Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virus.win32.zaccess.k


  • This topic is locked This topic is locked
21 replies to this topic

#1 j ryan

j ryan

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 04 April 2012 - 06:46 PM

ComboFix states that I have a Zero Access Rootkit infection, TDSS Killer lists the infection as virus.win32.zaccess.k. Have followed the "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help". DDS and GMER logs are below. Have so far been unable to remove the infection.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by User 1 at 0:32:48 on 2012-04-05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.1022.305 [GMT 10:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://ninemsn.com.au/
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ASUSGamerOSD] c:\program files\asus\gamerosd\GamerOSD.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: select2perform.com.au
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} - hxxps://www.select2perform.com.au/cabs/QOLCheck.ocx
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.fujifilmimagine.com/imagine/ax/ImageUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{3184E631-7FE7-4CB3-99A6-2EFF93589070} : DhcpNameServer = 10.0.0.138
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user 1\application data\mozilla\firefox\profiles\397mz4yq.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 61333
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
user_pref(security.warn_viewing_mixed,false);
user_pref(security.warn_viewing_mixed.show_once,false);
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
user_pref(security.warn_submit_insecure,false);
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-9 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-2-8 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-6 243024]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-6-4 652360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-6-4 20464]
S0 yewucpc;yewucpc;c:\windows\system32\drivers\vojkivq.sys --> c:\windows\system32\drivers\vojkivq.sys [?]
S2 avg9wd;AVG Free WatchDog;"c:\program files\avg\avg9\avgwdsvc.exe" --> c:\program files\avg\avg9\avgwdsvc.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-13 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-13 135664]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
.
=============== Created Last 30 ================
.
2012-04-04 13:58:46 -------- d-----w- c:\program files\SpywareBlaster
2012-04-04 13:43:10 -------- d-----w- c:\documents and settings\user 1\application data\WinPatrol
2012-04-04 13:43:05 -------- d-----w- c:\program files\BillP Studios
2012-04-04 13:43:05 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
2012-04-04 13:38:49 -------- d-----w- c:\program files\CCleaner
2012-04-04 12:42:34 388096 ----a-r- c:\documents and settings\user 1\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-04-04 12:42:33 -------- d-----w- c:\program files\Trend Micro
2012-04-04 12:39:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-04 12:39:40 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2012-04-04 12:39:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 12:08:05 98816 ----a-w- c:\windows\sed.exe
2012-04-04 12:08:05 518144 ----a-w- c:\windows\SWREG.exe
2012-04-04 12:08:05 256000 ----a-w- c:\windows\PEV.exe
2012-04-04 12:08:05 208896 ----a-w- c:\windows\MBR.exe
2012-04-04 11:55:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-24 21:09:44 -------- d-----w- c:\program files\TimeLineRemove
2012-03-13 07:43:52 -------- d-----w- c:\program files\iPod
.
==================== Find3M ====================
.
2012-02-15 00:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 00:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-04 01:18:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2005-03-31 12:17:42 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
============= FINISH: 0:33:36.32 ===============




GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-05 09:08:50
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-17 ST3250310AS rev.3.AAC
Running: iw8tdboi.exe; Driver: C:\DOCUME~1\USER1~1\LOCALS~1\Temp\pxtdypow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text atapi.sys F7316852 5 Bytes JMP A9CEC9E8 \??\C:\DOCUME~1\USER1~1\LOCALS~1\Temp\aswMBR.sys
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6140000, 0x220617, 0xE8000020]
? C:\DOCUME~1\USER1~1\LOCALS~1\Temp\aswMBR.sys The system cannot find the file specified. !
? C:\DOCUME~1\USER1~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

Device \Driver\00000608 \GLOBAL??\e67fbcdd 85A50880

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:01:05 PM

Posted 10 April 2012 - 11:01 AM

Hello j ryan,

My name is ratman and and I will be helping you with your computer problems.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.

====================================================================================

Backdoor Warning

One or more of the identified infections (ZeroAccess) is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.

====================================================================================


I'd like you to run a scan with aswMBR
Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

====================================================================================

We need to create an OTL Report
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

====================================================================================

I'd also like you to post the Combofix.txt file (stored in C;\) and the TDSSKiller log which was produced.

=====================================================================================


In your next reply, please copy/paste the contents of the following:
  • aswMBR Log
  • OTL.txt
  • Extra.txt
  • C:\Combofix.txt
  • TDSSKiller.Log


What symptoms do you currently have?
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#3 j ryan

j ryan
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 13 April 2012 - 04:02 PM

Hi Ratman,

I don't feel like the computer has alot of symptons of a virus at the moment but I think this is because most of it seems to have been removed already, there definitely still seems to be traces in a system file avgtdix.sys which is a bit of a worry. Here are those logs...


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-14 05:25:56
-----------------------------
05:25:56.515 OS Version: Windows 5.1.2600 Service Pack 3
05:25:56.515 Number of processors: 2 586 0x6B02
05:25:56.515 ComputerName: JD UserName:
05:25:57.968 Initialize success
05:26:11.828 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c
05:26:11.828 Disk 0 Vendor: WDC_WD2000JB-00GVC0 08.02D08 Size: 190781MB BusType: 3
05:26:11.828 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-17
05:26:11.828 Disk 1 Vendor: ST3250310AS 3.AAC Size: 238474MB BusType: 3
05:26:11.859 Disk 1 MBR read successfully
05:26:11.859 Disk 1 MBR scan
05:26:11.859 Disk 1 Windows XP default MBR code
05:26:11.859 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
05:26:11.859 Disk 1 scanning sectors +488376000
05:26:11.984 Disk 1 scanning C:\WINDOWS\system32\drivers
05:26:19.296 Service scanning
05:26:32.828 Modules scanning
05:26:41.531 Disk 1 trace - called modules:
05:26:41.546 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
05:26:41.546 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8a6eaab8]
05:26:41.546 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000062[0x8a6ed9e8]
05:26:41.546 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-17[0x8a6de940]
05:26:41.546 Scan finished successfully
05:27:55.640 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\User 1\Desktop\MBR.dat"
05:27:55.640 The log file has been saved successfully to "C:\Documents and Settings\User 1\Desktop\aswMBR.txt"

OTL logfile created on: 14/04/2012 5:32:14 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\User 1\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.60% Memory free
3.85 Gb Paging File | 3.20 Gb Available in Paging File | 83.28% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 151.32 Gb Free Space | 64.98% Space Free | Partition Type: NTFS
Drive E: | 186.30 Gb Total Space | 135.86 Gb Free Space | 72.92% Space Free | Partition Type: NTFS

Computer Name: JD | User Name: User 1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/14 05:31:17 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User 1\Desktop\OTL.exe
PRC - [2012/04/04 21:40:18 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\User 1\Desktop\aswMBR.exe
PRC - [2012/03/26 04:13:18 | 000,329,312 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2012/01/13 13:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 13:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/12 10:03:40 | 000,380,928 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
PRC - [2003/12/08 17:35:14 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/04 01:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/04/15 11:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2008/04/14 10:12:03 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2008/04/14 10:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 10:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/07/12 10:03:40 | 000,761,856 | ---- | M] () -- C:\Program Files\ASUS\GamerOSD\ImageTransform.dll
MOD - [2004/08/04 22:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/01/13 13:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/09/01 14:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2007/07/12 16:30:42 | 000,257,024 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Stopped] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\vojkivq.sys -- (yewucpc)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\USER1~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\USER1~1\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/07/17 10:42:29 | 000,243,024 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/17 10:41:59 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/03 15:16:47 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/10/02 14:09:20 | 004,486,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/08/19 22:05:56 | 000,100,368 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/02/08 19:02:02 | 000,015,600 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2007/09/05 19:31:30 | 004,611,072 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/07/12 10:03:42 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2007/07/12 10:03:40 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D)
DRV - [2007/07/12 10:03:38 | 000,012,288 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2007/07/12 10:03:38 | 000,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2007/06/28 12:46:42 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/06/28 12:46:40 | 000,045,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-436374069-2049760794-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-436374069-2049760794-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-436374069-2049760794-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
IE - HKU\S-1-5-21-436374069-2049760794-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-436374069-2049760794-839522115-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-436374069-2049760794-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-436374069-2049760794-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-436374069-2049760794-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 61333
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/08 06:31:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/04 22:47:08 | 000,000,000 | ---D | M]

[2009/02/19 18:28:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User 1\Application Data\Mozilla\Extensions
[2012/03/02 08:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User 1\Application Data\Mozilla\Firefox\Profiles\397mz4yq.default\extensions
[2010/12/11 09:09:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User 1\Application Data\Mozilla\Firefox\Profiles\397mz4yq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/04 22:39:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/04 22:39:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/04/04 22:39:27 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2012/04/04 22:39:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2012/03/05 07:19:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O4 - HKLM..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-436374069-2049760794-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-436374069-2049760794-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-436374069-2049760794-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-436374069-2049760794-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-436374069-2049760794-839522115-1004\..Trusted Domains: select2perform.com.au ([]* in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} https://www.select2perform.com.au/cabs/QOLCheck.ocx (QOLCheck Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.fujifilmimagine.com/imagine/ax/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3184E631-7FE7-4CB3-99A6-2EFF93589070}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 () - http://l.yimg.com/us.js.yimg.com/lib/pim/r/medici/16_11/mail/mailcommonlib.js
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/08 18:35:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/07/07 14:23:27 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/14 05:31:13 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User 1\Desktop\OTL.exe
[2012/04/12 13:25:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/04/05 00:32:36 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\User 1\Desktop\dds.scr
[2012/04/05 00:09:30 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User 1\Desktop\TFC.exe
[2012/04/05 00:07:40 | 001,805,736 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\User 1\Desktop\FixZeroAccess.exe
[2012/04/04 23:58:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/04/04 23:58:46 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2012/04/04 23:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2012/04/04 23:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User 1\Application Data\WinPatrol
[2012/04/04 23:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPatrol
[2012/04/04 23:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2012/04/04 23:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2012/04/04 23:42:49 | 000,840,264 | ---- | C] (BillP Studios) -- C:\Documents and Settings\User 1\Desktop\wpsetup.exe
[2012/04/04 23:39:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User 1\Recent
[2012/04/04 23:39:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/04 23:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/04/04 23:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/04/04 22:46:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/04/04 22:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/04/04 22:42:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User 1\Start Menu\Programs\HiJackThis
[2012/04/04 22:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/04/04 22:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/04 22:39:40 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/04/04 22:39:40 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/04/04 22:39:40 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/04/04 22:39:40 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/04/04 22:39:40 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/04/04 22:08:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/04 22:08:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/04 22:08:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/04 22:08:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/04 22:07:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/04 22:01:52 | 004,455,902 | R--- | C] (Swearware) -- C:\Documents and Settings\User 1\Desktop\ComboFix.exe
[2012/04/04 21:55:16 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/04 21:53:38 | 002,072,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User 1\Desktop\tdsskiller.exe
[2012/04/04 21:40:18 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\User 1\Desktop\aswMBR.exe
[2012/04/04 15:30:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User 1\Desktop\New Folder (4)
[2012/03/25 07:09:44 | 000,000,000 | ---D | C] -- C:\Program Files\TimeLineRemove
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/14 05:31:17 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User 1\Desktop\OTL.exe
[2012/04/14 05:27:55 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\User 1\Desktop\MBR.dat
[2012/04/14 05:25:44 | 000,711,240 | ---- | M] () -- C:\WINDOWS\is-441V6.exe
[2012/04/14 05:25:44 | 000,010,498 | ---- | M] () -- C:\WINDOWS\is-441V6.msg
[2012/04/14 05:25:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/14 05:25:44 | 000,000,479 | ---- | M] () -- C:\WINDOWS\is-441V6.lst
[2012/04/14 05:19:49 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/14 05:19:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/12 14:55:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/12 14:53:08 | 000,514,064 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/12 14:53:08 | 000,086,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/12 13:59:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/12 13:25:35 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2012/04/12 13:16:42 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/05 09:17:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\User 1\defogger_reenable
[2012/04/05 00:32:41 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\User 1\Desktop\dds.scr
[2012/04/05 00:09:53 | 000,980,480 | ---- | M] () -- C:\Documents and Settings\User 1\Desktop\MicrosoftFixit50267.msi
[2012/04/05 00:09:33 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User 1\Desktop\TFC.exe
[2012/04/05 00:07:46 | 001,805,736 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\User 1\Desktop\FixZeroAccess.exe
[2012/04/05 00:01:28 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\User 1\Desktop\iw8tdboi.exe
[2012/04/04 23:58:46 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\User 1\Desktop\SpywareBlaster.lnk
[2012/04/04 23:58:32 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\User 1\My Documents\y8hcbdeq.exe
[2012/04/04 23:42:56 | 000,840,264 | ---- | M] (BillP Studios) -- C:\Documents and Settings\User 1\Desktop\wpsetup.exe
[2012/04/04 23:38:50 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/04/04 22:58:46 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\User 1\Desktop\HiJackThis.lnk
[2012/04/04 22:47:08 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/04/04 22:39:26 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/04/04 22:39:26 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/04/04 22:39:26 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/04/04 22:39:26 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/04/04 22:39:26 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/04/04 22:01:52 | 004,455,902 | R--- | M] (Swearware) -- C:\Documents and Settings\User 1\Desktop\ComboFix.exe
[2012/04/04 21:53:38 | 002,072,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User 1\Desktop\tdsskiller.exe
[2012/04/04 21:47:13 | 000,134,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/04 21:41:39 | 000,879,714 | ---- | M] () -- C:\Documents and Settings\User 1\Desktop\SecurityCheck.exe
[2012/04/04 21:40:18 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\User 1\Desktop\aswMBR.exe
[2012/04/04 21:39:51 | 000,337,137 | ---- | M] () -- C:\Documents and Settings\User 1\Desktop\FSS.exe
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/04 10:02:56 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/03/27 14:24:42 | 000,070,948 | ---- | M] () -- C:\Documents and Settings\User 1\Desktop\IMG_0057.jpg
[2012/03/27 12:27:34 | 000,109,409 | ---- | M] () -- C:\Documents and Settings\User 1\Desktop\IMG_0053.jpg
[2012/03/27 12:27:01 | 000,077,535 | ---- | M] () -- C:\Documents and Settings\User 1\Desktop\IMG_0055.jpg
[2012/03/21 06:14:35 | 000,038,873 | ---- | M] () -- C:\Documents and Settings\User 1\Desktop\IMG_0050.jpg
[2012/03/17 04:59:46 | 000,040,456 | ---- | M] () -- C:\Documents and Settings\User 1\Desktop\IMG_0042.jpg
[2012/03/15 06:31:09 | 001,128,250 | ---- | M] () -- C:\Documents and Settings\User 1\Desktop\0722922606.pdf
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/14 05:27:55 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\User 1\Desktop\MBR.dat
[2012/04/14 05:25:44 | 000,711,240 | ---- | C] () -- C:\WINDOWS\is-441V6.exe
[2012/04/14 05:25:44 | 000,010,498 | ---- | C] () -- C:\WINDOWS\is-441V6.msg
[2012/04/14 05:25:44 | 000,000,479 | ---- | C] () -- C:\WINDOWS\is-441V6.lst
[2012/04/12 14:55:58 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/04/05 09:17:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User 1\defogger_reenable
[2012/04/05 00:09:51 | 000,980,480 | ---- | C] () -- C:\Documents and Settings\User 1\Desktop\MicrosoftFixit50267.msi
[2012/04/05 00:01:25 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\User 1\Desktop\iw8tdboi.exe
[2012/04/04 23:58:46 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\User 1\Desktop\SpywareBlaster.lnk
[2012/04/04 23:58:30 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\User 1\My Documents\y8hcbdeq.exe
[2012/04/04 23:38:50 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/04/04 22:47:08 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/04/04 22:47:08 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/04/04 22:42:33 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\User 1\Desktop\HiJackThis.lnk
[2012/04/04 22:08:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/04 22:08:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/04 22:08:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/04 22:08:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/04 22:08:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/04 21:41:34 | 000,879,714 | ---- | C] () -- C:\Documents and Settings\User 1\Desktop\SecurityCheck.exe
[2012/04/04 21:39:48 | 000,337,137 | ---- | C] () -- C:\Documents and Settings\User 1\Desktop\FSS.exe
[2012/03/27 14:18:51 | 000,070,948 | ---- | C] () -- C:\Documents and Settings\User 1\Desktop\IMG_0057.jpg
[2012/03/27 12:24:48 | 000,077,535 | ---- | C] () -- C:\Documents and Settings\User 1\Desktop\IMG_0055.jpg
[2012/03/27 12:24:35 | 000,109,409 | ---- | C] () -- C:\Documents and Settings\User 1\Desktop\IMG_0053.jpg
[2012/03/21 06:12:23 | 000,038,873 | ---- | C] () -- C:\Documents and Settings\User 1\Desktop\IMG_0050.jpg
[2012/03/17 04:50:32 | 000,040,456 | ---- | C] () -- C:\Documents and Settings\User 1\Desktop\IMG_0042.jpg
[2012/03/15 06:31:07 | 001,128,250 | ---- | C] () -- C:\Documents and Settings\User 1\Desktop\0722922606.pdf
[2012/02/15 19:04:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/05/08 19:19:45 | 000,018,131 | ---- | C] () -- C:\Documents and Settings\User 1\Application Data\C46E.0DB
[2010/11/18 19:28:57 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/11/17 15:03:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/11/17 15:03:42 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/11/17 15:03:42 | 000,195,855 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/11/17 15:03:42 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/11/09 16:24:01 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/11/09 16:23:59 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/11/09 16:23:59 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/11/09 16:23:46 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/05/10 18:08:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

