Jump to content

svchost.exe problem


Recommended Posts

I have a problem on one of my user accounts where svchost.exe presents problems to me when I am trying to work. It doesn't allow me to open programs, it disables Windows Audio, it changes my theme, etc. I am on my Administrator account, and it seems to be running smoothly, but I cannot run off of my Admin account because the settings I use on my personal account took a long time to figure out and get just right, and now I am running with the default. While on my infected account, Malwarebytes gives me a popup about a mallicous website (an IP address) is being blocked. I am running both Malwarebytes Pro, and AVG Internet Security 2011, and neither of them found anything. Please help!

I am running Windows XP, SP3.

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

------->Your topic will be closed if you haven't replied within 3 days!<--------

Link to post
Share on other sites

See if you can run TDSSKiller from the good account:

Please read the directions carefully so you don't end up deleting something that is good!!

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

I had one entry like this: \Device\Harddisk0\DR0 ( TDSS File System ) that I accidentally cured, just for an FYI.

18:02:32.0892 2512 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

18:02:34.0907 2512 ============================================================

18:02:34.0907 2512 Current date / time: 2012/10/11 18:02:34.0907

18:02:34.0907 2512 SystemInfo:

18:02:34.0907 2512

18:02:34.0907 2512 OS Version: 5.1.2600 ServicePack: 3.0

18:02:34.0907 2512 Product type: Workstation

18:02:34.0907 2512 ComputerName: MITCHELL-DELL

18:02:34.0907 2512 UserName: Administrator

18:02:34.0907 2512 Windows directory: C:\WINDOWS

18:02:34.0907 2512 System windows directory: C:\WINDOWS

18:02:34.0907 2512 Processor architecture: Intel x86

18:02:34.0907 2512 Number of processors: 2

18:02:34.0907 2512 Page size: 0x1000

18:02:34.0907 2512 Boot type: Normal boot

18:02:34.0907 2512 ============================================================

18:02:35.0813 2512 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

18:02:35.0813 2512 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

18:02:36.0047 2512 ============================================================

18:02:36.0047 2512 \Device\Harddisk0\DR0:

18:02:36.0047 2512 MBR partitions:

18:02:36.0047 2512 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x53000, BlocksNum 0x3894A800

18:02:36.0047 2512 \Device\Harddisk1\DR1:

18:02:36.0047 2512 MBR partitions:

18:02:36.0047 2512 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982

18:02:36.0047 2512 ============================================================

18:02:36.0094 2512 C: <-> \Device\Harddisk0\DR0\Partition1

18:02:36.0094 2512 E: <-> \Device\Harddisk1\DR1\Partition1

18:02:36.0094 2512 ============================================================

18:02:36.0094 2512 Initialize success

18:02:36.0094 2512 ============================================================

18:03:07.0649 6008 Deinitialize success

07:00:15.0796 3260 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

07:00:15.0906 3260 ============================================================

07:00:15.0906 3260 Current date / time: 2012/10/12 07:00:15.0906

07:00:15.0906 3260 SystemInfo:

07:00:15.0906 3260

07:00:15.0906 3260 OS Version: 5.1.2600 ServicePack: 3.0

07:00:15.0906 3260 Product type: Workstation

07:00:15.0906 3260 ComputerName: MITCHELL-DELL

07:00:15.0906 3260 UserName: Administrator

07:00:15.0906 3260 Windows directory: C:\WINDOWS

07:00:15.0906 3260 System windows directory: C:\WINDOWS

07:00:15.0906 3260 Processor architecture: Intel x86

07:00:15.0906 3260 Number of processors: 2

07:00:15.0906 3260 Page size: 0x1000

07:00:15.0906 3260 Boot type: Normal boot

07:00:15.0906 3260 ============================================================

07:00:18.0218 3260 BG loaded

07:00:23.0109 3260 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

07:00:24.0062 3260 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

07:00:24.0093 3260 ============================================================

07:00:24.0093 3260 \Device\Harddisk0\DR0:

07:00:24.0109 3260 MBR partitions:

07:00:24.0109 3260 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x53000, BlocksNum 0x3894A800

07:00:24.0109 3260 \Device\Harddisk1\DR1:

07:00:24.0109 3260 MBR partitions:

07:00:24.0109 3260 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982

07:00:24.0109 3260 ============================================================

07:00:28.0718 3260 C: <-> \Device\Harddisk0\DR0\Partition1

07:00:29.0062 3260 E: <-> \Device\Harddisk1\DR1\Partition1

07:00:29.0062 3260 ============================================================

07:00:29.0062 3260 Initialize success

07:00:29.0062 3260 ============================================================

19:54:24.0046 2836 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

19:54:24.0484 2836 ============================================================

19:54:24.0484 2836 Current date / time: 2012/10/11 19:54:24.0484

19:54:24.0484 2836 SystemInfo:

19:54:24.0484 2836

19:54:24.0484 2836 OS Version: 5.1.2600 ServicePack: 3.0

19:54:24.0484 2836 Product type: Workstation

19:54:24.0484 2836 ComputerName: MITCHELL-DELL

19:54:24.0484 2836 UserName: Administrator

19:54:24.0484 2836 Windows directory: C:\WINDOWS

19:54:24.0484 2836 System windows directory: C:\WINDOWS

19:54:24.0484 2836 Processor architecture: Intel x86

19:54:24.0484 2836 Number of processors: 2

19:54:24.0484 2836 Page size: 0x1000

19:54:24.0484 2836 Boot type: Normal boot

19:54:24.0484 2836 ============================================================

19:54:28.0968 2836 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

19:54:29.0109 2836 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

19:54:29.0125 2836 ============================================================

19:54:29.0125 2836 \Device\Harddisk0\DR0:

19:54:29.0843 2836 MBR partitions:

19:54:29.0843 2836 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x53000, BlocksNum 0x3894A800

19:54:29.0843 2836 \Device\Harddisk1\DR1:

19:54:29.0843 2836 MBR partitions:

19:54:29.0843 2836 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982

19:54:29.0843 2836 ============================================================

19:54:30.0265 2836 C: <-> \Device\Harddisk0\DR0\Partition1

19:54:30.0578 2836 E: <-> \Device\Harddisk1\DR1\Partition1

19:54:30.0578 2836 ============================================================

19:54:30.0578 2836 Initialize success

19:54:30.0578 2836 ============================================================

06:57:13.0623 4980 ============================================================

06:57:13.0623 4980 Scan started

06:57:13.0623 4980 Mode: Manual;

06:57:13.0623 4980 ============================================================

06:57:14.0014 4980 ================ Scan system memory ========================

06:57:14.0014 4980 System memory - ok

06:57:14.0014 4980 ================ Scan services =============================

06:57:14.0076 4980 Abiosdsk - ok

06:57:14.0076 4980 abp480n5 - ok

06:57:14.0154 4980 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

06:57:14.0154 4980 ACDaemon - ok

06:57:14.0201 4980 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

06:57:14.0201 4980 ACPI - ok

06:57:14.0232 4980 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

06:57:14.0248 4980 ACPIEC - ok

06:57:14.0295 4980 [ 6CD368F2F066DFC507A7477F15B75EB6 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

06:57:14.0310 4980 AcrSch2Svc - ok

06:57:14.0373 4980 [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs C:\WINDOWS\system32\drivers\adfs.sys

06:57:14.0373 4980 adfs - ok

06:57:14.0420 4980 [ DE25FC7DE3A464E455C0D0012757B0AC ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys

06:57:14.0420 4980 ADIHdAudAddService - ok

06:57:14.0514 4980 [ 14C23516C990DCD6052152CF034DDE40 ] Adobe Version Cue CS3 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

06:57:14.0529 4980 Adobe Version Cue CS3 - ok

06:57:14.0576 4980 [ 57A3B9A69F14414ACE12AFD6BA701773 ] Adobe Version Cue CS4 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe

06:57:14.0607 4980 Adobe Version Cue CS4 - ok

06:57:14.0670 4980 [ 6C40D5ED8951AB7B90D08AF655224EE4 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

