\HPZipm12.exe

2012-08-04 20:55 . 2006-03-04 02:02 204800 ----a-w- c:\windows\system32\HPZipr12.dll

2012-08-04 20:55 . 2006-03-04 02:02 94208 ----a-w- c:\windows\system32\HPZipt12.dll

2012-08-04 20:55 . 2006-03-04 02:02 57344 ----a-w- c:\windows\system32\HPZisn12.dll

2012-08-04 20:55 . 1998-10-29 21:45 306688 ----a-w- c:\windows\IsUninst.exe

2012-08-04 20:54 . 2012-08-04 21:10 -------- d-----w- c:\program files\HP

2012-08-04 20:54 . 2006-06-22 03:03 56 ----a-w- C:\ut9x.bat

2012-08-04 20:54 . 2006-06-19 21:08 54 ----a-w- C:\ut.bat

2012-08-04 20:35 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys

2012-08-04 20:35 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2012-07-30 21:52 . 2012-07-30 21:52 103904 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-24 17:35 . 2006-02-28 12:00 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2012-07-30 02:36 . 2012-04-13 03:41 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-30 02:36 . 2011-05-22 08:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-11 23:45 . 2012-07-11 23:45 231760 ----a-w- c:\windows\system32\drivers\truecrypt.sys

2012-07-06 13:58 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-06 03:07 . 2012-06-17 00:03 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-07-06 03:06 . 2010-07-27 05:10 687544 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-04 14:05 . 2006-01-01 06:26 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 18:46 . 2011-04-29 02:23 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 13:40 . 2006-02-28 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-02 17:49 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec

2012-06-17 00:03 . 2012-06-17 00:03 476936 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-06-07 01:59 . 2012-06-07 01:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-05 15:50 . 2010-07-27 01:09 1372672 ------w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32 . 2006-02-28 12:00 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 20:19 . 2009-08-07 01:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 20:19 . 2009-08-07 01:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 20:19 . 2006-01-01 06:28 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 20:19 . 2006-01-01 06:28 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 20:19 . 2006-01-01 06:28 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 20:19 . 2009-08-07 01:24 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 20:19 . 2009-08-07 01:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 20:19 . 2006-02-28 12:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 20:19 . 2006-01-01 06:28 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 20:19 . 2006-01-01 06:28 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 20:19 . 2009-08-07 01:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 20:19 . 2006-01-01 06:28 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 20:19 . 2006-01-01 06:28 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 20:18 . 2010-11-10 22:54 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 20:18 . 2010-11-10 22:54 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 20:18 . 2010-11-10 22:54 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-06-01 01:00 . 2012-06-01 01:00 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-06-01 01:00 . 2012-06-01 01:00 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-07-19 03:05 . 2012-04-16 22:22 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WIFIServiceAP"="c:\windows\system32\wifiap.exe" [2012-08-24 192531]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]

"RTHDCPL"="RTHDCPL.EXE" [2006-08-10 16248320]

"SkyTel"="SkyTel.EXE" [2006-08-10 2879488]

"BCWipeTM Startup"="c:\program files\Jetico\BCWipe\BCWipeTM.exe" [2010-03-04 992568]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-12 143360]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-12 172032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-12 143360]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-06-01 296056]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

.

R1 fsh;fsh;c:\windows\system32\drivers\fsh.sys [7/23/2009 11:55 PM 39360]

R2 BCWipeSvc;BCWipe service;c:\program files\Jetico\BCWipe\BCWipeSvc.exe [12/24/2009 10:56 PM 95544]

R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [4/30/2012 1:47 AM 624856]

S0 jgie;jgie;c:\windows\system32\drivers\mjpc.sys --> c:\windows\system32\drivers\mjpc.sys [?]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/26/2012 5:12 PM 113120]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 3:22 PM 34064]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]

S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\bcswap.sys [7/23/2009 11:55 PM 92096]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 46264685

*Deregistered* - 46264685

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-25 c:\windows\Tasks\AdobeAAMUpdater-1.0-USER-Nick.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-05-15 08:44]

.