< End of report >

OTL Extras logfile created on: 14/04/2012 5:32:14 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\User 1\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.60% Memory free
3.85 Gb Paging File | 3.20 Gb Available in Paging File | 83.28% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 151.32 Gb Free Space | 64.98% Space Free | Partition Type: NTFS
Drive E: | 186.30 Gb Total Space | 135.86 Gb Free Space | 72.92% Space Free | Partition Type: NTFS

Computer Name: JD | User Name: User 1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SoulseekNS\slsk.exe" = C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Program Files\Soulseek\slsk.exe" = C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{2090AAD2-D129-375A-8152-93AE4EBDEF11}" = ccc-core-static
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{302A1E2E-DD58-4673-BC99-9CC10EC2637A}" = WinPatrol
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Gamer OSD
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{449640D0-C912-44C9-A62B-3A5CC1B3179E}" = BigPond Broadband ADSL
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56E4D082-46F8-99B4-4E43-C6B79677968F}" = Catalyst Control Center Graphics Previews Common
"{575471C8-A90D-9AEB-DD5F-D68D0536482A}" = ccc-utility
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{905D6E0C-B378-8CF8-0681-31F38D78E204}" = ccc-core-preinstall
"{97882553-D37E-F980-1ED0-0748A550D912}" = Catalyst Control Center Graphics Full Existing
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AF16488F-1EAB-5AF1-54D4-59BBAEFA4F48}" = Catalyst Control Center Graphics Full New
"{AFAF626C-D2E6-455C-9A5A-ACDF049A6168}" = ASUS nVidia Driver
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BEECCA33-C880-4648-A043-18614EE1249E}" = ATI AVIVO Codecs
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D48C9BFC-FBCF-4F29-B97D-822ED6D497FE}" = SAMSUNG PC Studio 2.0.9
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE2243EE-7C32-C90A-DDF8-75067F45A68D}" = Catalyst Control Center HydraVision Full
"0D5BC5DD5940677F9B5623C12951388F5EF72436" = Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (02/07/2007 5.1283.0207.2007)
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"84261EAEDFA5240ACFFEDFB145134E295B649795" = Windows Driver Package - Thomson (USB_RNDIS) Net (02/16/2004 1.0.0.3)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVD Shrink_is1" = DVD Shrink 3.2
"EDE780BB5DCF2C3476C105BAE4CC1175516E9173" = Windows Driver Package - NETGEAR (W8335XP) Net (02/22/2005 3.1.1.7)
"ExpressRip" = Express Rip
"FLV Player" = FLV Player 2.0, build 24
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{D48C9BFC-FBCF-4F29-B97D-822ED6D497FE}" = SAMSUNG PC Studio 2.0.9
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = ninemsn Internet Software
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Soulseek" = SoulSeek Client 156c
"Soulseek2" = SoulSeek 157 NS 13c
"SpywareBlaster_is1" = SpywareBlaster 4.6
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xvid" = XviD MPEG-4 Video Codec

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/02/2012 5:38:56 PM | Computer Name = JD | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module comctl32.dll, version 6.0.2900.6028, fault address 0x0004dbe4.

Error - 28/02/2012 5:39:03 PM | Computer Name = JD | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 4/03/2012 2:17:56 AM | Computer Name = JD | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module icucnv36.dll, version 3.6.0.0, fault address 0x000013df.

Error - 6/03/2012 12:46:31 AM | Computer Name = JD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 15/03/2012 3:44:57 PM | Computer Name = JD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 23/03/2012 3:03:58 AM | Computer Name = JD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 29/03/2012 6:16:22 PM | Computer Name = JD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 31/03/2012 9:50:51 PM | Computer Name = JD | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19190, fault address 0x00067978.

Error - 4/04/2012 10:13:32 AM | Computer Name = JD | Source = Application Hang | ID = 1002
Description = Hanging application FixZeroAccess.exe, version 1.0.1.7, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/04/2012 10:13:34 AM | Computer Name = JD | Source = Application Hang | ID = 1002
Description = Hanging application FixZeroAccess.exe, version 1.0.1.7, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 11/04/2012 11:28:40 PM | Computer Name = JD | Source = Service Control Manager | ID = 7034
Description = The ATK Keyboard Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 12/04/2012 6:18:07 PM | Computer Name = JD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Apple Mobile Device service
to connect.

Error - 12/04/2012 6:18:07 PM | Computer Name = JD | Source = Service Control Manager | ID = 7000
Description = The Apple Mobile Device service failed to start due to the following
error: %%1053

Error - 12/04/2012 6:18:07 PM | Computer Name = JD | Source = Service Control Manager | ID = 7000
Description = The AVG Free WatchDog service failed to start due to the following
error: %%2

Error - 12/04/2012 8:25:50 PM | Computer Name = JD | Source = Service Control Manager | ID = 7034
Description = The ATK Keyboard Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 13/04/2012 3:19:49 PM | Computer Name = JD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Apple Mobile Device service
to connect.

Error - 13/04/2012 3:19:49 PM | Computer Name = JD | Source = Service Control Manager | ID = 7000
Description = The Apple Mobile Device service failed to start due to the following
error: %%1053

Error - 13/04/2012 3:19:49 PM | Computer Name = JD | Source = Service Control Manager | ID = 7000
Description = The AVG Free WatchDog service failed to start due to the following
error: %%2

Error - 13/04/2012 3:20:41 PM | Computer Name = JD | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.93 for the Network Card with network
address 001A4DFC34A7 has been denied by the DHCP server 10.0.0.138 (The DHCP Server
sent a DHCPNACK message).

Error - 13/04/2012 3:20:42 PM | Computer Name = JD | Source = Service Control Manager | ID = 7034
Description = The ATK Keyboard Service service terminated unexpectedly. It has
done this 1 time(s).


< End of report >

ComboFix 12-04-04.01 - User 1 04/04/2012 23:22:38.11.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.1022.603 [GMT 10:00]
Running from: c:\documents and settings\User 1\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User 1\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-04 12:46 . 2012-04-04 12:46 -------- d-----w- c:\program files\Common Files\Adobe
2012-04-04 12:42 . 2012-04-04 12:42 388096 ----a-r- c:\documents and settings\User 1\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-04 12:42 . 2012-04-04 12:42 -------- d-----w- c:\program files\Trend Micro
2012-04-04 12:39 . 2012-04-04 12:39 -------- d-----w- c:\program files\Common Files\Java
2012-04-04 12:39 . 2012-04-04 12:39 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2012-04-04 12:39 . 2012-04-04 12:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-04 12:39 . 2012-04-04 12:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 11:55 . 2012-04-04 13:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-24 21:09 . 2012-03-25 22:08 -------- d-----w- c:\program files\TimeLineRemove
2012-03-13 07:43 . 2012-03-13 07:43 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-15 00:01 . 2009-12-25 02:43 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 00:01 . 2008-11-12 10:21 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-04 01:18 . 2012-02-04 01:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2004-08-04 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-15 09:04 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2008-02-08 08:32 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2005-03-31 12:17 . 2008-02-08 09:06 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-04_12.22.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-04 13:21 . 2012-04-04 13:21 16384 c:\windows\Temp\Perflib_Perfdata_574.dat
+ 2011-06-06 02:55 . 2011-06-06 02:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 02:55 . 2011-06-06 02:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 02:55 . 2011-06-06 02:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 02:55 . 2011-06-06 02:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 02:55 . 2011-06-06 02:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 02:55 . 2011-06-06 02:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 02:55 . 2011-06-06 02:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 02:55 . 2011-06-06 02:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 02:55 . 2011-06-06 02:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2012-04-04 12:39 . 2012-04-04 12:39 157472 c:\windows\system32\javaws.exe
+ 2012-04-04 12:39 . 2012-04-04 12:39 149280 c:\windows\system32\javaw.exe
+ 2012-04-04 12:39 . 2012-04-04 12:39 149280 c:\windows\system32\java.exe
+ 2012-04-04 12:39 . 2012-04-04 12:39 203776 c:\windows\Installer\12c28e.msi
+ 2012-04-04 12:39 . 2012-04-04 12:39 901120 c:\windows\Installer\12c27e.msi
+ 2011-06-06 02:55 . 2011-06-06 02:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 02:55 . 2011-06-06 02:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 02:55 . 2011-06-06 02:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
+ 2011-06-06 02:55 . 2011-06-06 02:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 02:55 . 2011-06-06 02:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 02:55 . 2011-06-06 02:55 937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearm.exe
+ 2011-06-06 02:55 . 2011-06-06 02:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 02:55 . 2011-06-06 02:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 02:55 . 2011-06-06 02:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 02:55 . 2011-06-06 02:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2012-04-04 12:47 . 2012-04-04 12:47 2295808 c:\windows\Installer\12c362.msi
+ 2012-04-04 12:42 . 2012-04-04 12:42 1094656 c:\windows\Installer\12c292.msi
+ 2011-06-06 02:55 . 2011-06-06 02:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 02:55 . 2011-06-06 02:55 1189004 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
+ 2011-06-06 02:55 . 2011-06-06 02:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 02:55 . 2011-06-06 02:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 02:55 . 2011-06-06 02:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2012-01-03 17:44 . 2012-01-03 17:44 15929344 c:\windows\Installer\12c363.msp
+ 2011-06-06 02:55 . 2011-06-06 02:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-13 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 16841216]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-10-01 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-17 00:42 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/07/2008 6:15 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/03/2010 4:49 PM 243024]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/06/2009 3:45 PM 652360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/06/2009 3:45 PM 20464]
S0 yewucpc;yewucpc;c:\windows\system32\drivers\vojkivq.sys --> c:\windows\system32\drivers\vojkivq.sys [?]
S2 avg9wd;AVG Free WatchDog;"c:\program files\AVG\AVG9\avgwdsvc.exe" --> c:\program files\AVG\AVG9\avgwdsvc.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13/03/2010 5:14 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13/03/2010 5:14 PM 135664]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [4/08/2004 10:00 PM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 07:14]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 07:14]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://ninemsn.com.au/
uInternet Settings,ProxyOverride = <local>;*.local
Trusted Zone: select2perform.com.au
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\User 1\Application Data\Mozilla\Firefox\Profiles\397mz4yq.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 61333
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
user_pref(security.warn_viewing_mixed,false);
user_pref(security.warn_viewing_mixed.show_once,false);
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
user_pref(security.warn_submit_insecure,false);
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-04 23:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-04-04 23:32:36
ComboFix-quarantined-files.txt 2012-04-04 13:32
ComboFix2.txt 2012-04-04 12:24
.
Pre-Run: 162,210,787,328 bytes free
Post-Run: 162,247,663,616 bytes free
.
- - End Of File - - EE4EB9C2BD037987365007883622174D