06:57:14.0685 4980 AdobeFlashPlayerUpdateSvc - ok

06:57:14.0685 4980 adpu160m - ok

06:57:14.0717 4980 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

06:57:14.0732 4980 aec - ok

06:57:14.0764 4980 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\WINDOWS\system32\drivers\Afc.sys

06:57:14.0764 4980 Afc - ok

06:57:14.0810 4980 [ 53696AD8FFC5FAC51949A525FF65A689 ] afcdp C:\WINDOWS\system32\DRIVERS\afcdp.sys

06:57:14.0810 4980 afcdp - ok

06:57:14.0857 4980 [ AF44F7E027037628F1FAC3C13CDE73E6 ] afcdpsrv C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe

06:57:14.0904 4980 afcdpsrv - ok

06:57:14.0951 4980 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

06:57:14.0951 4980 AFD - ok

06:57:14.0951 4980 Aha154x - ok

06:57:14.0967 4980 aic78u2 - ok

06:57:14.0967 4980 aic78xx - ok

06:57:14.0998 4980 Akamai - ok

06:57:15.0029 4980 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

06:57:15.0029 4980 Alerter - ok

06:57:15.0045 4980 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

06:57:15.0060 4980 ALG - ok

06:57:15.0060 4980 AliIde - ok

06:57:15.0060 4980 amsint - ok

06:57:15.0107 4980 [ 85ECE26F326C2D07BA77A60343468272 ] Apowersoft_AudioDevice C:\WINDOWS\system32\drivers\Apowersoft_AudioDevice.sys

06:57:15.0107 4980 Apowersoft_AudioDevice - ok

06:57:15.0185 4980 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

06:57:15.0201 4980 Apple Mobile Device - ok

06:57:15.0217 4980 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

06:57:15.0217 4980 AppMgmt - ok

06:57:15.0264 4980 [ D781CB30626FF2F391BC9EC6E20801B9 ] archlp C:\WINDOWS\system32\drivers\archlp.sys

06:57:15.0264 4980 archlp - ok

06:57:15.0264 4980 asc - ok

06:57:15.0264 4980 asc3350p - ok

06:57:15.0279 4980 asc3550 - ok

06:57:15.0373 4980 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

06:57:15.0404 4980 aspnet_state - ok

06:57:15.0420 4980 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

06:57:15.0420 4980 AsyncMac - ok

06:57:15.0451 4980 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

06:57:15.0467 4980 atapi - ok

06:57:15.0514 4980 [ 5B38D6E5FEDBCC7925597412554798BB ] atchksrv C:\Program Files\Intel\AMT\atchksrv.exe

06:57:15.0514 4980 atchksrv - ok

06:57:15.0529 4980 Atdisk - ok

06:57:15.0560 4980 [ 471087B5E1E01CC82604E81EA14781D8 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe

06:57:15.0576 4980 Ati HotKey Poller - ok

06:57:15.0607 4980 [ B979BA0120B6DB757196A8E2E873FE3C ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe

06:57:15.0607 4980 ATI Smart - ok

06:57:15.0670 4980 [ C0B86ECB324E50F6BBD529F9D5C6B24B ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

06:57:15.0701 4980 ati2mtag - ok

06:57:15.0717 4980 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

06:57:15.0717 4980 Atmarpc - ok

06:57:15.0748 4980 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

06:57:15.0748 4980 AudioSrv - ok

06:57:15.0795 4980 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

06:57:15.0795 4980 audstub - ok

06:57:15.0904 4980 [ D45B7995761253A92AB071D576114F28 ] AVG Security Toolbar Service C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe

06:57:15.0904 4980 AVG Security Toolbar Service - ok

06:57:15.0935 4980 [ 0C5941AF0B6BF2FDF378937392865217 ] Avgfwdx C:\WINDOWS\system32\DRIVERS\avgfwdx.sys

06:57:15.0967 4980 Avgfwdx - ok

06:57:15.0967 4980 [ 0C5941AF0B6BF2FDF378937392865217 ] Avgfwfd C:\WINDOWS\system32\DRIVERS\avgfwdx.sys

06:57:15.0967 4980 Avgfwfd - ok

06:57:16.0029 4980 [ 2F0C5AE2352F22B587EDC2829C971262 ] avgfws C:\Program Files\AVG\AVG10\avgfws.exe

06:57:16.0076 4980 avgfws - ok

06:57:16.0264 4980 [ 7A0F6A3E0E41425B9BA54616B482668A ] AVGIDSAgent C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

06:57:16.0295 4980 AVGIDSAgent - ok

06:57:16.0326 4980 [ 2D18221AAB3DB2D408D6C55C0F23090A ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

06:57:16.0326 4980 AVGIDSDriver - ok

06:57:16.0373 4980 [ 1AF676DB3F3D4CC709CFAB2571CF5FC3 ] AVGIDSEH C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

06:57:16.0373 4980 AVGIDSEH - ok

06:57:16.0404 4980 [ 4C51E233C87F9EC7598551DE554BC99D ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

06:57:16.0420 4980 AVGIDSFilter - ok

06:57:16.0451 4980 [ C3FC426E54F55C1CC3219E415B88E10C ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

06:57:16.0451 4980 AVGIDSShim - ok

06:57:16.0498 4980 [ 4E796D3D2C3182B13B3E3B5A2AD4EF0A ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys

06:57:16.0498 4980 Avgldx86 - ok

06:57:16.0514 4980 [ 5639DE66B37D02BD22DF4CF3155FBA60 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

06:57:16.0529 4980 Avgmfx86 - ok

06:57:16.0545 4980 [ D1BAF652EDA0AE70896276A1FB32C2D4 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

06:57:16.0545 4980 Avgrkx86 - ok

06:57:16.0592 4980 [ AAF0EBCAD95F2164CFFB544E00392498 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys

06:57:16.0592 4980 Avgtdix - ok

06:57:16.0623 4980 [ FC2BC51120A945F7C70376495E4E7737 ] avgwd C:\Program Files\AVG\AVG10\avgwdsvc.exe

06:57:16.0623 4980 avgwd - ok

06:57:16.0701 4980 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

06:57:16.0701 4980 BcmSqlStartupSvc - ok

06:57:16.0732 4980 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

06:57:16.0732 4980 Beep - ok

06:57:16.0764 4980 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

06:57:16.0810 4980 BITS - ok

06:57:16.0873 4980 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

06:57:16.0873 4980 Bonjour Service - ok

06:57:16.0920 4980 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll

06:57:16.0920 4980 Browser - ok

06:57:16.0935 4980 [ 4813DF77EDE536A52E3737971F910BAA ] BTCFilterService C:\WINDOWS\system32\DRIVERS\motfilt.sys

06:57:16.0951 4980 BTCFilterService - ok

06:57:16.0982 4980 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

06:57:16.0982 4980 cbidf2k - ok

06:57:17.0014 4980 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

06:57:17.0014 4980 CCDECODE - ok

06:57:17.0014 4980 cd20xrnt - ok

06:57:17.0029 4980 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

06:57:17.0029 4980 Cdaudio - ok

06:57:17.0060 4980 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

06:57:17.0076 4980 Cdfs - ok

06:57:17.0076 4980 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

06:57:17.0076 4980 Cdrom - ok

06:57:17.0076 4980 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys

06:57:17.0092 4980 cercsr6 - ok

06:57:17.0092 4980 Changer - ok

06:57:17.0107 4980 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

06:57:17.0107 4980 CiSvc - ok

06:57:17.0123 4980 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

06:57:17.0123 4980 ClipSrv - ok

06:57:17.0154 4980 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

06:57:17.0154 4980 clr_optimization_v2.0.50727_32 - ok

06:57:17.0185 4980 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

06:57:17.0232 4980 clr_optimization_v4.0.30319_32 - ok

06:57:17.0232 4980 CmdIde - ok

06:57:17.0232 4980 COMSysApp - ok

06:57:17.0248 4980 Cpqarray - ok

06:57:17.0248 4980 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

06:57:17.0248 4980 CryptSvc - ok

06:57:17.0248 4980 dac2w2k - ok

06:57:17.0248 4980 dac960nt - ok

06:57:17.0295 4980 [ 5118EA8A2F55FA4D4295516500B78229 ] DCamUSBEMPIA C:\WINDOWS\system32\DRIVERS\emDevice.sys