2012-08-12 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = <local>;*.local

IE: Free YouTube to iPod Converter - c:\documents and settings\Nick\Application Data\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Nick\Start Menu\Programs\IMVU\Run IMVU.lnk

TCP: DhcpNameServer = 192.168.0.1 205.171.2.65

FF - ProfilePath - c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\flfgd2ka.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-25 13:32

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1343024091-413027322-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ð]

@Class="Shell"

.

[HKEY_USERS\S-1-5-21-1343024091-413027322-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ð\OpenWithList]

@Class="Shell"

"a"="WINWORD.EXE"

"MRUList"="a"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(732)

c:\windows\System32\BCMLogon.dll

.

Completion time: 2012-08-25 13:34:05

ComboFix-quarantined-files.txt 2012-08-25 18:34

.

Pre-Run: 24,286,773,248 bytes free

Post-Run: 24,274,800,640 bytes free

.

- - End Of File - - B2E1403DB1A831EEA677F8D8183D3430

Link to post
Share on other sites

It contains a subfolder named "BackEnv" to which "access is denied". Therefore I cannot open or delete it. Any ideas for this? Here is the CF log. Thanks.

ComboFix has to be uninstalled and not deleted.

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Here is MBAM log. Appears computer is back to normal except this CF folder. Its been there since last infection over a year ago. Forgot to mention that this is after the proper combofix /uninstall. Folder still remains with "access is denied". Quite vexing. Any ideas would be appreciated.

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.25.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Nick :: USER [administrator]

8/25/2012 2:34:00 PM

mbam-log-2012-08-25 (14-34-00).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 204192

Time elapsed: 2 minute(s), 38 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

See if this does it:

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

MrC

Link to post
Share on other sites

Download BlitzBlank and save it to your desktop.

http://download1.ems.../BlitzBlank.exe

Open Blitzblank.exe

Click OK at the warning (and take note of it, this is a VERY powerful tool!).

Click the Script tab and copy/paste the following text there:

DeleteFolder:

C:\Qoobox

Click Execute Now. Your computer will need to reboot in order to replace the files.

When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\

MrC

Link to post
Share on other sites

Here is the log. It appears it didn't work. The folder is still there. Stubborn thing.

BlitzBlank 1.0.0.32

File/Registry Modification Engine native application

MoveDirectoryOnReboot: sourceDirectory = "\??\c:\qoobox", destinationDirectory = "(null)", replaceWithDummy = 0

MoveDirectoryOnReboot: sourceDirectory = "\??\c:\qoobox\BackEnv", destinationDirectory = "(null)", replaceWithDummy = 0

MoveDirectoryOnReboot: ZwCreateFile(sourceDirectory) failed: status = c0000022

MoveDirectoryOnReboot: ProcessElement failed: status = c0000022

Link to post
Share on other sites

Please download GrantPerms.zip and save it to your desktop.

http://download.blee.../GrantPerms.zip

Unzip the file and run GrantPerms.exe

Copy and paste the following in the edit box:

C:\Qoobox

Click Unlock. When it is done click "OK".

Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.

MrC

Link to post
Share on other sites

Thanks MrC. This worked. I did look into file permissions some time ago but it was quite confussing. Thanks for all your help

GrantPerms by Farbar

Ran by Nick (administrator) at 2012-08-25 18:16:04

===============================================

\\?\C:\Qoobox\BackEnv

Owner: BUILTIN\Administrators

DACL(NP)(AI):

Everyone FULL ALLOW (I)

Everyone FULL ALLOW (CI)(OI)(IO)(I)

BUILTIN\Administrators FULL ALLOW (CI)(OI)(I)

NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)(I)

CREATOR OWNER FULL ALLOW (CI)(OI)(IO)(I)

BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)(I)

BUILTIN\Users ADD SUBDIRECTORY ALLOW (CI)(I)

BUILTIN\Users ADD FILE ALLOW (CI)(I)

Link to post
Share on other sites

Great thumbsup.gif

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassociates.com/OT-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.