09:13:41.0765 2176 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
09:13:42.0734 2176 ============================================================
09:13:42.0734 2176 Current date / time: 2012/04/05 09:13:42.0734
09:13:42.0734 2176 SystemInfo:
09:13:42.0734 2176
09:13:42.0734 2176 OS Version: 5.1.2600 ServicePack: 3.0
09:13:42.0734 2176 Product type: Workstation
09:13:42.0734 2176 ComputerName: JD
09:13:42.0734 2176 UserName: User 1
09:13:42.0734 2176 Windows directory: C:\WINDOWS
09:13:42.0734 2176 System windows directory: C:\WINDOWS
09:13:42.0734 2176 Processor architecture: Intel x86
09:13:42.0734 2176 Number of processors: 2
09:13:42.0734 2176 Page size: 0x1000
09:13:42.0734 2176 Boot type: Normal boot
09:13:42.0734 2176 ============================================================
09:13:43.0921 2176 Drive \Device\Harddisk0\DR0 - Size: 0x2E93D2DE00 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:13:43.0937 2176 Drive \Device\Harddisk1\DR1 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:13:43.0937 2176 \Device\Harddisk0\DR0:
09:13:43.0937 2176 MBR used
09:13:43.0937 2176 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17499EC1
09:13:43.0937 2176 \Device\Harddisk1\DR1:
09:13:43.0937 2176 MBR used
09:13:43.0937 2176 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
09:13:43.0968 2176 Initialize success
09:13:43.0968 2176 ============================================================
09:13:49.0593 2360 ============================================================
09:13:49.0593 2360 Scan started
09:13:49.0593 2360 Mode: Manual;
09:13:49.0593 2360 ============================================================
09:13:49.0750 2360 Scan interrupted by user!
09:13:49.0750 2360 Scan interrupted by user!
09:13:49.0750 2360 Scan interrupted by user!
09:13:49.0750 2360 ============================================================
09:13:49.0750 2360 Scan finished
09:13:49.0750 2360 ============================================================
09:13:49.0750 2352 Detected object count: 0
09:13:49.0750 2352 Actual detected object count: 0
09:13:51.0234 2372 ============================================================
09:13:51.0234 2372 Scan started
09:13:51.0234 2372 Mode: Manual;
09:13:51.0234 2372 ============================================================
09:13:51.0343 2372 Scan interrupted by user!
09:13:51.0343 2372 Scan interrupted by user!
09:13:51.0343 2372 Scan interrupted by user!
09:13:51.0343 2372 ============================================================
09:13:51.0343 2372 Scan finished
09:13:51.0343 2372 ============================================================
09:13:51.0343 2348 Detected object count: 0
09:13:51.0343 2348 Actual detected object count: 0
09:13:51.0843 2380 ============================================================
09:13:51.0843 2380 Scan started
09:13:51.0843 2380 Mode: Manual;
09:13:51.0843 2380 ============================================================
09:13:52.0000 2380 Abiosdsk - ok
09:13:52.0078 2380 abp480n5 - ok
09:13:52.0187 2380 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:13:52.0187 2380 ACPI - ok
09:13:52.0281 2380 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:13:52.0281 2380 ACPIEC - ok
09:13:52.0359 2380 adpu160m - ok
09:13:52.0468 2380 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:13:52.0468 2380 aec - ok
09:13:52.0593 2380 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:13:52.0593 2380 AFD - ok
09:13:52.0671 2380 Aha154x - ok
09:13:52.0734 2380 aic78u2 - ok
09:13:52.0812 2380 aic78xx - ok
09:13:52.0906 2380 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
09:13:52.0906 2380 Alerter - ok
09:13:52.0984 2380 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
09:13:53.0000 2380 ALG - ok
09:13:53.0062 2380 AliIde - ok
09:13:53.0156 2380 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
09:13:53.0156 2380 AmdK8 - ok
09:13:53.0218 2380 amsint - ok
09:13:53.0296 2380 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:13:53.0296 2380 Apple Mobile Device - ok
09:13:53.0406 2380 AppMgmt - ok
09:13:53.0531 2380 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:13:53.0531 2380 Arp1394 - ok
09:13:53.0609 2380 asc - ok
09:13:53.0671 2380 asc3350p - ok
09:13:53.0750 2380 asc3550 - ok
09:13:53.0828 2380 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:13:53.0843 2380 aspnet_state - ok
09:13:53.0921 2380 asusgsb (d320732bcf5ff856120bd06855c66867) C:\WINDOWS\system32\drivers\asusgsb.sys
09:13:53.0921 2380 asusgsb - ok
09:13:54.0031 2380 asuskbnt (b3b881eb81013aac11594a5400ada47a) C:\WINDOWS\system32\drivers\atkkbnt.sys
09:13:54.0031 2380 asuskbnt - ok
09:13:54.0125 2380 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:13:54.0125 2380 AsyncMac - ok
09:13:54.0218 2380 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:13:54.0218 2380 atapi - ok
09:13:54.0312 2380 Atdisk - ok
09:13:54.0453 2380 Ati HotKey Poller (af61e4353c2257b32baa22d97b822c04) C:\WINDOWS\system32\Ati2evxx.exe
09:13:54.0453 2380 Ati HotKey Poller - ok
09:13:54.0578 2380 ATI Smart (106c8d405a14387a7b21ed3a73a9511a) C:\WINDOWS\system32\ati2sgag.exe
09:13:54.0609 2380 ATI Smart - ok
09:13:55.0078 2380 ati2mtag (9cd9658b9575a07aad676639fe3b51d6) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
09:13:55.0109 2380 ati2mtag - ok
09:13:55.0203 2380 AtiHdmiService (fac04a8e09c8d70594382656d99772a3) C:\WINDOWS\system32\drivers\AtiHdmi.sys
09:13:55.0218 2380 AtiHdmiService - ok
09:13:55.0296 2380 ATKKeyboardService (b453700b9eb83fef29811b28dae27d29) C:\WINDOWS\ATKKBService.exe
09:13:57.0359 2380 ATKKeyboardService - ok
09:13:57.0546 2380 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:13:57.0546 2380 Atmarpc - ok
09:13:57.0671 2380 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
09:13:57.0671 2380 AudioSrv - ok
09:13:57.0765 2380 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:13:57.0765 2380 audstub - ok
09:13:57.0843 2380 avg9wd - ok
09:13:58.0015 2380 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
09:13:58.0015 2380 AvgLdx86 - ok
09:13:58.0109 2380 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
09:13:58.0109 2380 AvgMfx86 - ok
09:13:58.0234 2380 AvgTdiX (c9e0d649532f75019b9b035da85a9a5f) C:\WINDOWS\System32\Drivers\avgtdix.sys
09:13:58.0234 2380 AvgTdiX ( Virus.Win32.ZAccess.k ) - infected
09:13:58.0234 2380 AvgTdiX - detected Virus.Win32.ZAccess.k (0)
09:13:58.0312 2380 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:13:58.0328 2380 Beep - ok
09:13:58.0453 2380 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
09:13:58.0562 2380 BITS - ok
09:13:58.0656 2380 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
09:13:58.0687 2380 Bonjour Service - ok
09:13:58.0828 2380 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
09:13:58.0828 2380 Browser - ok
09:13:58.0921 2380 catchme - ok
09:13:59.0062 2380 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:13:59.0062 2380 cbidf2k - ok
09:13:59.0156 2380 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:13:59.0171 2380 CCDECODE - ok
09:13:59.0234 2380 cd20xrnt - ok
09:13:59.0328 2380 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:13:59.0328 2380 Cdaudio - ok
09:13:59.0406 2380 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:13:59.0421 2380 Cdfs - ok
09:13:59.0515 2380 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:13:59.0515 2380 Cdrom - ok
09:13:59.0593 2380 Changer - ok
09:13:59.0687 2380 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
09:13:59.0687 2380 CiSvc - ok
09:13:59.0750 2380 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
09:13:59.0765 2380 ClipSrv - ok
09:13:59.0859 2380 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:13:59.0953 2380 clr_optimization_v2.0.50727_32 - ok
09:14:00.0062 2380 CmdIde - ok
09:14:00.0140 2380 COMSysApp - ok
09:14:00.0218 2380 Cpqarray - ok
09:14:00.0328 2380 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
09:14:00.0328 2380 CryptSvc - ok
09:14:00.0406 2380 dac2w2k - ok
09:14:00.0468 2380 dac960nt - ok
09:14:00.0609 2380 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:14:00.0609 2380 DcomLaunch - ok
09:14:00.0718 2380 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
09:14:00.0718 2380 Dhcp - ok
09:14:00.0812 2380 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:14:00.0828 2380 Disk - ok
09:14:00.0890 2380 dmadmin - ok
09:14:01.0062 2380 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:14:01.0156 2380 dmboot - ok
09:14:01.0234 2380 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:14:01.0250 2380 dmio - ok
09:14:01.0328 2380 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:14:01.0328 2380 dmload - ok
09:14:01.0406 2380 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
09:14:01.0406 2380 dmserver - ok
09:14:01.0500 2380 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:14:01.0500 2380 DMusic - ok
09:14:01.0593 2380 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
09:14:01.0593 2380 Dnscache - ok
09:14:01.0718 2380 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
09:14:01.0718 2380 Dot3svc - ok
09:14:01.0796 2380 dpti2o - ok
09:14:01.0890 2380 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:14:01.0890 2380 drmkaud - ok
09:14:01.0984 2380 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
09:14:01.0984 2380 EapHost - ok
09:14:02.0078 2380 EIO (0daf3544804650526751c478aeccce63) C:\WINDOWS\system32\drivers\EIO.sys
09:14:02.0078 2380 EIO - ok
09:14:02.0171 2380 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
09:14:02.0171 2380 ERSvc - ok
09:14:02.0281 2380 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:14:02.0281 2380 Eventlog - ok
09:14:02.0406 2380 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
09:14:02.0421 2380 EventSystem - ok
09:14:02.0531 2380 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:14:02.0546 2380 Fastfat - ok
09:14:02.0640 2380 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:14:02.0640 2380 FastUserSwitchingCompatibility - ok
09:14:02.0734 2380 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:14:02.0734 2380 Fdc - ok
09:14:02.0812 2380 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:14:02.0812 2380 Fips - ok
09:14:02.0890 2380 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:14:02.0890 2380 Flpydisk - ok
09:14:02.0984 2380 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:14:03.0000 2380 FltMgr - ok
09:14:03.0125 2380 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:14:03.0125 2380 FontCache3.0.0.0 - ok
09:14:03.0250 2380 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:14:03.0250 2380 Fs_Rec - ok
09:14:03.0359 2380 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:14:03.0359 2380 Ftdisk - ok
09:14:03.0421 2380 gdrv (54789f9ba0d59072cdd4e7c200e122c4) C:\WINDOWS\gdrv.sys
09:14:03.0421 2380 gdrv - ok
09:14:03.0546 2380 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
09:14:03.0546 2380 GEARAspiWDM - ok
09:14:03.0656 2380 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:14:03.0656 2380 Gpc - ok
09:14:03.0765 2380 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
09:14:03.0765 2380 gupdate - ok
09:14:03.0781 2380 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
09:14:03.0796 2380 gupdatem - ok
09:14:03.0859 2380 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:14:03.0875 2380 gusvc - ok
09:14:04.0046 2380 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:14:04.0046 2380 HDAudBus - ok
09:14:04.0140 2380 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:14:04.0140 2380 helpsvc - ok
09:14:04.0218 2380 HidServ - ok
09:14:04.0343 2380 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:14:04.0343 2380 HidUsb - ok
09:14:04.0453 2380 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
09:14:04.0453 2380 hkmsvc - ok
09:14:04.0546 2380 hpn - ok
09:14:04.0671 2380 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:14:04.0671 2380 HTTP - ok
09:14:04.0796 2380 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
09:14:04.0812 2380 HTTPFilter - ok
09:14:04.0906 2380 i2omgmt - ok
09:14:04.0984 2380 i2omp - ok
09:14:05.0078 2380 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:14:05.0078 2380 i8042prt - ok
09:14:05.0156 2380 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:14:05.0156 2380 IDriverT - ok
09:14:05.0390 2380 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:14:05.0515 2380 idsvc - ok
09:14:05.0656 2380 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:14:05.0656 2380 Imapi - ok
09:14:05.0765 2380 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
09:14:05.0781 2380 ImapiService - ok
09:14:05.0859 2380 ini910u - ok
09:14:06.0390 2380 IntcAzAudAddService (8c65fcf7ab3389e7c224ea2ec4456f2d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
09:14:06.0421 2380 IntcAzAudAddService - ok
09:14:06.0515 2380 IntelIde - ok
09:14:06.0609 2380 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:14:06.0609 2380 Ip6Fw - ok
09:14:06.0718 2380 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:14:06.0718 2380 IpFilterDriver - ok
09:14:07.0078 2380 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:14:07.0078 2380 IpInIp - ok
09:14:07.0281 2380 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:14:07.0296 2380 IpNat - ok
09:14:07.0453 2380 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
09:14:07.0640 2380 iPod Service - ok
09:14:07.0828 2380 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:14:07.0828 2380 IPSec - ok
09:14:08.0046 2380 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:14:08.0062 2380 IRENUM - ok
09:14:08.0281 2380 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:14:08.0296 2380 isapnp - ok
09:14:08.0531 2380 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
09:14:08.0562 2380 JavaQuickStarterService - ok
09:14:08.0828 2380 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:14:08.0843 2380 Kbdclass - ok
09:14:09.0062 2380 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:14:09.0140 2380 kmixer - ok
09:14:09.0328 2380 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:14:09.0359 2380 KSecDD - ok
09:14:09.0546 2380 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
09:14:09.0578 2380 lanmanserver - ok
09:14:09.0796 2380 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
09:14:09.0890 2380 lanmanworkstation - ok
09:14:10.0109 2380 lbrtfdc - ok
09:14:10.0296 2380 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
09:14:10.0312 2380 LmHosts - ok
09:14:10.0515 2380 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
09:14:10.0515 2380 MBAMProtector - ok
09:14:10.0718 2380 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:14:10.0812 2380 MBAMService - ok
09:14:10.0953 2380 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
09:14:10.0953 2380 Messenger - ok
09:14:11.0093 2380 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:14:11.0109 2380 mnmdd - ok
09:14:11.0343 2380 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
09:14:11.0359 2380 mnmsrvc - ok
09:14:11.0500 2380 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:14:11.0500 2380 Modem - ok
09:14:11.0593 2380 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:14:11.0593 2380 Mouclass - ok
09:14:11.0703 2380 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:14:11.0703 2380 mouhid - ok
09:14:11.0796 2380 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:14:11.0812 2380 MountMgr - ok
09:14:11.0875 2380 mraid35x - ok
09:14:11.0953 2380 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:14:11.0968 2380 MRxDAV - ok
09:14:12.0109 2380 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:14:12.0156 2380 MRxSmb - ok
09:14:12.0250 2380 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
09:14:12.0250 2380 MSDTC - ok