06:57:17.0295 4980 DCamUSBEMPIA - ok

06:57:17.0342 4980 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

06:57:17.0342 4980 DcomLaunch - ok

06:57:17.0389 4980 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

06:57:17.0389 4980 Dhcp - ok

06:57:17.0389 4980 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

06:57:17.0389 4980 Disk - ok

06:57:17.0435 4980 [ D8D58A84F3ECE3359DF95FD2E459B330 ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS

06:57:17.0451 4980 DLABOIOM - ok

06:57:17.0451 4980 [ EC6AE8BC9F773382D2EED49E4DFDAE2A ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

06:57:17.0451 4980 DLACDBHM - ok

06:57:17.0451 4980 [ 27C78078BD9C4F2DE2AD3EB04BFE101B ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS

06:57:17.0451 4980 DLADResN - ok

06:57:17.0467 4980 [ 7F2D93E560B763EF5D11422D78DA8ED0 ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

06:57:17.0467 4980 DLAIFS_M - ok

06:57:17.0467 4980 [ F643637DE6AAC57E38D197AA63D9EA74 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

06:57:17.0467 4980 DLAOPIOM - ok

06:57:17.0467 4980 [ 340705474807F57A46D59D18FC2959F1 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS

06:57:17.0467 4980 DLAPoolM - ok

06:57:17.0482 4980 [ 0605B66052F82B6F07204DBDB61C13FF ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

06:57:17.0482 4980 DLARTL_N - ok

06:57:17.0482 4980 [ 6984EA763907C045CE813468882BC587 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

06:57:17.0482 4980 DLAUDFAM - ok

06:57:17.0482 4980 [ 12B30C449CFD36ADBED53EB6560933C6 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

06:57:17.0482 4980 DLAUDF_M - ok

06:57:17.0498 4980 dmadmin - ok

06:57:17.0545 4980 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

06:57:17.0545 4980 dmboot - ok

06:57:17.0576 4980 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

06:57:17.0576 4980 dmio - ok

06:57:17.0592 4980 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

06:57:17.0592 4980 dmload - ok

06:57:17.0607 4980 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

06:57:17.0623 4980 dmserver - ok

06:57:17.0654 4980 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

06:57:17.0654 4980 DMusic - ok

06:57:17.0701 4980 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

06:57:17.0701 4980 Dnscache - ok

06:57:17.0732 4980 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

06:57:17.0732 4980 Dot3svc - ok

06:57:17.0732 4980 dpti2o - ok

06:57:17.0748 4980 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

06:57:17.0764 4980 drmkaud - ok

06:57:17.0764 4980 [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

06:57:17.0764 4980 DRVMCDB - ok

06:57:17.0764 4980 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

06:57:17.0764 4980 DRVNDDM - ok

06:57:17.0795 4980 [ 95974E66D3DE4951D29E28E8BC0B644C ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys

06:57:17.0810 4980 E100B - ok

06:57:17.0826 4980 [ 34AAA3B298A852B3663E6E0D94D12945 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys

06:57:17.0857 4980 e1express - ok

06:57:17.0857 4980 EagleNT - ok

06:57:17.0873 4980 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

06:57:17.0873 4980 EapHost - ok

06:57:17.0904 4980 [ B8EAC99B14772BDC36CA963AED109FA2 ] ElRawDisk C:\WINDOWS\system32\drivers\rsdrv.sys

06:57:17.0904 4980 ElRawDisk - ok

06:57:17.0935 4980 [ 200DA4F1964C11B3C19A07F937394624 ] emAudio C:\WINDOWS\system32\drivers\emAudio.sys

06:57:17.0935 4980 emAudio - ok

06:57:17.0967 4980 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

06:57:17.0967 4980 ERSvc - ok

06:57:17.0998 4980 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

06:57:18.0029 4980 Eventlog - ok

06:57:18.0060 4980 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

06:57:18.0060 4980 EventSystem - ok

06:57:18.0076 4980 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

06:57:18.0076 4980 Fastfat - ok

06:57:18.0107 4980 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

06:57:18.0107 4980 FastUserSwitchingCompatibility - ok

06:57:18.0139 4980 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys

06:57:18.0139 4980 Fdc - ok

06:57:18.0170 4980 [ 6F87E4706F59463B74BC4FAD0F67338F ] FiltUSBEMPIA C:\WINDOWS\system32\DRIVERS\emFilter.sys

06:57:18.0170 4980 FiltUSBEMPIA - ok

06:57:18.0201 4980 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

06:57:18.0201 4980 Fips - ok

06:57:18.0232 4980 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

06:57:18.0248 4980 FLEXnet Licensing Service - ok

06:57:18.0326 4980 [ 27B9B2965221E95F23F33206F95C9447 ] FlipShare Service C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

06:57:18.0326 4980 FlipShare Service - ok

06:57:18.0342 4980 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys

06:57:18.0342 4980 Flpydisk - ok

06:57:18.0373 4980 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

06:57:18.0389 4980 FltMgr - ok

06:57:18.0435 4980 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

06:57:18.0435 4980 FontCache3.0.0.0 - ok

06:57:18.0451 4980 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

06:57:18.0451 4980 Fs_Rec - ok

06:57:18.0451 4980 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

06:57:18.0451 4980 Ftdisk - ok

06:57:18.0498 4980 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

06:57:18.0498 4980 GEARAspiWDM - ok

06:57:18.0514 4980 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

06:57:18.0514 4980 Gpc - ok

06:57:18.0576 4980 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

06:57:18.0576 4980 gusvc - ok

06:57:18.0607 4980 [ D9C5E547B2D610A61560A045353962DC ] hcwhdpvr C:\WINDOWS\system32\DRIVERS\hcwhdpvr.sys

06:57:18.0623 4980 hcwhdpvr - ok

06:57:18.0639 4980 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

06:57:18.0639 4980 HDAudBus - ok

06:57:18.0670 4980 [ 0BF1D760B05CAAAF231123D53C4789E2 ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys

06:57:18.0670 4980 HECI - ok

06:57:18.0779 4980 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

06:57:18.0779 4980 helpsvc - ok

06:57:18.0810 4980 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll

06:57:18.0810 4980 HidServ - ok

06:57:18.0857 4980 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys

06:57:18.0857 4980 hidusb - ok

06:57:18.0889 4980 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

06:57:18.0889 4980 hkmsvc - ok

06:57:18.0889 4980 hpn - ok

06:57:18.0967 4980 [ CE0FCEC4D4D860F36D972759B11EAF0F ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

06:57:18.0967 4980 hpqcxs08 - ok

06:57:19.0014 4980 [ 7DA3211AC63EDD90B8ECA1CA1ABFD43B ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

06:57:19.0014 4980 hpqddsvc - ok

06:57:19.0029 4980 [ 14229263AA19C704E0D6D2E7404A8455 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL

06:57:19.0029 4980 HPSLPSVC - ok

06:57:19.0076 4980 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

06:57:19.0092 4980 HTTP - ok

06:57:19.0139 4980 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

06:57:19.0139 4980 HTTPFilter - ok

06:57:19.0154 4980 i2omgmt - ok

06:57:19.0154 4980 i2omp - ok

06:57:19.0170 4980 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys

06:57:19.0170 4980 i8042prt - ok

06:57:19.0232 4980 [ 5A8E05F1D5C36ABD58CFFA111EB325EA ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

06:57:19.0248 4980 ialm - ok

06:57:19.0326 4980 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

06:57:19.0342 4980 idsvc - ok

06:57:19.0342 4980 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

06:57:19.0342 4980 Imapi - ok

06:57:19.0389 4980 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

06:57:19.0404 4980 ImapiService - ok

06:57:19.0404 4980 ini910u - ok

06:57:19.0420 4980 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\drivers\IntelIde.sys