09:14:12.0343 2380 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:14:12.0343 2380 Msfs - ok
09:14:12.0406 2380 MSIServer - ok
09:14:12.0484 2380 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:14:12.0500 2380 MSKSSRV - ok
09:14:12.0562 2380 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:14:12.0562 2380 MSPCLOCK - ok
09:14:12.0640 2380 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:14:12.0640 2380 MSPQM - ok
09:14:12.0718 2380 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:14:12.0718 2380 mssmbios - ok
09:14:12.0796 2380 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:14:12.0796 2380 MSTEE - ok
09:14:12.0906 2380 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:14:12.0921 2380 Mup - ok
09:14:13.0031 2380 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:14:13.0031 2380 NABTSFEC - ok
09:14:13.0156 2380 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
09:14:13.0187 2380 napagent - ok
09:14:13.0281 2380 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:14:13.0296 2380 NDIS - ok
09:14:13.0375 2380 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:14:13.0375 2380 NdisIP - ok
09:14:13.0468 2380 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:14:13.0468 2380 NdisTapi - ok
09:14:13.0562 2380 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:14:13.0562 2380 Ndisuio - ok
09:14:13.0640 2380 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:14:13.0656 2380 NdisWan - ok
09:14:13.0750 2380 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:14:13.0750 2380 NDProxy - ok
09:14:13.0859 2380 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:14:13.0859 2380 NetBIOS - ok
09:14:13.0937 2380 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:14:13.0953 2380 NetBT - ok
09:14:14.0062 2380 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:14:14.0062 2380 NetDDE - ok
09:14:14.0078 2380 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:14:14.0078 2380 NetDDEdsdm - ok
09:14:14.0171 2380 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:14:14.0171 2380 Netlogon - ok
09:14:14.0250 2380 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
09:14:14.0265 2380 Netman - ok
09:14:14.0390 2380 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:14:14.0406 2380 NetTcpPortSharing - ok
09:14:14.0562 2380 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:14:14.0578 2380 NIC1394 - ok
09:14:14.0703 2380 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
09:14:14.0703 2380 Nla - ok
09:14:14.0765 2380 nosGetPlusHelper (f44addbf29905cb19f52fc9fe6a0efa1) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
09:14:14.0765 2380 nosGetPlusHelper - ok
09:14:14.0906 2380 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:14:14.0906 2380 Npfs - ok
09:14:15.0046 2380 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:14:15.0125 2380 Ntfs - ok
09:14:15.0234 2380 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:14:15.0234 2380 NtLmSsp - ok
09:14:15.0375 2380 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
09:14:15.0406 2380 NtmsSvc - ok
09:14:15.0515 2380 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:14:15.0515 2380 Null - ok
09:14:15.0625 2380 NVENETFD (982702a22349c2b31f7dcef62241058f) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
09:14:15.0640 2380 NVENETFD - ok
09:14:15.0703 2380 nvnetbus (bc0f2c4ed9d6da9a2519c55af7d4fc60) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
09:14:15.0703 2380 nvnetbus - ok
09:14:15.0796 2380 NVSvc (e9e110cdf6a063a5f9b841c36fb5cc95) C:\WINDOWS\system32\nvsvc32.exe
09:14:15.0796 2380 NVSvc - ok
09:14:15.0890 2380 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:14:15.0890 2380 NwlnkFlt - ok
09:14:15.0968 2380 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:14:15.0968 2380 NwlnkFwd - ok
09:14:16.0062 2380 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:14:16.0078 2380 ohci1394 - ok
09:14:16.0171 2380 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:14:16.0187 2380 Parport - ok
09:14:16.0250 2380 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:14:16.0250 2380 PartMgr - ok
09:14:16.0343 2380 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:14:16.0359 2380 ParVdm - ok
09:14:16.0453 2380 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:14:16.0453 2380 PCI - ok
09:14:16.0531 2380 PCIDump - ok
09:14:16.0593 2380 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:14:16.0593 2380 PCIIde - ok
09:14:16.0703 2380 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:14:16.0718 2380 Pcmcia - ok
09:14:16.0781 2380 PDCOMP - ok
09:14:16.0859 2380 PDFRAME - ok
09:14:16.0921 2380 PDRELI - ok
09:14:17.0000 2380 PDRFRAME - ok
09:14:17.0062 2380 perc2 - ok
09:14:17.0140 2380 perc2hib - ok
09:14:17.0250 2380 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:14:17.0250 2380 PlugPlay - ok
09:14:17.0328 2380 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:14:17.0328 2380 PolicyAgent - ok
09:14:17.0406 2380 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:14:17.0421 2380 PptpMiniport - ok
09:14:17.0500 2380 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
09:14:17.0500 2380 Processor - ok
09:14:17.0562 2380 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:14:17.0562 2380 ProtectedStorage - ok
09:14:17.0656 2380 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:14:17.0671 2380 PSched - ok
09:14:17.0750 2380 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:14:17.0750 2380 Ptilink - ok
09:14:17.0828 2380 ql1080 - ok
09:14:17.0890 2380 Ql10wnt - ok
09:14:17.0968 2380 ql12160 - ok
09:14:18.0031 2380 ql1240 - ok
09:14:18.0109 2380 ql1280 - ok
09:14:18.0187 2380 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:14:18.0203 2380 RasAcd - ok
09:14:18.0281 2380 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
09:14:18.0281 2380 RasAuto - ok
09:14:18.0375 2380 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:14:18.0375 2380 Rasl2tp - ok
09:14:18.0468 2380 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
09:14:18.0484 2380 RasMan - ok
09:14:18.0593 2380 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:14:18.0593 2380 RasPppoe - ok
09:14:18.0671 2380 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:14:18.0671 2380 Raspti - ok
09:14:18.0781 2380 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:14:18.0796 2380 Rdbss - ok
09:14:18.0875 2380 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:14:18.0875 2380 RDPCDD - ok
09:14:18.0968 2380 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
09:14:18.0984 2380 RDPWD - ok
09:14:19.0093 2380 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
09:14:19.0109 2380 RDSessMgr - ok
09:14:19.0203 2380 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:14:19.0218 2380 redbook - ok
09:14:19.0312 2380 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
09:14:19.0312 2380 RemoteAccess - ok
09:14:19.0406 2380 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
09:14:19.0406 2380 RpcLocator - ok
09:14:19.0531 2380 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
09:14:19.0531 2380 RpcSs - ok
09:14:19.0640 2380 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
09:14:19.0656 2380 RSVP - ok
09:14:19.0750 2380 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:14:19.0750 2380 SamSs - ok
09:14:19.0843 2380 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
09:14:19.0859 2380 SCardSvr - ok
09:14:19.0953 2380 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
09:14:19.0968 2380 Schedule - ok
09:14:20.0062 2380 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:14:20.0062 2380 Secdrv - ok
09:14:20.0140 2380 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
09:14:20.0140 2380 seclogon - ok
09:14:20.0218 2380 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
09:14:20.0218 2380 SENS - ok
09:14:20.0312 2380 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:14:20.0312 2380 serenum - ok
09:14:20.0390 2380 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:14:20.0406 2380 Serial - ok
09:14:20.0500 2380 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:14:20.0500 2380 Sfloppy - ok
09:14:20.0609 2380 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
09:14:20.0640 2380 SharedAccess - ok
09:14:20.0734 2380 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:14:20.0734 2380 ShellHWDetection - ok
09:14:20.0796 2380 Simbad - ok
09:14:20.0890 2380 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:14:20.0890 2380 SLIP - ok
09:14:20.0968 2380 Sparrow - ok
09:14:21.0046 2380 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:14:21.0046 2380 splitter - ok
09:14:21.0140 2380 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:14:21.0140 2380 Spooler - ok
09:14:21.0250 2380 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:14:21.0250 2380 sr - ok
09:14:21.0359 2380 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
09:14:21.0375 2380 srservice - ok
09:14:21.0500 2380 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:14:21.0531 2380 Srv - ok
09:14:21.0625 2380 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
09:14:21.0625 2380 SSDPSRV - ok
09:14:21.0718 2380 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
09:14:21.0750 2380 stisvc - ok
09:14:21.0828 2380 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:14:21.0843 2380 streamip - ok
09:14:21.0921 2380 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:14:21.0921 2380 swenum - ok
09:14:22.0000 2380 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:14:22.0000 2380 swmidi - ok
09:14:22.0062 2380 SwPrv - ok
09:14:22.0140 2380 symc810 - ok
09:14:22.0203 2380 symc8xx - ok
09:14:22.0281 2380 sym_hi - ok
09:14:22.0343 2380 sym_u3 - ok
09:14:22.0421 2380 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:14:22.0437 2380 sysaudio - ok
09:14:22.0531 2380 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
09:14:22.0531 2380 SysmonLog - ok
09:14:22.0640 2380 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
09:14:22.0656 2380 TapiSrv - ok
09:14:22.0796 2380 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:14:22.0828 2380 Tcpip - ok
09:14:22.0921 2380 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:14:22.0921 2380 TDPIPE - ok
09:14:23.0000 2380 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:14:23.0000 2380 TDTCP - ok
09:14:23.0093 2380 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:14:23.0093 2380 TermDD - ok
09:14:23.0218 2380 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
09:14:23.0250 2380 TermService - ok
09:14:23.0343 2380 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:14:23.0343 2380 Themes - ok
09:14:23.0406 2380 TosIde - ok
09:14:23.0500 2380 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
09:14:23.0500 2380 TrkWks - ok
09:14:23.0609 2380 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:14:23.0609 2380 Udfs - ok
09:14:23.0671 2380 ultra - ok
09:14:23.0796 2380 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:14:23.0828 2380 Update - ok
09:14:23.0921 2380 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
09:14:23.0937 2380 upnphost - ok
09:14:24.0031 2380 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
09:14:24.0031 2380 UPS - ok
09:14:24.0140 2380 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
09:14:24.0140 2380 USBAAPL - ok
09:14:24.0250 2380 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:14:24.0250 2380 usbccgp - ok
09:14:24.0343 2380 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:14:24.0343 2380 usbehci - ok
09:14:24.0453 2380 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:14:24.0453 2380 usbhub - ok
09:14:24.0531 2380 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
09:14:24.0531 2380 usbohci - ok
09:14:24.0609 2380 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:14:24.0625 2380 usbprint - ok
09:14:24.0718 2380 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:14:24.0718 2380 usbscan - ok
09:14:24.0812 2380 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:14:24.0828 2380 USBSTOR - ok
09:14:24.0921 2380 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:14:24.0921 2380 VgaSave - ok
09:14:24.0984 2380 ViaIde - ok
09:14:25.0093 2380 Video3D (8643da4a6c83da6c10fcab1e5ab6632d) C:\WINDOWS\system32\Drivers\Video3D32.sys
09:14:25.0093 2380 Video3D - ok
09:14:25.0187 2380 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:14:25.0187 2380 VolSnap - ok
09:14:25.0296 2380 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
09:14:25.0328 2380 VSS - ok
09:14:25.0421 2380 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
09:14:25.0437 2380 W32Time - ok
09:14:25.0531 2380 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:14:25.0531 2380 Wanarp - ok
09:14:25.0609 2380 WDICA - ok
09:14:25.0687 2380 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:14:25.0703 2380 wdmaud - ok
09:14:25.0796 2380 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
09:14:25.0796 2380 WebClient - ok
09:14:25.0906 2380 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:14:25.0921 2380 winmgmt - ok
09:14:26.0031 2380 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
09:14:26.0062 2380 WLSetupSvc - ok
09:14:26.0171 2380 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
09:14:26.0171 2380 WmdmPmSN - ok
09:14:26.0281 2380 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:14:26.0296 2380 WmiApSrv - ok
09:14:26.0453 2380 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
09:14:26.0546 2380 WMPNetworkSvc - ok
09:14:26.0671 2380 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:14:26.0671 2380 WS2IFSL - ok
09:14:26.0765 2380 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
09:14:26.0796 2380 wscsvc - ok
09:14:26.0921 2380 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:14:26.0921 2380 WSTCODEC - ok
09:14:27.0031 2380 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
09:14:27.0046 2380 wuauserv - ok
09:14:27.0156 2380 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:14:27.0156 2380 WudfPf - ok
09:14:27.0250 2380 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:14:27.0250 2380 WudfRd - ok
09:14:27.0343 2380 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
09:14:27.0343 2380 WudfSvc - ok
09:14:27.0484 2380 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
09:14:27.0546 2380 WZCSVC - ok
09:14:27.0687 2380 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
09:14:27.0703 2380 xmlprov - ok
09:14:27.0765 2380 yewucpc - ok
09:14:27.0796 2380 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:14:27.0953 2380 \Device\Harddisk0\DR0 - ok
09:14:27.0968 2380 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
09:14:28.0093 2380 \Device\Harddisk1\DR1 - ok
09:14:28.0109 2380 Boot (0x1200) (e5085950e0e361502a4c028ba3602972) \Device\Harddisk0\DR0\Partition0
09:14:28.0109 2380 \Device\Harddisk0\DR0\Partition0 - ok
09:14:28.0109 2380 Boot (0x1200) (d82ba361deb4f2b92a4504fceb56ac4d) \Device\Harddisk1\DR1\Partition0
09:14:28.0109 2380 \Device\Harddisk1\DR1\Partition0 - ok
09:14:28.0109 2380 ============================================================
09:14:28.0109 2380 Scan finished
09:14:28.0109 2380 ============================================================
09:14:28.0125 2376 Detected object count: 1
09:14:28.0125 2376 Actual detected object count: 1
09:15:11.0515 2376 C:\WINDOWS\System32\Drivers\avgtdix.sys - copied to quarantine
09:15:11.0609 2376 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\avgtdix.sys) error 1813
09:15:12.0062 2376 Backup copy not found, trying to cure infected file..
09:15:12.0062 2376 C:\WINDOWS\System32\Drivers\avgtdix.sys - Cure failed (FFFFFFFF)
09:15:12.0062 2376 C:\WINDOWS\System32\Drivers\avgtdix.sys - processing error
09:15:19.0125 2376 AvgTdiX ( Virus.Win32.ZAccess.k ) - User select action: Cure
09:15:24.0656 0580 Deinitialize success

#4 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:01:05 PM

Posted 14 April 2012 - 08:26 AM

Hello j ryan,

Can you uninstall your AVG AV please and run a scan with TDSSKiller again please?

In your next reply, please copy/paste the contents of the following:
  • TDSSKiller Log

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#5 j ryan

j ryan
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 14 April 2012 - 06:24 PM

Hi I just used Revo Uninstaller Pro to delete the remnants of AVG AV. here is the new TDSS Killer log:

09:19:08.0046 3120 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
09:19:08.0734 3120 ============================================================
09:19:08.0734 3120 Current date / time: 2012/04/15 09:19:08.0734
09:19:08.0734 3120 SystemInfo:
09:19:08.0734 3120
09:19:08.0734 3120 OS Version: 5.1.2600 ServicePack: 3.0
09:19:08.0734 3120 Product type: Workstation
09:19:08.0734 3120 ComputerName: JD
09:19:08.0734 3120 UserName: User 1
09:19:08.0734 3120 Windows directory: C:\WINDOWS
09:19:08.0734 3120 System windows directory: C:\WINDOWS
09:19:08.0734 3120 Processor architecture: Intel x86
09:19:08.0734 3120 Number of processors: 2
09:19:08.0734 3120 Page size: 0x1000
09:19:08.0734 3120 Boot type: Normal boot
09:19:08.0734 3120 ============================================================
09:19:08.0906 3120 Drive \Device\Harddisk0\DR0 - Size: 0x2E93D2DE00 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:19:08.0921 3120 Drive \Device\Harddisk1\DR1 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:19:08.0921 3120 \Device\Harddisk0\DR0:
09:19:08.0921 3120 MBR used
09:19:08.0921 3120 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17499EC1
09:19:08.0921 3120 \Device\Harddisk1\DR1:
09:19:08.0921 3120 MBR used
09:19:08.0921 3120 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
09:19:08.0968 3120 Initialize success
09:19:08.0968 3120 ============================================================
09:19:19.0078 3864 ============================================================
09:19:19.0078 3864 Scan started
09:19:19.0078 3864 Mode: Manual;
09:19:19.0078 3864 ============================================================
09:19:19.0750 3864 Abiosdsk - ok
09:19:19.0828 3864 abp480n5 - ok
09:19:19.0953 3864 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:19:19.0953 3864 ACPI - ok
09:19:20.0062 3864 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:19:20.0062 3864 ACPIEC - ok
09:19:20.0125 3864 adpu160m - ok
09:19:20.0234 3864 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:19:20.0234 3864 aec - ok
09:19:20.0343 3864 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:19:20.0343 3864 AFD - ok
09:19:20.0437 3864 Aha154x - ok
09:19:20.0515 3864 aic78u2 - ok
09:19:20.0593 3864 aic78xx - ok
09:19:20.0703 3864 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
09:19:20.0718 3864 Alerter - ok
09:19:20.0796 3864 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
09:19:20.0796 3864 ALG - ok
09:19:20.0875 3864 AliIde - ok
09:19:20.0984 3864 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
09:19:20.0984 3864 AmdK8 - ok
09:19:21.0062 3864 amsint - ok
09:19:21.0156 3864 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:19:21.0156 3864 Apple Mobile Device - ok
09:19:21.0250 3864 AppMgmt - ok
09:19:21.0375 3864 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:19:21.0375 3864 Arp1394 - ok
09:19:21.0437 3864 asc - ok
09:19:21.0515 3864 asc3350p - ok
09:19:21.0578 3864 asc3550 - ok
09:19:21.0687 3864 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:19:21.0687 3864 aspnet_state - ok
09:19:21.0828 3864 asusgsb (d320732bcf5ff856120bd06855c66867) C:\WINDOWS\system32\drivers\asusgsb.sys
09:19:21.0828 3864 asusgsb - ok
09:19:21.0921 3864 asuskbnt (b3b881eb81013aac11594a5400ada47a) C:\WINDOWS\system32\drivers\atkkbnt.sys
09:19:21.0937 3864 asuskbnt - ok
09:19:22.0015 3864 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:19:22.0015 3864 AsyncMac - ok
09:19:22.0140 3864 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:19:22.0140 3864 atapi - ok
09:19:22.0218 3864 Atdisk - ok
09:19:22.0359 3864 Ati HotKey Poller (af61e4353c2257b32baa22d97b822c04) C:\WINDOWS\system32\Ati2evxx.exe
09:19:22.0359 3864 Ati HotKey Poller - ok
09:19:22.0484 3864 ATI Smart (106c8d405a14387a7b21ed3a73a9511a) C:\WINDOWS\system32\ati2sgag.exe
09:19:22.0500 3864 ATI Smart - ok
09:19:23.0000 3864 ati2mtag (9cd9658b9575a07aad676639fe3b51d6) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
09:19:23.0031 3864 ati2mtag - ok
09:19:23.0125 3864 AtiHdmiService (fac04a8e09c8d70594382656d99772a3) C:\WINDOWS\system32\drivers\AtiHdmi.sys
09:19:23.0125 3864 AtiHdmiService - ok
09:19:23.0203 3864 ATKKeyboardService (b453700b9eb83fef29811b28dae27d29) C:\WINDOWS\ATKKBService.exe
09:19:23.0203 3864 ATKKeyboardService - ok
09:19:23.0312 3864 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:19:23.0312 3864 Atmarpc - ok
09:19:23.0406 3864 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
09:19:23.0406 3864 AudioSrv - ok
09:19:23.0515 3864 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:19:23.0515 3864 audstub - ok
09:19:23.0625 3864 avg9wd - ok
09:19:23.0859 3864 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
09:19:23.0859 3864 AvgLdx86 - ok
09:19:23.0968 3864 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
09:19:23.0968 3864 AvgMfx86 - ok
09:19:24.0093 3864 AvgTdiX (c9e0d649532f75019b9b035da85a9a5f) C:\WINDOWS\System32\Drivers\avgtdix.sys
09:19:24.0093 3864 AvgTdiX ( Virus.Win32.ZAccess.k ) - infected
09:19:24.0093 3864 AvgTdiX - detected Virus.Win32.ZAccess.k (0)
09:19:24.0265 3864 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:19:24.0265 3864 Beep - ok
09:19:24.0390 3864 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
09:19:24.0500 3864 BITS - ok
09:19:24.0593 3864 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
09:19:24.0593 3864 Bonjour Service - ok
09:19:24.0781 3864 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
09:19:24.0781 3864 Browser - ok
09:19:24.0968 3864 catchme - ok
09:19:25.0125 3864 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:19:25.0125 3864 cbidf2k - ok
09:19:25.0218 3864 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:19:25.0218 3864 CCDECODE - ok
09:19:25.0312 3864 cd20xrnt - ok
09:19:25.0390 3864 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:19:25.0390 3864 Cdaudio - ok
09:19:25.0484 3864 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:19:25.0484 3864 Cdfs - ok
09:19:25.0593 3864 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:19:25.0609 3864 Cdrom - ok
09:19:25.0671 3864 Changer - ok
09:19:25.0812 3864 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
09:19:25.0812 3864 CiSvc - ok
09:19:25.0875 3864 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
09:19:25.0875 3864 ClipSrv - ok
09:19:25.0953 3864 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:19:26.0015 3864 clr_optimization_v2.0.50727_32 - ok
09:19:26.0156 3864 CmdIde - ok
09:19:26.0234 3864 COMSysApp - ok
09:19:26.0328 3864 Cpqarray - ok
09:19:26.0437 3864 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
09:19:26.0437 3864 CryptSvc - ok
09:19:26.0500 3864 dac2w2k - ok
09:19:26.0578 3864 dac960nt - ok
09:19:26.0734 3864 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:19:26.0734 3864 DcomLaunch - ok
09:19:26.0843 3864 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
09:19:26.0843 3864 Dhcp - ok
09:19:26.0953 3864 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:19:26.0953 3864 Disk - ok
09:19:27.0015 3864 dmadmin - ok
09:19:27.0171 3864 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:19:27.0250 3864 dmboot - ok
09:19:27.0343 3864 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:19:27.0359 3864 dmio - ok
09:19:27.0437 3864 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:19:27.0437 3864 dmload - ok
09:19:27.0515 3864 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
09:19:27.0515 3864 dmserver - ok
09:19:27.0609 3864 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:19:27.0609 3864 DMusic - ok
09:19:27.0750 3864 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
09:19:27.0750 3864 Dnscache - ok
09:19:27.0859 3864 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
09:19:27.0875 3864 Dot3svc - ok
09:19:27.0953 3864 dpti2o - ok
09:19:28.0046 3864 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:19:28.0046 3864 drmkaud - ok
09:19:28.0125 3864 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
09:19:28.0125 3864 EapHost - ok
09:19:28.0234 3864 EIO (0daf3544804650526751c478aeccce63) C:\WINDOWS\system32\drivers\EIO.sys
09:19:28.0234 3864 EIO - ok
09:19:28.0375 3864 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
09:19:28.0375 3864 ERSvc - ok
09:19:28.0484 3864 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:19:28.0484 3864 Eventlog - ok
09:19:28.0593 3864 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
09:19:28.0625 3864 EventSystem - ok
09:19:28.0765 3864 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:19:28.0781 3864 Fastfat - ok
09:19:28.0906 3864 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:19:28.0921 3864 FastUserSwitchingCompatibility - ok
09:19:29.0015 3864 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:19:29.0015 3864 Fdc - ok
09:19:29.0093 3864 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:19:29.0093 3864 Fips - ok
09:19:29.0171 3864 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:19:29.0171 3864 Flpydisk - ok
09:19:29.0281 3864 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:19:29.0296 3864 FltMgr - ok
09:19:29.0390 3864 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:19:29.0406 3864 FontCache3.0.0.0 - ok
09:19:29.0515 3864 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:19:29.0515 3864 Fs_Rec - ok
09:19:29.0625 3864 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:19:29.0640 3864 Ftdisk - ok
09:19:29.0718 3864 gdrv (54789f9ba0d59072cdd4e7c200e122c4) C:\WINDOWS\gdrv.sys
09:19:29.0734 3864 gdrv - ok
09:19:29.0875 3864 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
09:19:29.0875 3864 GEARAspiWDM - ok
09:19:29.0968 3864 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:19:29.0984 3864 Gpc - ok
09:19:30.0109 3864 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
09:19:30.0125 3864 gupdate - ok
09:19:30.0140 3864 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
09:19:30.0140 3864 gupdatem - ok
09:19:30.0312 3864 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:19:30.0312 3864 HDAudBus - ok
09:19:30.0390 3864 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:19:30.0390 3864 helpsvc - ok
09:19:30.0500 3864 HidServ - ok
09:19:30.0593 3864 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:19:30.0609 3864 HidUsb - ok
09:19:30.0718 3864 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
09:19:30.0734 3864 hkmsvc - ok
09:19:30.0796 3864 hpn - ok
09:19:30.0937 3864 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:19:30.0953 3864 HTTP - ok
09:19:31.0031 3864 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
09:19:31.0062 3864 HTTPFilter - ok
09:19:31.0187 3864 i2omgmt - ok
09:19:31.0265 3864 i2omp - ok
09:19:31.0375 3864 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:19:31.0375 3864 i8042prt - ok
09:19:31.0468 3864 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:19:31.0484 3864 IDriverT - ok
09:19:31.0734 3864 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:19:31.0890 3864 idsvc - ok
09:19:32.0062 3864 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:19:32.0078 3864 Imapi - ok
09:19:32.0187 3864 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
09:19:32.0187 3864 ImapiService - ok
09:19:32.0250 3864 ini910u - ok
09:19:32.0781 3864 IntcAzAudAddService (8c65fcf7ab3389e7c224ea2ec4456f2d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
09:19:32.0796 3864 IntcAzAudAddService - ok
09:19:32.0890 3864 IntelIde - ok
09:19:32.0984 3864 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:19:32.0984 3864 Ip6Fw - ok
09:19:33.0109 3864 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:19:33.0109 3864 IpFilterDriver - ok
09:19:33.0171 3864 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:19:33.0171 3864 IpInIp - ok
09:19:33.0265 3864 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:19:33.0281 3864 IpNat - ok
09:19:33.0484 3864 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
09:19:33.0484 3864 iPod Service - ok
09:19:33.0656 3864 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:19:33.0656 3864 IPSec - ok
09:19:33.0796 3864 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:19:33.0796 3864 IRENUM - ok
09:19:33.0890 3864 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:19:33.0890 3864 isapnp - ok
09:19:34.0046 3864 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
09:19:34.0046 3864 JavaQuickStarterService - ok
09:19:34.0218 3864 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:19:34.0234 3864 Kbdclass - ok
09:19:34.0343 3864 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:19:34.0343 3864 kmixer - ok
09:19:34.0484 3864 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:19:34.0484 3864 KSecDD - ok
09:19:34.0593 3864 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
09:19:34.0593 3864 lanmanserver - ok
09:19:34.0734 3864 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
09:19:34.0781 3864 lanmanworkstation - ok
09:19:34.0906 3864 lbrtfdc - ok
09:19:35.0031 3864 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
09:19:35.0031 3864 LmHosts - ok
09:19:35.0125 3864 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
09:19:35.0125 3864 MBAMProtector - ok
09:19:35.0281 3864 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:19:35.0281 3864 MBAMService - ok
09:19:35.0421 3864 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
09:19:35.0421 3864 Messenger - ok
09:19:35.0546 3864 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:19:35.0546 3864 mnmdd - ok
09:19:35.0656 3864 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
09:19:35.0656 3864 mnmsrvc - ok
09:19:35.0781 3864 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:19:35.0781 3864 Modem - ok
09:19:35.0890 3864 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:19:35.0890 3864 Mouclass - ok
09:19:36.0031 3864 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:19:36.0031 3864 mouhid - ok
09:19:36.0140 3864 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:19:36.0140 3864 MountMgr - ok
09:19:36.0203 3864 mraid35x - ok
09:19:36.0296 3864 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:19:36.0312 3864 MRxDAV - ok
09:19:36.0453 3864 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:19:36.0484 3864 MRxSmb - ok
09:19:36.0578 3864 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
09:19:36.0578 3864 MSDTC - ok
09:19:36.0656 3864 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:19:36.0656 3864 Msfs - ok
09:19:36.0750 3864 MSIServer - ok
09:19:36.0828 3864 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:19:36.0843 3864 MSKSSRV - ok
09:19:36.0906 3864 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:19:36.0906 3864 MSPCLOCK - ok
09:19:36.0968 3864 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:19:36.0968 3864 MSPQM - ok
09:19:37.0078 3864 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:19:37.0078 3864 mssmbios - ok