06:57:19.0420 4980 IntelIde - ok

06:57:19.0451 4980 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

06:57:19.0451 4980 intelppm - ok

06:57:19.0467 4980 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

06:57:19.0467 4980 Ip6Fw - ok

06:57:19.0514 4980 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

06:57:19.0514 4980 IpFilterDriver - ok

06:57:19.0529 4980 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

06:57:19.0529 4980 IpInIp - ok

06:57:19.0560 4980 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

06:57:19.0576 4980 IpNat - ok

06:57:19.0623 4980 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

06:57:19.0639 4980 iPod Service - ok

06:57:19.0654 4980 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

06:57:19.0654 4980 IPSec - ok

06:57:19.0670 4980 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

06:57:19.0670 4980 IRENUM - ok

06:57:19.0701 4980 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

06:57:19.0701 4980 isapnp - ok

06:57:19.0810 4980 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe

06:57:19.0810 4980 JavaQuickStarterService - ok

06:57:19.0842 4980 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

06:57:19.0857 4980 Kbdclass - ok

06:57:19.0857 4980 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys

06:57:19.0857 4980 kbdhid - ok

06:57:19.0889 4980 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

06:57:19.0889 4980 kmixer - ok

06:57:19.0920 4980 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

06:57:19.0920 4980 KSecDD - ok

06:57:19.0935 4980 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

06:57:19.0935 4980 lanmanserver - ok

06:57:19.0951 4980 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

06:57:19.0982 4980 lanmanworkstation - ok

06:57:19.0982 4980 lbrtfdc - ok

06:57:20.0014 4980 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

06:57:20.0014 4980 LmHosts - ok

06:57:20.0014 4980 [ CEDA82048C4958171674D0E9373B1A68 ] LMS C:\Program Files\Intel\AMT\LMS.exe

06:57:20.0029 4980 LMS - ok

06:57:20.0029 4980 [ 081CAF42D5DB1FCF8794FD77BEFD1B11 ] lusbaudio C:\WINDOWS\system32\drivers\OVSound2.sys

06:57:20.0029 4980 lusbaudio - ok

06:57:20.0076 4980 [ A3E700D78EEC390F1208098CDCA5C6B6 ] MarvinBus C:\WINDOWS\system32\DRIVERS\MarvinBus.sys

06:57:20.0076 4980 MarvinBus - ok

06:57:20.0107 4980 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys

06:57:20.0107 4980 MBAMProtector - ok

06:57:20.0154 4980 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

06:57:20.0154 4980 MBAMScheduler - ok

06:57:20.0154 4980 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

06:57:20.0170 4980 MBAMService - ok

06:57:20.0264 4980 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

06:57:20.0264 4980 MDM - ok

06:57:20.0295 4980 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

06:57:20.0295 4980 Messenger - ok

06:57:20.0342 4980 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

06:57:20.0342 4980 mnmdd - ok

06:57:20.0373 4980 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

06:57:20.0373 4980 mnmsrvc - ok

06:57:20.0420 4980 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

06:57:20.0420 4980 Modem - ok

06:57:20.0435 4980 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys

06:57:20.0451 4980 MODEMCSA - ok

06:57:20.0451 4980 [ 0A43169E115B5E9346A4BA1EFFCB04CB ] motandroidusb C:\WINDOWS\system32\Drivers\motoandroid.sys

06:57:20.0451 4980 motandroidusb - ok

06:57:20.0467 4980 [ F4EA1193A52C8FE4B8A135E210ABE546 ] motccgp C:\WINDOWS\system32\DRIVERS\motccgp.sys

06:57:20.0467 4980 motccgp - ok

06:57:20.0482 4980 [ B812DA6605CAF02641312F1F65C75419 ] motccgpfl C:\WINDOWS\system32\DRIVERS\motccgpfl.sys

06:57:20.0482 4980 motccgpfl - ok

06:57:20.0482 4980 [ E190ED75BCC7928143F8F2AF4C34D91D ] MotDev C:\WINDOWS\system32\DRIVERS\motodrv.sys

06:57:20.0482 4980 MotDev - ok

06:57:20.0482 4980 [ 69814ACD50A9D6D28296050EF6215D46 ] motmodem C:\WINDOWS\system32\DRIVERS\motmodem.sys

06:57:20.0482 4980 motmodem - ok

06:57:20.0529 4980 [ 98A10AC4257A3BA48C9611338544EE49 ] MotoHelper C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe

06:57:20.0529 4980 MotoHelper - ok

06:57:20.0529 4980 [ FD8C2CEF7AD8B23C6714103D621FAC1F ] MotoSwitchService C:\WINDOWS\system32\DRIVERS\motswch.sys

06:57:20.0545 4980 MotoSwitchService - ok

06:57:20.0545 4980 [ DDC489D40B49F443787E7FFA75373522 ] Motousbnet C:\WINDOWS\system32\DRIVERS\Motousbnet.sys

06:57:20.0545 4980 Motousbnet - ok

06:57:20.0545 4980 [ F18898D418F43E74A93EDC57E1F28BC9 ] motusbdevice C:\WINDOWS\system32\DRIVERS\motusbdevice.sys

06:57:20.0560 4980 motusbdevice - ok

06:57:20.0576 4980 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

06:57:20.0592 4980 Mouclass - ok

06:57:20.0607 4980 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

06:57:20.0623 4980 mouhid - ok

06:57:20.0623 4980 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

06:57:20.0623 4980 MountMgr - ok

06:57:20.0670 4980 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

06:57:20.0685 4980 MozillaMaintenance - ok

06:57:20.0717 4980 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys

06:57:20.0717 4980 MPE - ok

06:57:20.0764 4980 MpKsl3a0e0eb8 - ok

06:57:20.0779 4980 MpKsl7b927d71 - ok

06:57:20.0779 4980 MpKslfa3aceb7 - ok

06:57:20.0779 4980 mraid35x - ok

06:57:20.0779 4980 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

06:57:20.0779 4980 MRxDAV - ok

06:57:20.0826 4980 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

06:57:20.0842 4980 MRxSmb - ok

06:57:20.0857 4980 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

06:57:20.0857 4980 MSDTC - ok

06:57:20.0857 4980 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

06:57:20.0857 4980 Msfs - ok

06:57:20.0857 4980 MSIServer - ok

06:57:20.0873 4980 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

06:57:20.0873 4980 MSKSSRV - ok

06:57:20.0889 4980 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

06:57:20.0889 4980 MSPCLOCK - ok

06:57:20.0889 4980 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

06:57:20.0889 4980 MSPQM - ok

06:57:20.0920 4980 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

06:57:20.0920 4980 mssmbios - ok

06:57:21.0014 4980 MSSQL$MSSMLBIZ - ok

06:57:21.0060 4980 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe

06:57:21.0060 4980 MSSQLServerADHelper - ok

06:57:21.0076 4980 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys

06:57:21.0076 4980 MSTEE - ok

06:57:21.0107 4980 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

06:57:21.0123 4980 Mup - ok

06:57:21.0139 4980 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

06:57:21.0139 4980 NABTSFEC - ok

06:57:21.0170 4980 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

06:57:21.0170 4980 napagent - ok

06:57:21.0201 4980 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

06:57:21.0217 4980 NDIS - ok

06:57:21.0232 4980 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys

06:57:21.0232 4980 NdisIP - ok

06:57:21.0264 4980 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

06:57:21.0279 4980 NdisTapi - ok

06:57:21.0295 4980 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

06:57:21.0310 4980 Ndisuio - ok

06:57:21.0326 4980 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

06:57:21.0326 4980 NdisWan - ok

06:57:21.0342 4980 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

06:57:21.0357 4980 NDProxy - ok

06:57:21.0389 4980 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll

06:57:21.0404 4980 Net Driver HPZ12 - ok

06:57:21.0420 4980 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

06:57:21.0420 4980 NetBIOS - ok

06:57:21.0451 4980 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

06:57:21.0451 4980 NetBT - ok

06:57:21.0482 4980 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

06:57:21.0482 4980 NetDDE - ok

06:57:21.0498 4980 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

06:57:21.0498 4980 NetDDEdsdm - ok

06:57:21.0529 4980 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

06:57:21.0529 4980 Netlogon - ok

06:57:21.0576 4980 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

06:57:21.0576 4980 Netman - ok

06:57:21.0607 4980 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

06:57:21.0623 4980 NetTcpPortSharing - ok

06:57:21.0654 4980 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

06:57:21.0654 4980 Nla - ok

06:57:21.0685 4980 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys

06:57:21.0685 4980 nm - ok

06:57:21.0717 4980 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\WINDOWS\system32\drivers\npf.sys