09:19:37.0156 3864 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:19:37.0171 3864 MSTEE - ok
09:19:37.0265 3864 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:19:37.0265 3864 Mup - ok
09:19:37.0375 3864 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:19:37.0390 3864 NABTSFEC - ok
09:19:37.0515 3864 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
09:19:37.0531 3864 napagent - ok
09:19:37.0625 3864 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:19:37.0640 3864 NDIS - ok
09:19:37.0750 3864 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:19:37.0750 3864 NdisIP - ok
09:19:37.0843 3864 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:19:37.0843 3864 NdisTapi - ok
09:19:37.0921 3864 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:19:37.0921 3864 Ndisuio - ok
09:19:38.0000 3864 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:19:38.0015 3864 NdisWan - ok
09:19:38.0109 3864 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:19:38.0109 3864 NDProxy - ok
09:19:38.0218 3864 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:19:38.0218 3864 NetBIOS - ok
09:19:38.0312 3864 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:19:38.0328 3864 NetBT - ok
09:19:38.0421 3864 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:19:38.0437 3864 NetDDE - ok
09:19:38.0453 3864 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:19:38.0453 3864 NetDDEdsdm - ok
09:19:38.0546 3864 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:19:38.0546 3864 Netlogon - ok
09:19:38.0640 3864 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
09:19:38.0640 3864 Netman - ok
09:19:38.0781 3864 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:19:38.0796 3864 NetTcpPortSharing - ok
09:19:38.0921 3864 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:19:38.0937 3864 NIC1394 - ok
09:19:39.0062 3864 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
09:19:39.0062 3864 Nla - ok
09:19:39.0156 3864 nosGetPlusHelper (f44addbf29905cb19f52fc9fe6a0efa1) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
09:19:39.0156 3864 nosGetPlusHelper - ok
09:19:39.0312 3864 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:19:39.0312 3864 Npfs - ok
09:19:39.0453 3864 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:19:39.0500 3864 Ntfs - ok
09:19:39.0593 3864 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:19:39.0593 3864 NtLmSsp - ok
09:19:39.0703 3864 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
09:19:39.0781 3864 NtmsSvc - ok
09:19:39.0890 3864 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:19:39.0890 3864 Null - ok
09:19:39.0968 3864 NVENETFD (982702a22349c2b31f7dcef62241058f) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
09:19:39.0984 3864 NVENETFD - ok
09:19:40.0062 3864 nvnetbus (bc0f2c4ed9d6da9a2519c55af7d4fc60) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
09:19:40.0062 3864 nvnetbus - ok
09:19:40.0140 3864 NVSvc (e9e110cdf6a063a5f9b841c36fb5cc95) C:\WINDOWS\system32\nvsvc32.exe
09:19:40.0140 3864 NVSvc - ok
09:19:40.0250 3864 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:19:40.0250 3864 NwlnkFlt - ok
09:19:40.0312 3864 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:19:40.0328 3864 NwlnkFwd - ok
09:19:40.0421 3864 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:19:40.0437 3864 ohci1394 - ok
09:19:40.0531 3864 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:19:40.0531 3864 Parport - ok
09:19:40.0609 3864 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:19:40.0609 3864 PartMgr - ok
09:19:40.0671 3864 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:19:40.0671 3864 ParVdm - ok
09:19:40.0812 3864 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:19:40.0828 3864 PCI - ok
09:19:40.0890 3864 PCIDump - ok
09:19:40.0953 3864 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:19:40.0968 3864 PCIIde - ok
09:19:41.0062 3864 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:19:41.0078 3864 Pcmcia - ok
09:19:41.0140 3864 PDCOMP - ok
09:19:41.0218 3864 PDFRAME - ok
09:19:41.0281 3864 PDRELI - ok
09:19:41.0343 3864 PDRFRAME - ok
09:19:41.0421 3864 perc2 - ok
09:19:41.0484 3864 perc2hib - ok
09:19:41.0609 3864 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:19:41.0609 3864 PlugPlay - ok
09:19:41.0687 3864 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:19:41.0687 3864 PolicyAgent - ok
09:19:41.0828 3864 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:19:41.0828 3864 PptpMiniport - ok
09:19:41.0906 3864 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
09:19:41.0906 3864 Processor - ok
09:19:41.0984 3864 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:19:41.0984 3864 ProtectedStorage - ok
09:19:42.0078 3864 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:19:42.0078 3864 PSched - ok
09:19:42.0281 3864 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:19:42.0281 3864 Ptilink - ok
09:19:42.0343 3864 ql1080 - ok
09:19:42.0421 3864 Ql10wnt - ok
09:19:42.0484 3864 ql12160 - ok
09:19:42.0546 3864 ql1240 - ok
09:19:42.0671 3864 ql1280 - ok
09:19:42.0812 3864 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:19:42.0812 3864 RasAcd - ok
09:19:42.0921 3864 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
09:19:42.0921 3864 RasAuto - ok
09:19:43.0015 3864 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:19:43.0015 3864 Rasl2tp - ok
09:19:43.0125 3864 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
09:19:43.0125 3864 RasMan - ok
09:19:43.0218 3864 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:19:43.0218 3864 RasPppoe - ok
09:19:43.0296 3864 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:19:43.0296 3864 Raspti - ok
09:19:43.0421 3864 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:19:43.0437 3864 Rdbss - ok
09:19:43.0500 3864 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:19:43.0500 3864 RDPCDD - ok
09:19:43.0609 3864 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
09:19:43.0609 3864 RDPWD - ok
09:19:43.0765 3864 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
09:19:43.0765 3864 RDSessMgr - ok
09:19:43.0875 3864 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:19:43.0875 3864 redbook - ok
09:19:43.0968 3864 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
09:19:43.0984 3864 RemoteAccess - ok
09:19:44.0062 3864 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
09:19:44.0062 3864 Revoflt - ok
09:19:44.0171 3864 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
09:19:44.0171 3864 RpcLocator - ok
09:19:44.0296 3864 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
09:19:44.0296 3864 RpcSs - ok
09:19:44.0406 3864 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
09:19:44.0421 3864 RSVP - ok
09:19:44.0500 3864 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:19:44.0500 3864 SamSs - ok
09:19:44.0578 3864 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
09:19:44.0593 3864 SCardSvr - ok
09:19:44.0687 3864 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
09:19:44.0703 3864 Schedule - ok
09:19:44.0812 3864 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:19:44.0828 3864 Secdrv - ok
09:19:44.0906 3864 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
09:19:44.0906 3864 seclogon - ok
09:19:44.0968 3864 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
09:19:44.0968 3864 SENS - ok
09:19:45.0078 3864 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:19:45.0078 3864 serenum - ok
09:19:45.0156 3864 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:19:45.0171 3864 Serial - ok
09:19:45.0265 3864 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:19:45.0265 3864 Sfloppy - ok
09:19:45.0375 3864 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
09:19:45.0406 3864 SharedAccess - ok
09:19:45.0515 3864 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:19:45.0515 3864 ShellHWDetection - ok
09:19:45.0593 3864 Simbad - ok
09:19:45.0671 3864 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:19:45.0671 3864 SLIP - ok
09:19:45.0781 3864 Sparrow - ok
09:19:45.0859 3864 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:19:45.0859 3864 splitter - ok
09:19:45.0953 3864 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:19:45.0953 3864 Spooler - ok
09:19:46.0062 3864 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:19:46.0078 3864 sr - ok
09:19:46.0187 3864 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
09:19:46.0203 3864 srservice - ok
09:19:46.0328 3864 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:19:46.0359 3864 Srv - ok
09:19:46.0453 3864 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
09:19:46.0453 3864 SSDPSRV - ok
09:19:46.0562 3864 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
09:19:46.0593 3864 stisvc - ok
09:19:46.0687 3864 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:19:46.0687 3864 streamip - ok
09:19:46.0796 3864 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:19:46.0796 3864 swenum - ok
09:19:46.0875 3864 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:19:46.0890 3864 swmidi - ok
09:19:46.0953 3864 SwPrv - ok
09:19:47.0015 3864 symc810 - ok
09:19:47.0078 3864 symc8xx - ok
09:19:47.0156 3864 sym_hi - ok
09:19:47.0218 3864 sym_u3 - ok
09:19:47.0296 3864 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:19:47.0296 3864 sysaudio - ok
09:19:47.0406 3864 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
09:19:47.0406 3864 SysmonLog - ok
09:19:47.0500 3864 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
09:19:47.0500 3864 TapiSrv - ok
09:19:47.0625 3864 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:19:47.0656 3864 Tcpip - ok
09:19:47.0781 3864 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:19:47.0781 3864 TDPIPE - ok
09:19:47.0875 3864 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:19:47.0875 3864 TDTCP - ok
09:19:47.0968 3864 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:19:47.0968 3864 TermDD - ok
09:19:48.0093 3864 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
09:19:48.0093 3864 TermService - ok
09:19:48.0203 3864 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:19:48.0203 3864 Themes - ok
09:19:48.0281 3864 TosIde - ok
09:19:48.0359 3864 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
09:19:48.0375 3864 TrkWks - ok
09:19:48.0484 3864 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:19:48.0484 3864 Udfs - ok
09:19:48.0546 3864 ultra - ok
09:19:48.0671 3864 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:19:48.0703 3864 Update - ok
09:19:48.0828 3864 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
09:19:48.0843 3864 upnphost - ok
09:19:48.0921 3864 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
09:19:48.0921 3864 UPS - ok
09:19:49.0031 3864 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
09:19:49.0031 3864 USBAAPL - ok
09:19:49.0140 3864 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:19:49.0140 3864 usbccgp - ok
09:19:49.0250 3864 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:19:49.0250 3864 usbehci - ok
09:19:49.0359 3864 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:19:49.0359 3864 usbhub - ok
09:19:49.0437 3864 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
09:19:49.0437 3864 usbohci - ok
09:19:49.0515 3864 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:19:49.0531 3864 usbprint - ok
09:19:49.0625 3864 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:19:49.0625 3864 usbscan - ok
09:19:49.0734 3864 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:19:49.0750 3864 USBSTOR - ok
09:19:49.0859 3864 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:19:49.0859 3864 VgaSave - ok
09:19:49.0921 3864 ViaIde - ok
09:19:50.0015 3864 Video3D (8643da4a6c83da6c10fcab1e5ab6632d) C:\WINDOWS\system32\Drivers\Video3D32.sys
09:19:50.0015 3864 Video3D - ok
09:19:50.0125 3864 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:19:50.0125 3864 VolSnap - ok
09:19:50.0250 3864 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
09:19:50.0281 3864 VSS - ok
09:19:50.0359 3864 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
09:19:50.0375 3864 W32Time - ok
09:19:50.0484 3864 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:19:50.0500 3864 Wanarp - ok
09:19:50.0562 3864 WDICA - ok
09:19:50.0640 3864 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:19:50.0640 3864 wdmaud - ok
09:19:50.0781 3864 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
09:19:50.0781 3864 WebClient - ok
09:19:50.0890 3864 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:19:50.0906 3864 winmgmt - ok
09:19:51.0031 3864 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
09:19:51.0062 3864 WLSetupSvc - ok
09:19:51.0218 3864 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
09:19:51.0218 3864 WmdmPmSN - ok
09:19:51.0359 3864 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:19:51.0375 3864 WmiApSrv - ok
09:19:51.0546 3864 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
09:19:51.0656 3864 WMPNetworkSvc - ok
09:19:51.0875 3864 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:19:51.0890 3864 WS2IFSL - ok
09:19:51.0984 3864 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
09:19:52.0031 3864 wscsvc - ok
09:19:52.0171 3864 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:19:52.0171 3864 WSTCODEC - ok
09:19:52.0281 3864 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
09:19:52.0281 3864 wuauserv - ok
09:19:52.0390 3864 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:19:52.0406 3864 WudfPf - ok
09:19:52.0484 3864 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:19:52.0484 3864 WudfRd - ok
09:19:52.0562 3864 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
09:19:52.0578 3864 WudfSvc - ok
09:19:52.0765 3864 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
09:19:52.0765 3864 WZCSVC - ok
09:19:52.0906 3864 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
09:19:52.0921 3864 xmlprov - ok
09:19:53.0000 3864 yewucpc - ok
09:19:53.0015 3864 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:19:53.0171 3864 \Device\Harddisk0\DR0 - ok
09:19:53.0203 3864 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
09:19:53.0328 3864 \Device\Harddisk1\DR1 - ok
09:19:53.0343 3864 Boot (0x1200) (e5085950e0e361502a4c028ba3602972) \Device\Harddisk0\DR0\Partition0
09:19:53.0343 3864 \Device\Harddisk0\DR0\Partition0 - ok
09:19:53.0343 3864 Boot (0x1200) (d82ba361deb4f2b92a4504fceb56ac4d) \Device\Harddisk1\DR1\Partition0
09:19:53.0343 3864 \Device\Harddisk1\DR1\Partition0 - ok
09:19:53.0343 3864 ============================================================
09:19:53.0343 3864 Scan finished
09:19:53.0343 3864 ============================================================
09:19:53.0359 0808 Detected object count: 1
09:19:53.0359 0808 Actual detected object count: 1
09:20:00.0781 0808 C:\WINDOWS\System32\Drivers\avgtdix.sys - copied to quarantine
09:20:00.0875 0808 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\avgtdix.sys) error 1813
09:20:01.0375 0808 Backup copy not found, trying to cure infected file..
09:20:01.0375 0808 C:\WINDOWS\System32\Drivers\avgtdix.sys - Cure failed (FFFFFFFF)
09:20:01.0375 0808 C:\WINDOWS\System32\Drivers\avgtdix.sys - processing error
09:20:08.0015 0808 AvgTdiX ( Virus.Win32.ZAccess.k ) - User select action: Cure
09:20:12.0562 2952 Deinitialize success

#6 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:01:05 PM

Posted 15 April 2012 - 07:24 AM

Hello j ryan,

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\vojkivq.sys -- (yewucpc)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\USER1~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\USER1~1\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
    DRV - [2010/07/17 10:42:29 | 000,243,024 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys
    
    :File
    C:\WINDOWS\system32\drivers\avgtdix.sys
    
    :Commands
    [EMPTYTEMP]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.



In your next reply, please copy/paste the contents of the following:
  • OTL Report

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#7 j ryan

j ryan
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 15 April 2012 - 05:26 PM

Hi, have tried to run the above fix a couple of times now. Each time it comes up with a 'Killing processes, do not interupt' message. Each time i've left it to run for over an hour and it does not progress past there, seems to just freeze and not go any further. Any ideas?

edit: even left it running for over 8 hours while i was at work today and it did not progress any further.

Edited by j ryan, 16 April 2012 - 02:39 AM.


#8 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:01:05 PM

Posted 18 April 2012 - 07:52 AM

Hello j ryan,

We need to run an OTL Custom Scan.

  • Please download OTL from the following mirror and save it to your desktop:

    This is THE Mirror
  • Double click on the Posted Image icon on your desktop.
  • Copy and Paste all of the following code into the Posted Image textbox.
    NetSvcs
  • Push Quick Scan
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
====================================================================================

In your next reply, please copy/paste the contents of the following:
  • OTL Report

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#9 j ryan

j ryan
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 18 April 2012 - 04:33 PM

OTL logfile created on: 19/04/2012 7:26:50 AM - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\User 1\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 61.26% Memory free
3.85 Gb Paging File | 3.23 Gb Available in Paging File | 83.92% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 141.88 Gb Free Space | 60.93% Space Free | Partition Type: NTFS
Drive E: | 186.30 Gb Total Space | 135.86 Gb Free Space | 72.92% Space Free | Partition Type: NTFS

Computer Name: JD | User Name: User 1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/16 08:28:08 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User 1\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/26 04:13:18 | 000,329,312 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/12 10:03:40 | 000,380,928 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
PRC - [2003/12/08 17:35:14 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/11/04 01:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/04/15 11:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2008/04/14 10:12:03 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2008/04/14 10:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 10:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/07/12 10:03:40 | 000,761,856 | ---- | M] () -- C:\Program Files\ASUS\GamerOSD\ImageTransform.dll
MOD - [2004/08/04 22:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/09/01 14:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2007/07/12 16:30:42 | 000,257,024 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Stopped] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\vojkivq.sys -- (yewucpc)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\USER1~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/07/17 10:42:29 | 000,243,024 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/17 10:41:59 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/03 15:16:47 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/12/30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/10/02 14:09:20 | 004,486,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/08/19 22:05:56 | 000,100,368 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/02/08 19:02:02 | 000,015,600 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2007/09/05 19:31:30 | 004,611,072 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/07/12 10:03:42 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2007/07/12 10:03:40 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D)
DRV - [2007/07/12 10:03:38 | 000,012,288 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2007/07/12 10:03:38 | 000,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2007/06/28 12:46:42 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/06/28 12:46:40 | 000,045,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 61333
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/08 06:31:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/15 09:09:11 | 000,000,000 | ---D | M]