06:57:21.0717 4980 NPF - ok

06:57:21.0732 4980 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

06:57:21.0732 4980 Npfs - ok

06:57:21.0748 4980 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

06:57:21.0748 4980 Ntfs - ok

06:57:21.0748 4980 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

06:57:21.0748 4980 NtLmSsp - ok

06:57:21.0795 4980 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

06:57:21.0795 4980 NtmsSvc - ok

06:57:21.0810 4980 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

06:57:21.0826 4980 Null - ok

06:57:21.0842 4980 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

06:57:21.0857 4980 NwlnkFlt - ok

06:57:21.0857 4980 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

06:57:21.0857 4980 NwlnkFwd - ok

06:57:21.0920 4980 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

06:57:21.0920 4980 odserv - ok

06:57:21.0920 4980 OMCI - ok

06:57:21.0967 4980 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

06:57:21.0967 4980 ose - ok

06:57:21.0982 4980 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

06:57:21.0982 4980 Parport - ok

06:57:22.0029 4980 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

06:57:22.0029 4980 PartMgr - ok

06:57:22.0060 4980 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

06:57:22.0076 4980 ParVdm - ok

06:57:22.0092 4980 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

06:57:22.0092 4980 PCI - ok

06:57:22.0092 4980 PCIDump - ok

06:57:22.0092 4980 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

06:57:22.0107 4980 PCIIde - ok

06:57:22.0123 4980 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

06:57:22.0123 4980 Pcmcia - ok

06:57:22.0123 4980 PDCOMP - ok

06:57:22.0123 4980 PDFRAME - ok

06:57:22.0123 4980 PDRELI - ok

06:57:22.0123 4980 PDRFRAME - ok

06:57:22.0139 4980 perc2 - ok

06:57:22.0139 4980 perc2hib - ok

06:57:22.0154 4980 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

06:57:22.0154 4980 PlugPlay - ok

06:57:22.0248 4980 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll

06:57:22.0264 4980 Pml Driver HPZ12 - ok

06:57:22.0264 4980 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

06:57:22.0264 4980 PolicyAgent - ok

06:57:22.0264 4980 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

06:57:22.0264 4980 PptpMiniport - ok

06:57:22.0279 4980 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

06:57:22.0279 4980 ProtectedStorage - ok

06:57:22.0279 4980 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

06:57:22.0279 4980 PSched - ok

06:57:22.0310 4980 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

06:57:22.0326 4980 PSI_SVC_2 - ok

06:57:22.0326 4980 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

06:57:22.0326 4980 Ptilink - ok

06:57:22.0342 4980 [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys

06:57:22.0357 4980 PxHelp20 - ok

06:57:22.0373 4980 [ 90849934D37133E069F31F3E9A66C9BC ] QCEmerald C:\WINDOWS\system32\DRIVERS\OVCE.sys

06:57:22.0389 4980 QCEmerald - ok

06:57:22.0389 4980 ql1080 - ok

06:57:22.0389 4980 Ql10wnt - ok

06:57:22.0389 4980 ql12160 - ok

06:57:22.0389 4980 ql1240 - ok

06:57:22.0389 4980 ql1280 - ok

06:57:22.0404 4980 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

06:57:22.0404 4980 RasAcd - ok

06:57:22.0451 4980 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

06:57:22.0467 4980 RasAuto - ok

06:57:22.0482 4980 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

06:57:22.0482 4980 Rasl2tp - ok

06:57:22.0529 4980 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

06:57:22.0529 4980 RasMan - ok

06:57:22.0529 4980 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

06:57:22.0529 4980 RasPppoe - ok

06:57:22.0545 4980 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

06:57:22.0545 4980 Raspti - ok

06:57:22.0560 4980 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

06:57:22.0560 4980 Rdbss - ok

06:57:22.0576 4980 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

06:57:22.0576 4980 RDPCDD - ok

06:57:22.0592 4980 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

06:57:22.0592 4980 rdpdr - ok

06:57:22.0623 4980 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

06:57:22.0639 4980 RDPWD - ok

06:57:22.0670 4980 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

06:57:22.0670 4980 RDSessMgr - ok

06:57:22.0717 4980 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

06:57:22.0717 4980 redbook - ok

06:57:22.0748 4980 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

06:57:22.0748 4980 RemoteAccess - ok

06:57:22.0779 4980 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

06:57:22.0779 4980 RemoteRegistry - ok

06:57:22.0826 4980 [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe

06:57:22.0842 4980 rpcapd - ok

06:57:22.0842 4980 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

06:57:22.0857 4980 RpcLocator - ok

06:57:22.0873 4980 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll

06:57:22.0873 4980 RpcSs - ok

06:57:22.0889 4980 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

06:57:22.0904 4980 RSVP - ok

06:57:22.0920 4980 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

06:57:22.0920 4980 SamSs - ok

06:57:22.0935 4980 [ F5A633609777C212EC5FF19927FC5955 ] ScanUSBEMPIA C:\WINDOWS\system32\DRIVERS\emScan.sys

06:57:22.0935 4980 ScanUSBEMPIA - ok

06:57:22.0935 4980 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

06:57:22.0951 4980 SCardSvr - ok

06:57:22.0982 4980 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

06:57:22.0982 4980 Schedule - ok

06:57:23.0014 4980 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

06:57:23.0029 4980 Secdrv - ok

06:57:23.0045 4980 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

06:57:23.0045 4980 seclogon - ok

06:57:23.0092 4980 [ B6A6B409FDA9D9EBD3AADB838D3D7173 ] SenFiltService C:\WINDOWS\system32\drivers\Senfilt.sys

06:57:23.0092 4980 SenFiltService - ok

06:57:23.0123 4980 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

06:57:23.0123 4980 SENS - ok

06:57:23.0154 4980 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

06:57:23.0154 4980 Serenum - ok

06:57:23.0170 4980 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

06:57:23.0170 4980 Serial - ok

06:57:23.0201 4980 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

06:57:23.0201 4980 Sfloppy - ok

06:57:23.0248 4980 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

06:57:23.0264 4980 SharedAccess - ok

06:57:23.0310 4980 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

06:57:23.0310 4980 ShellHWDetection - ok

06:57:23.0310 4980 Simbad - ok

06:57:23.0389 4980 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe

06:57:23.0389 4980 SkypeUpdate - ok

06:57:23.0435 4980 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys

06:57:23.0435 4980 SLIP - ok

06:57:23.0482 4980 [ EB49860E776CE860DC3CFB9EDB1BA517 ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys

06:57:23.0482 4980 snapman - ok

06:57:23.0482 4980 Sparrow - ok

06:57:23.0514 4980 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

06:57:23.0514 4980 splitter - ok

06:57:23.0545 4980 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

06:57:23.0560 4980 Spooler - ok

06:57:23.0560 4980 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

06:57:23.0576 4980 SQLBrowser - ok

06:57:23.0607 4980 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

06:57:23.0607 4980 SQLWriter - ok

06:57:23.0623 4980 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

06:57:23.0623 4980 sr - ok

06:57:23.0654 4980 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

06:57:23.0670 4980 srservice - ok

06:57:23.0685 4980 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

06:57:23.0701 4980 Srv - ok

06:57:23.0732 4980 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

06:57:23.0732 4980 SSDPSRV - ok

06:57:23.0748 4980 Steam Client Service - ok

06:57:23.0764 4980 [ 352B663A81402BE7CD7BD4EA27C9998C ] STHDA C:\WINDOWS\system32\drivers\sthda.sys

06:57:23.0779 4980 STHDA - ok

06:57:23.0810 4980 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys

06:57:23.0810 4980 StillCam - ok

06:57:23.0826 4980 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

06:57:23.0842 4980 stisvc - ok

06:57:23.0857 4980 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys

06:57:23.0857 4980 streamip - ok

06:57:23.0904 4980 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

06:57:23.0904 4980 swenum - ok

06:57:24.0060 4980 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

06:57:24.0060 4980 SwitchBoard - ok

06:57:24.0107 4980 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

06:57:24.0107 4980 swmidi - ok

06:57:24.0107 4980 SwPrv - ok

06:57:24.0107 4980 symc810 - ok

06:57:24.0107 4980 symc8xx - ok

06:57:24.0107 4980 sym_hi - ok

06:57:24.0123 4980 sym_u3 - ok

06:57:24.0170 4980 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

06:57:24.0170 4980 sysaudio - ok

06:57:24.0185 4980 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

06:57:24.0185 4980 SysmonLog - ok

06:57:24.0201 4980 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

06:57:24.0201 4980 TapiSrv - ok

06:57:24.0248 4980 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

06:57:24.0248 4980 Tcpip - ok

06:57:24.0279 4980 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

06:57:24.0279 4980 TDPIPE - ok

06:57:24.0310 4980 [ 431801FCC97034E04A6EFF81136578D7 ] tdrpman273 C:\WINDOWS\system32\DRIVERS\tdrpm273.sys

06:57:24.0326 4980 tdrpman273 - ok

06:57:24.0342 4980 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

06:57:24.0342 4980 TDTCP - ok

06:57:24.0357 4980 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

06:57:24.0357 4980 TermDD - ok

06:57:24.0389 4980 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

06:57:24.0389 4980 TermService - ok

06:57:24.0420 4980 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

06:57:24.0420 4980 Themes - ok

06:57:24.0451 4980 [ A34D7024BB7140EC785C86BC065D4F60 ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys

06:57:24.0467 4980 timounter - ok

06:57:24.0498 4980 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

06:57:24.0514 4980 TlntSvr - ok

06:57:24.0514 4980 TosIde - ok

06:57:24.0529 4980 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

06:57:24.0529 4980 TrkWks - ok

06:57:24.0560 4980 [ C11362058918CD38C8B8D3E265DA80F5 ] TrueSight C:\WINDOWS\system32\drivers\TrueSight.sys

06:57:24.0576 4980 TrueSight - ok

06:57:24.0592 4980 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

06:57:24.0592 4980 Udfs - ok

06:57:24.0592 4980 ultra - ok

06:57:24.0654 4980 [ 641572746179865BA2AFD8FE2987541A ] UNS C:\Program Files\Intel\AMT\UNS.exe

06:57:24.0685 4980 UNS - ok

06:57:24.0732 4980 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

06:57:24.0732 4980 Update - ok

06:57:24.0764 4980 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

06:57:24.0764 4980 upnphost - ok

06:57:24.0779 4980 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

06:57:24.0779 4980 UPS - ok

06:57:24.0826 4980 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys

06:57:24.0842 4980 USBAAPL - ok

06:57:24.0873 4980 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys

06:57:24.0873 4980 usbaudio - ok

06:57:24.0920 4980 [ 3EBB87E9839606662E0C3B91B553DBF7 ] usbbus C:\WINDOWS\system32\DRIVERS\lgusbbus.sys

06:57:24.0920 4980 usbbus - ok

06:57:24.0935 4980 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

06:57:24.0935 4980 usbccgp - ok

06:57:24.0967 4980 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

06:57:24.0967 4980 usbehci - ok

06:57:25.0014 4980 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

06:57:25.0014 4980 usbhub - ok

06:57:25.0029 4980 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

06:57:25.0045 4980 usbprint - ok

06:57:25.0060 4980 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

06:57:25.0060 4980 usbscan - ok

06:57:25.0092 4980 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

06:57:25.0092 4980 USBSTOR - ok

06:57:25.0107 4980 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

06:57:25.0107 4980 usbuhci - ok

06:57:25.0123 4980 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

06:57:25.0123 4980 VgaSave - ok

06:57:25.0123 4980 ViaIde - ok

06:57:25.0170 4980 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

06:57:25.0170 4980 VolSnap - ok

06:57:25.0232 4980 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

06:57:25.0248 4980 VSS - ok

06:57:25.0373 4980 [ 5FA45791413ACCE628D5361458F32DDE ] vToolbarUpdater11.1.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe

06:57:25.0373 4980 vToolbarUpdater11.1.0 - ok

06:57:25.0389 4980 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

06:57:25.0389 4980 W32Time - ok

06:57:25.0404 4980 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

06:57:25.0404 4980 Wanarp - ok

06:57:25.0451 4980 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys

06:57:25.0467 4980 Wdf01000 - ok

06:57:25.0467 4980 WDICA - ok

06:57:25.0498 4980 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

06:57:25.0498 4980 wdmaud - ok

06:57:25.0529 4980 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

06:57:25.0545 4980 WebClient - ok

06:57:25.0607 4980 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

06:57:25.0607 4980 winmgmt - ok

06:57:25.0639 4980 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys

06:57:25.0654 4980 WinUSB - ok

06:57:25.0670 4980 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

06:57:25.0685 4980 WmdmPmSN - ok

06:57:25.0717 4980 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll

06:57:25.0717 4980 Wmi - ok

06:57:25.0732 4980 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

06:57:25.0732 4980 WmiApSrv - ok

06:57:25.0795 4980 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

06:57:25.0810 4980 WMPNetworkSvc - ok

06:57:25.0826 4980 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys

06:57:25.0826 4980 WpdUsb - ok

06:57:25.0904 4980 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

06:57:25.0920 4980 WPFFontCache_v0400 - ok

06:57:25.0951 4980 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys

06:57:25.0951 4980 WS2IFSL - ok

06:57:25.0967 4980 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

06:57:25.0967 4980 wscsvc - ok

06:57:25.0982 4980 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

06:57:25.0982 4980 WSTCODEC - ok

06:57:26.0014 4980 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

06:57:26.0029 4980 wuauserv - ok

06:57:26.0060 4980 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

06:57:26.0060 4980 WudfPf - ok

06:57:26.0076 4980 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

06:57:26.0076 4980 WudfRd - ok

06:57:26.0107 4980 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

06:57:26.0107 4980 WudfSvc - ok

06:57:26.0154 4980 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

06:57:26.0154 4980 WZCSVC - ok

06:57:26.0170 4980 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

06:57:26.0185 4980 xmlprov - ok

06:57:26.0185 4980 zumbus - ok

06:57:26.0201 4980 ================ Scan global ===============================

06:57:26.0248 4980 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

06:57:26.0326 4980 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

06:57:26.0357 4980 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

06:57:26.0389 4980 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

06:57:26.0404 4980 [Global] - ok

06:57:26.0404 4980 ================ Scan MBR ==================================

06:57:26.0420 4980 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

06:57:26.0420 4980 Suspicious mbr (Forged): \Device\Harddisk0\DR0

06:57:26.0435 4980 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

06:57:26.0435 4980 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

06:57:26.0435 4980 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1

06:57:26.0467 4980 \Device\Harddisk1\DR1 - ok

06:57:26.0467 4980 ================ Scan VBR ==================================

06:57:26.0498 4980 [ 06FF74AF3D5607E277471F6F7A165046 ] \Device\Harddisk0\DR0\Partition1

06:57:26.0498 4980 \Device\Harddisk0\DR0\Partition1 - ok

06:57:26.0498 4980 [ 4DC073B5343C2D48D5B165C328CBA33E ] \Device\Harddisk1\DR1\Partition1

06:57:26.0498 4980 \Device\Harddisk1\DR1\Partition1 - ok

06:57:26.0498 4980 ================ Scan active images ========================

06:57:26.0498 4980 ============================================================

06:57:26.0498 4980 Scan finished

06:57:26.0498 4980 ============================================================

06:57:26.0498 5112 Detected object count: 1

06:57:26.0498 5112 Actual detected object count: 1

06:57:45.0810 5112 \Device\Harddisk0\DR0\# - copied to quarantine

06:57:45.0810 5112 \Device\Harddisk0\DR0 - copied to quarantine

06:57:45.0873 5112 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

06:57:45.0889 5112 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

06:57:45.0889 5112 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

06:57:45.0889 5112 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

06:57:45.0904 5112 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

06:57:45.0920 5112 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

06:57:45.0935 5112 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

06:57:45.0935 5112 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

06:57:45.0935 5112 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

06:57:45.0935 5112 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

06:57:45.0935 5112 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

06:57:45.0951 5112 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

06:57:45.0951 5112 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

06:57:45.0951 5112 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

06:57:45.0967 5112 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

06:57:45.0967 5112 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

06:57:45.0967 5112 \Device\Harddisk0\DR0 - ok

06:57:45.0982 5112 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

06:57:52.0701 1444 Deinitialize success

Link to post
Share on other sites

Next.........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Try it like this......

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown: (copy and paste)

"%userprofile%\desktop\combofix.exe" /nombr

See if it will run successfully now. MrC

Link to post
Share on other sites

ComboFix 12-10-14.03 - Administrator 10/14/2012 20:19:04.1.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3117 [GMT -4:00]

Running from: c:\documents and settings\Administrator\desktop\combofix.exe

Command switches used :: /nombr

AV: AVG Internet Security 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Mitchell\Application Data\Dyyno

c:\documents and settings\Mitchell\Application Data\Dyyno\dyyno.xml

c:\documents and settings\Mitchell\Application Data\Microsoft\~DFK104b3558.tmp

c:\documents and settings\Mitchell\Application Data\Microsoft\1eaadjc.dll

c:\documents and settings\Mitchell\Application Data\Microsoft\bass.dll

c:\documents and settings\Mitchell\Application Data\Microsoft\engine_vx.dll

c:\documents and settings\Mitchell\Application Data\Microsoft\kfgresk.dll

c:\documents and settings\Mitchell\Application Data\Microsoft\mjcriu.dll

c:\documents and settings\Mitchell\Application Data\Microsoft\peaadje.dll

c:\documents and settings\Mitchell\Application Data\Microsoft\qwadjb.dll

c:\documents and settings\Mitchell\Application Data\Microsoft\rsaadjd.dll

c:\documents and settings\Mitchell\Application Data\Mitchell3SQLite3.dll

c:\program files\WeatherBlinkEI

c:\windows\system32\_000125_.tmp.dll

c:\windows\system32\avgfwdx.dll

c:\windows\system32\Cache

c:\windows\system32\Cache\04f324d6784a7906.fb

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\2c53092c95605355.fb

c:\windows\system32\Cache\31a0997e9a5b5eb3.fb

c:\windows\system32\Cache\32c84fe32bb74d60.fb

c:\windows\system32\Cache\36c9f3d41cd4909b.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\6d03dad1035885d3.fb

c:\windows\system32\Cache\8eeea9ea0cb60a5f.fb

c:\windows\system32\Cache\a554f9993f17cc04.fb

c:\windows\system32\Cache\a8556537add6dfc5.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\c1fa887b03019701.fb

c:\windows\system32\Cache\c4d28dca2e7648be.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\Cache\e0de16f883bea794.fb

c:\windows\system32\Cache\f998975c9cc711ee.fb

c:\windows\system32\dllcache\dlimport.exe

c:\windows\system32\SET29A.tmp

c:\windows\system32\SET29E.tmp

c:\windows\system32\SET2A6.tmp

c:\windows\XSxS

.

.

((((((((((((((((((((((((( Files Created from 2012-09-15 to 2012-10-15 )))))))))))))))))))))))))))))))

.

.

2012-10-12 10:57 . 2012-10-12 10:57 -------- d-----w- C:\TDSSKiller_Quarantine

2012-10-11 10:55 . 2012-10-11 10:59 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2012-10-10 23:51 . 2012-10-10 23:51 -------- d-----w- c:\documents and settings\Administrator\.swt

2012-10-10 23:51 . 2012-10-11 00:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Azureus

2012-10-10 23:49 . 2012-10-14 14:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Spotify

2012-10-10 23:49 . 2012-10-14 14:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Spotify

2012-09-28 19:50 . 2012-09-28 19:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Publish Providers

2012-09-28 19:49 . 2012-09-28 19:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sony

2012-09-28 19:49 . 2012-09-28 19:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sony

2012-09-28 19:00 . 2012-09-28 19:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer

2012-09-28 10:57 . 2012-09-28 10:57 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2012-09-27 23:14 . 2012-09-27 23:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\ScanSoft

2012-09-27 23:13 . 2012-09-27 23:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Zeon

2012-09-26 17:13 . 2012-09-26 17:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2012-09-17 22:55 . 2012-09-17 22:55 -------- d-----w- c:\program files\Uniblue

2012-09-17 22:55 . 2012-09-17 22:55 -------- d-----w- c:\documents and settings\Mitchell\Application Data\Uniblue

2012-09-17 22:24 . 2012-09-17 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan

2012-09-17 22:17 . 2012-09-17 22:52 -------- d-----w- c:\documents and settings\Mitchell\Application Data\HPAppData

2012-09-17 19:48 . 2012-09-17 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG

2012-09-17 19:47 . 2012-09-17 19:47 -------- d-----w- c:\documents and settings\Mitchell\Local Settings\Application Data\HP

2012-09-17 19:45 . 2012-09-17 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant

2012-09-17 19:34 . 2012-09-17 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\HP

2012-09-17 19:34 . 2012-09-17 19:34 -------- d-----w- c:\windows\hpojp8500a909

2012-09-17 19:28 . 2008-08-12 14:58 118272 ----a-w- c:\windows\system32\hpf3l082.dll

2012-09-17 19:28 . 2008-08-12 14:58 314880 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp082.dll

2012-09-17 19:28 . 2008-08-22 12:24 271704 ----a-r- c:\windows\system32\hpzids01.dll

2012-09-17 19:28 . 2008-10-06 19:11 741376 ----a-r- c:\windows\system32\hpwwiax5.dll

2012-09-17 19:28 . 2008-10-06 19:11 966656 ----a-r- c:\windows\system32\hpwtiop4.dll

2012-09-17 19:28 . 2007-07-09 18:13 364544 ----a-r- c:\windows\system32\hppldcoi.dll

2012-09-17 19:28 . 2007-07-06 18:48 294912 ----a-r- c:\windows\system32\hpovst11.dll

2012-09-17 19:28 . 2001-08-17 17:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys

2012-09-17 19:26 . 2012-09-17 19:26 -------- d-----w- c:\program files\Common Files\HP

2012-09-17 19:26 . 2012-09-17 19:26 -------- d-----w- c:\program files\Common Files\Hewlett-Packard

2012-09-17 19:26 . 2012-09-17 19:26 -------- d-----w- c:\program files\Hewlett-Packard

2012-09-17 19:25 . 2012-09-17 19:46 -------- d-----w- c:\program files\HP

2012-09-17 19:25 . 2008-04-13 17:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-07 21:04 . 2012-08-09 03:21 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-28 15:14 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec

2012-08-24 13:53 . 2004-08-04 10:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-08-21 13:33 . 2005-03-30 01:21 2148864 ------w- c:\windows\system32\ntoskrnl.exe

2012-08-21 12:58 . 2005-03-30 01:01 2027520 ------w- c:\windows\system32\ntkrnlpa.exe

2012-07-28 16:51 . 2012-04-01 17:53 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-28 16:51 . 2011-05-25 10:46 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-09 16:03 . 2011-07-13 00:17 143240 ----a-w- c:\program files\Common Files\ApnStub.exe

2010-01-26 15:11 . 2011-06-12 04:40 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe

2012-10-12 16:03 . 2012-10-12 16:02 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-07-10 03:40 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify"="c:\documents and settings\Mitchell\Application Data\Spotify\spotify.exe" [2012-10-11 5576408]

"Spotify Web Helper"="c:\documents and settings\Mitchell\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2012-10-11 1193176]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]

"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-10 1107552]

"SAOB Monitor"="c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-09-22 2536760]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-09-23 5550984]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-02-01 390720]

"atchk"="c:\program files\Intel\AMT\atchk.exe" [2009-12-01 401408]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

2008-06-12 03:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]

2008-06-12 07:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2011-03-30 13:46 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]

2011-01-12 12:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

2010-07-23 03:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAHeadless]

2009-09-18 08:24 615808 ----a-w- c:\program files\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dxtory Update Checker 2.0]

2010-10-17 19:08 93696 ----a-w- c:\program files\Dxtory Software\Dxtory2.0\UpdateChecker.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPodVideoConverter_upgrade]

2011-08-16 14:27 484864 ----a-w- c:\program files\E-Zsoft\iPodVideoConverter\iPodVideoConverter.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-06-07 23:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2012-09-07 21:04 766536 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF4 Registry Controller]

2006-10-05 18:26 46664 ----a-w- c:\program files\ScanSoft\PDF Professional 4.0\RegistryController.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

2007-05-08 13:28 1015808 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2006-09-28 18:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-01-18 19:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2011-03-07 00:56 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]

2010-02-19 18:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2012-07-08 04:13 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\MP3 Skype Recorder\\MP3 Skype Recorder.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"c:\\Program Files\\UltraVNC\\winvnc.exe"=

"c:\\Program Files\\UltraVNC\\vncviewer.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"c:\\Program Files\\Adobe\\Adobe Flash Builder 4.5\\FlashBuilder.exe"=

"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Documents and Settings\\Mitchell\\Application Data\\Spotify\\spotify.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"57826:TCP"= 57826:TCP:Pando Media Booster

"57826:UDP"= 57826:UDP:Pando Media Booster

"5900:TCP"= 5900:TCP:vnc5900

"5800:TCP"= 5800:TCP:vnc5800

"7935:TCP"= 7935:TCP:Adobe Flash Builder 4.5

"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server

"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server

"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server

"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 8:13 AM 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 4:03 PM 32592]

R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [7/14/2012 5:16 PM 752128]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/5/2011 12:59 AM 297168]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 4:33 AM 30432]

S1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [1/14/2011 7:47 PM 127744]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 248656]

S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [7/23/2012 5:19 PM 22312]

S1 MpKsl3a0e0eb8;MpKsl3a0e0eb8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E043163-B476-42BC-A1F1-9DFD408B8117}\MpKsl3a0e0eb8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E043163-B476-42BC-A1F1-9DFD408B8117}\MpKsl3a0e0eb8.sys [?]

S1 MpKsl7b927d71;MpKsl7b927d71;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E043163-B476-42BC-A1F1-9DFD408B8117}\MpKsl7b927d71.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E043163-B476-42BC-A1F1-9DFD408B8117}\MpKsl7b927d71.sys [?]

S1 MpKslfa3aceb7;MpKslfa3aceb7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E043163-B476-42BC-A1F1-9DFD408B8117}\MpKslfa3aceb7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E043163-B476-42BC-A1F1-9DFD408B8117}\MpKslfa3aceb7.sys [?]

S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [7/14/2012 5:16 PM 3246040]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 6:00 AM 14336]

S2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [3/9/2011 7:24 PM 2708024]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [1/31/2012 4:02 PM 7391072]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/12/2012 7:49 PM 399432]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/8/2012 11:21 PM 676936]

S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [8/10/2011 3:35 PM 227184]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/26/2010 10:09 PM 50704]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]

S2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [7/16/2012 6:17 PM 2519040]

S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [6/12/2012 11:18 AM 935480]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 6:46 AM 284016]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/1/2012 1:53 PM 250056]

S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [7/14/2012 5:16 PM 167968]

S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2/15/2012 4:33 PM 16640]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [5/16/2011 8:04 PM 167264]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 4:33 AM 30432]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [4/14/2011 9:28 PM 134480]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 7:53 AM 24144]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 7:53 AM 27216]

S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [7/17/2011 12:22 PM 6016]

S3 hcwhdpvr;Hauppauge HD PVR Capture Device;c:\windows\system32\drivers\hcwhdpvr.sys [1/14/2011 7:42 PM 157568]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/8/2012 11:21 PM 22856]

S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [7/17/2011 12:22 PM 25856]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [7/17/2011 12:22 PM 20480]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [7/17/2011 12:22 PM 8320]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [7/17/2011 12:22 PM 42752]

S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [7/17/2011 12:22 PM 23424]

S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [7/17/2011 12:22 PM 11008]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/30/2012 6:50 AM 115168]

S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [4/25/2011 4:11 PM 31872]

S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37 PM 517096]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 16:51]

.

2012-10-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-GROSSWORLD-mitchell.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-01-31 13:46]

.

2012-10-08 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2012-10-14 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-03-07 00:25]

.

2012-10-11 c:\windows\Tasks\MotoHelper MUM.job

- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08 22:11]

.

2012-10-13 c:\windows\Tasks\MotoHelper Routing.job

- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08 22:11]

.

2012-10-11 c:\windows\Tasks\MotoHelper Update.job

- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08 22:11]

.

2012-10-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3637815973-1601523947-386142109-1138.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 16:00]

.

2012-10-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3637815973-1601523947-386142109-1138.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 16:00]

.

2012-09-17 c:\windows\Tasks\SpeedUpMyPC.job

- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2012-09-17 05:46]

.

2012-10-14 c:\windows\Tasks\User_Feed_Synchronization-{A2C3F026-9CFC-43B2-B473-D27BBD1CA5C4}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

.

2012-10-14 c:\windows\Tasks\User_Feed_Synchronization-{B60D6635-9980-4412-A0BD-2693AA264B9E}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

.

2012-10-14 c:\windows\Tasks\User_Feed_Synchronization-{ED30FEFF-4872-4D40-BEA0-67E7529D8940}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Open with ScanSoft PDF Converter 4.0 - c:\program files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{E0B61605-2928-42B2-B9B9-6CA3C1307154}: NameServer = 68.94.1.56,68.94.157.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i72u2tzg.default\

FF - ExtSQL: 2012-09-17 14:53; {1E73965B-8B48-48be-9C8D-68B920ABC1C4}; c:\program files\AVG\AVG10\Firefox4

FF - ExtSQL: 2012-09-17 15:46; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-80757594.sys

SafeBoot-89117365.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-10-14 20:39

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-725345543-507921405-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,a5,91,8b,7f,a8,bf,48,87,d3,b5,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,a5,91,8b,7f,a8,bf,48,87,d3,b5,\

.

[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]

"value"="?\0a\00\17\10\076»"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1268)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2012-10-14 20:41:14

ComboFix-quarantined-files.txt 2012-10-15 00:41

.

Pre-Run: 379,329,753,088 bytes free

Post-Run: 381,055,553,536 bytes free

.

- - End Of File - - 9D17B07F4B2BED2C9F9D3E5ECD06F98C

Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.10.15.13

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Administrator :: MITCHELL-DELL [administrator]

Protection: Enabled

10/15/2012 6:48:50 PM

mbam-log-2012-10-15 (18-48-50).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 318390

Time elapsed: 10 minute(s), 4 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

OK, let me know.......also:

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

MrC

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.51

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

Please wait while WMIC compiles updated MOF files.d

i

s

p

l

a

y

N

a

m

e

ECHO is off.

A

V

G

ECHO is off.

I

n

t

e

r

n

e

t

ECHO is off.

S

e

c

u

r

i

t

y

ECHO is off.

2

0

1

ECHO is off.

M

i

c

r

o

s

o

f

t

ECHO is off.

S

e

c

u

r

i

t

y

ECHO is off.

E

s

e

n

t

i

a

l

s

ECHO is off.

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Malwarebytes Anti-Malware version 1.65.0.1400

CCleaner

Java DB 10.5.3.0

Java 6 Update 31

Java SE Development Kit 6 Update 23

Java version out of Date!

Adobe Flash Player 11.3.300.268

Adobe Reader X 10.1.3 Adobe Reader out of Date!

Mozilla Firefox (16.0.1)

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

Acronis TrueImageHome OnlineBackupStandalone TrueImageMonitor.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Java™ 6 Update 31 <---please uninstall from add/remove programs

Java™ SE Development Kit 6 Update 23 <---please uninstall from add/remove programs

Java version out of Date! <---download and install the latest version from Here

Adobe Reader X 10.1.3 Adobe Reader out of Date! <----please update

You have out dated programs on the system which are vulnerable to malware.

Please update or uninstall them

Info on doing that can be found in my Preventive Maintenance

~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.