[2009/02/19 18:28:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User 1\Application Data\Mozilla\Extensions
[2012/04/14 12:13:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User 1\Application Data\Mozilla\Firefox\Profiles\397mz4yq.default\extensions
[2010/12/11 09:09:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User 1\Application Data\Mozilla\Firefox\Profiles\397mz4yq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/14 12:13:35 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\User 1\Application Data\Mozilla\Firefox\Profiles\397mz4yq.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/04/04 22:39:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/04 22:39:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/04/04 22:39:27 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2012/04/04 22:39:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2012/03/05 07:19:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: select2perform.com.au ([]* in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} https://www.select2perform.com.au/cabs/QOLCheck.ocx (QOLCheck Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.fujifilmimagine.com/imagine/ax/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3184E631-7FE7-4CB3-99A6-2EFF93589070}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 () - http://l.yimg.com/us.js.yimg.com/lib/pim/r/medici/16_11/mail/mailcommonlib.js
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/08 18:35:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/07/07 14:23:27 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/04/16 08:28:04 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User 1\Desktop\OTL.exe
[2012/04/16 07:41:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/15 09:10:17 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2012/04/15 08:56:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User 1\Start Menu\Programs\Revo Uninstaller
[2012/04/15 08:48:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/04/15 08:47:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/15 08:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User 1\Desktop\Party Muzic #2
[2012/04/14 15:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User 1\Desktop\PARTY MUZIK
[2012/04/14 12:13:33 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/04/14 12:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User 1\Local Settings\Application Data\uTorrentControl2
[2012/04/14 12:13:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User 1\Local Settings\Application Data\Conduit
[2012/04/14 12:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentControl2
[2012/04/14 12:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/04/14 12:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User 1\Application Data\uTorrent
[2012/04/14 12:12:24 | 000,879,984 | ---- | C] (BitTorrent, Inc.) -- C:\Documents and Settings\User 1\Desktop\uTorrent.exe
[2012/04/12 13:25:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/04/05 00:32:36 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\User 1\Desktop\dds.scr
[2012/04/05 00:09:30 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User 1\Desktop\TFC.exe
[2012/04/05 00:07:40 | 001,805,736 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\User 1\Desktop\FixZeroAccess.exe
[2012/04/04 23:58:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/04/04 23:58:46 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2012/04/04 23:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2012/04/04 23:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User 1\Application Data\WinPatrol
[2012/04/04 23:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPatrol
[2012/04/04 23:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2012/04/04 23:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2012/04/04 23:42:49 | 000,840,264 | ---- | C] (BillP Studios) -- C:\Documents and Settings\User 1\Desktop\wpsetup.exe
[2012/04/04 23:39:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User 1\Recent
[2012/04/04 23:39:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/04 23:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/04/04 23:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/04/04 22:46:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/04/04 22:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/04/04 22:42:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User 1\Start Menu\Programs\HiJackThis
[2012/04/04 22:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/04/04 22:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/04 22:08:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/04 22:08:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/04 22:08:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/04 22:08:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/04 22:07:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/04 22:01:52 | 004,455,902 | R--- | C] (Swearware) -- C:\Documents and Settings\User 1\Desktop\ComboFix.exe
[2012/04/04 21:55:16 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/04 21:53:38 | 002,071,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User 1\Desktop\TDSSKiller.exe
[2012/04/04 21:40:18 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\User 1\Desktop\aswMBR.exe
[2012/04/04 15:30:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User 1\Desktop\New Folder (4)
[2012/03/25 07:09:44 | 000,000,000 | ---D | C] -- C:\Program Files\TimeLineRemove
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/19 07:13:06 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/19 07:13:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/18 18:59:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/18 17:59:30 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/17 06:58:00 | 000,009,148 | ---- | M] () -- C:\Documents and Settings\User 1\Desktop\flash bance YFP2N.jpg
[2012/04/17 06:43:57 | 000,007,202 | ---- | M] () -- C:\Documents and Settings\User 1\Desktop\NELN7.jpg
[2012/04/16 08:28:08 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User 1\Desktop\OTL.exe
[2012/04/15 09:10:17 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2012/04/15 08:56:54 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\User 1\Desktop\Revo Uninstaller.lnk
[2012/04/15 08:48:26 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/04/14 12:12:32 | 000,879,984 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\User 1\Desktop\uTorrent.exe
[2012/04/14 05:25:44 | 000,711,240 | ---- | M] () -- C:\WINDOWS\is-441V6.exe
[2012/04/14 05:25:44 | 000,010,498 | ---- | M] () -- C:\WINDOWS\is-441V6.msg
[2012/04/14 05:25:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/14 05:25:44 | 000,000,479 | ---- | M] () -- C:\WINDOWS\is-441V6.lst
[2012/04/12 14:55:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/12 14:53:08 | 000,514,064 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/12 14:53:08 | 000,086,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/12 13:25:35 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2012/04/10 16:55:18 | 002,071,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User 1\Desktop\TDSSKiller.exe
[2012/04/05 09:17:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\User 1\defogger_reenable
[2012/04/05 00:32:41 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\User 1\Desktop\dds.scr
[2012/04/05 00:09:53 | 000,980,480 | ---- | M] () -- C:\Documents and Settings\User 1\Desktop\MicrosoftFixit50267.msi
[2012/04/05 00:09:33 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User 1\Desktop\TFC.exe
[2012/04/05 00:07:46 | 001,805,736 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\User 1\Desktop\FixZeroAccess.exe
[2012/04/05 00:01:28 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\User 1\Desktop\iw8tdboi.exe
[2012/04/04 23:58:46 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\User 1\Desktop\SpywareBlaster.lnk
[2012/04/04 23:58:32 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\User 1\My Documents\y8hcbdeq.exe
[2012/04/04 23:42:56 | 000,840,264 | ---- | M] (BillP Studios) -- C:\Documents and Settings\User 1\Desktop\wpsetup.exe
[2012/04/04 23:38:50 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/04/04 22:58:46 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\User 1\Desktop\HiJackThis.lnk
[2012/04/04 22:47:08 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/04/04 22:01:52 | 004,455,902 | R--- | M] (Swearware) -- C:\Documents and Settings\User 1\Desktop\ComboFix.exe
[2012/04/04 21:47:13 | 000,134,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/04 21:41:39 | 000,879,714 | ---- | M] () -- C:\Documents and Settings\User 1\Desktop\SecurityCheck.exe
[2012/04/04 21:40:18 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\User 1\Desktop\aswMBR.exe
[2012/04/04 21:39:51 | 000,337,137 | ---- | M] () -- C:\Documents and Settings\User 1\Desktop\FSS.exe
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/04 10:02:56 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/03/27 14:24:42 | 000,070,948 | ---- | M] () -- C:\Documents and Settings\User 1\Desktop\IMG_0057.jpg
[2012/03/27 12:27:34 | 000,109,409 | ---- | M] () -- C:\Documents and Settings\User 1\Desktop\IMG_0053.jpg
[2012/03/27 12:27:01 | 000,077,535 | ---- | M] () -- C:\Documents and Settings\User 1\Desktop\IMG_0055.jpg
[2012/03/21 06:14:35 | 000,038,873 | ---- | M] () -- C:\Documents and Settings\User 1\Desktop\IMG_0050.jpg
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/17 06:58:24 | 000,009,148 | ---- | C] () -- C:\Documents and Settings\User 1\Desktop\flash bance YFP2N.jpg
[2012/04/17 06:44:26 | 000,007,202 | ---- | C] () -- C:\Documents and Settings\User 1\Desktop\NELN7.jpg
[2012/04/15 09:10:17 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2012/04/15 08:56:54 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\User 1\Desktop\Revo Uninstaller.lnk
[2012/04/15 08:48:26 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/04/14 05:25:44 | 000,711,240 | ---- | C] () -- C:\WINDOWS\is-441V6.exe
[2012/04/14 05:25:44 | 000,010,498 | ---- | C] () -- C:\WINDOWS\is-441V6.msg
[2012/04/14 05:25:44 | 000,000,479 | ---- | C] () -- C:\WINDOWS\is-441V6.lst
[2012/04/12 14:55:58 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/04/05 09:17:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User 1\defogger_reenable
[2012/04/05 00:09:51 | 000,980,480 | ---- | C] () -- C:\Documents and Settings\User 1\Desktop\MicrosoftFixit50267.msi
[2012/04/05 00:01:25 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\User 1\Desktop\iw8tdboi.exe
[2012/04/04 23:58:46 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\User 1\Desktop\SpywareBlaster.lnk
[2012/04/04 23:58:30 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\User 1\My Documents\y8hcbdeq.exe
[2012/04/04 23:38:50 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/04/04 22:47:08 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/04/04 22:47:08 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/04/04 22:42:33 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\User 1\Desktop\HiJackThis.lnk
[2012/04/04 22:08:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/04 22:08:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/04 22:08:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/04 22:08:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/04 22:08:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/04 21:41:34 | 000,879,714 | ---- | C] () -- C:\Documents and Settings\User 1\Desktop\SecurityCheck.exe
[2012/04/04 21:39:48 | 000,337,137 | ---- | C] () -- C:\Documents and Settings\User 1\Desktop\FSS.exe
[2012/03/27 14:18:51 | 000,070,948 | ---- | C] () -- C:\Documents and Settings\User 1\Desktop\IMG_0057.jpg
[2012/03/27 12:24:48 | 000,077,535 | ---- | C] () -- C:\Documents and Settings\User 1\Desktop\IMG_0055.jpg
[2012/03/27 12:24:35 | 000,109,409 | ---- | C] () -- C:\Documents and Settings\User 1\Desktop\IMG_0053.jpg
[2012/03/21 06:12:23 | 000,038,873 | ---- | C] () -- C:\Documents and Settings\User 1\Desktop\IMG_0050.jpg
[2012/02/15 19:04:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/05/08 19:19:45 | 000,018,131 | ---- | C] () -- C:\Documents and Settings\User 1\Application Data\C46E.0DB
[2010/11/18 19:28:57 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/11/17 15:03:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/11/17 15:03:42 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/11/17 15:03:42 | 000,195,855 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/11/17 15:03:42 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/11/09 16:24:01 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/11/09 16:23:59 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/11/09 16:23:59 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/11/09 16:23:46 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/05/10 18:08:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

========== LOP Check ==========

[2010/11/18 19:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/11/18 19:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/05/14 22:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/11/18 18:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2012/04/04 23:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/05/14 23:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/01/21 18:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/04/15 09:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/04/15 17:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2012/04/04 23:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/24 08:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/25 12:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/01/20 21:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User 1\Application Data\.bittorrent
[2010/11/18 18:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User 1\Application Data\Bump Technologies, Inc
[2009/11/08 14:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User 1\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/10/30 19:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User 1\Application Data\dBpoweramp
[2011/02/08 20:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User 1\Application Data\FMZilla
[2008/11/14 18:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User 1\Application Data\MSNInstaller
[2009/01/21 18:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User 1\Application Data\NCH Swift Sound
[2012/04/14 17:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User 1\Application Data\uTorrent
[2012/04/04 23:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User 1\Application Data\WinPatrol

========== Purity Check ==========



< End of report >

#10 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:01:05 PM

Posted 19 April 2012 - 06:41 PM

Hi,

I'd like you to run another scan with ComboFix please.

Copy/paste log in your next reply.

How is your machine behaving now?
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#11 j ryan

j ryan
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 20 April 2012 - 08:26 AM

computer shows no obvious signs of infection. here is the log:


ComboFix 12-04-20.02 - User 1 20/04/2012 23:11:57.12.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.2046.1667 [GMT 10:00]
Running from: c:\documents and settings\User 1\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2012-03-20 to 2012-04-20 )))))))))))))))))))))))))))))))
.
.
2012-04-15 21:41 . 2012-04-15 21:41 -------- d-----w- C:\_OTL
2012-04-14 23:10 . 2009-12-30 00:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-04-14 22:47 . 2012-04-14 22:47 -------- d-----w- c:\program files\iPod
2012-04-14 02:13 . 2012-04-14 02:13 -------- d-----w- c:\program files\Conduit
2012-04-14 02:13 . 2012-04-14 02:14 -------- d-----w- c:\documents and settings\User 1\Local Settings\Application Data\uTorrentControl2
2012-04-14 02:13 . 2012-04-14 02:13 -------- d-----w- c:\documents and settings\User 1\Local Settings\Application Data\Conduit
2012-04-14 02:13 . 2012-04-14 02:13 -------- d-----w- c:\program files\uTorrent
2012-04-14 02:12 . 2012-04-14 07:36 -------- d-----w- c:\documents and settings\User 1\Application Data\uTorrent
2012-04-13 19:25 . 2012-04-13 19:25 711240 ----a-w- c:\windows\is-441V6.exe
2012-04-04 13:58 . 2012-04-04 14:00 -------- d-----w- c:\program files\SpywareBlaster
2012-04-04 13:43 . 2012-04-04 13:43 -------- d-----w- c:\documents and settings\User 1\Application Data\WinPatrol
2012-04-04 13:43 . 2012-04-04 13:43 -------- d-----w- c:\program files\BillP Studios
2012-04-04 13:43 . 2012-04-04 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2012-04-04 13:38 . 2012-04-04 13:38 -------- d-----w- c:\program files\CCleaner
2012-04-04 12:46 . 2012-04-14 23:08 -------- d-----w- c:\program files\Common Files\Adobe
2012-04-04 12:42 . 2012-04-04 12:42 388096 ----a-r- c:\documents and settings\User 1\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-04 12:42 . 2012-04-04 12:42 -------- d-----w- c:\program files\Trend Micro
2012-04-04 12:39 . 2012-04-04 12:39 -------- d-----w- c:\program files\Common Files\Java
2012-04-04 12:39 . 2012-04-04 12:39 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2012-04-04 12:39 . 2012-04-04 12:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-04 12:39 . 2012-04-04 12:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 11:55 . 2012-04-14 23:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2012-03-24 21:09 . 2012-03-25 22:08 -------- d-----w- c:\program files\TimeLineRemove
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 05:56 . 2009-06-04 05:45 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-04 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2012-02-15 00:01 . 2009-12-25 02:43 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 00:01 . 2008-11-12 10:21 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-04 01:18 . 2012-02-04 01:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2004-08-04 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2005-03-31 12:17 . 2008-02-08 09:06 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-04_12.22.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-20 13:11 . 2012-04-20 13:11 16384 c:\windows\Temp\Perflib_Perfdata_5a0.dat
+ 2004-08-04 12:00 . 2012-04-12 04:53 86740 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2011-12-17 19:46 66560 c:\windows\system32\mshtmled.dll
+ 2004-08-04 12:00 . 2012-03-01 11:01 66560 c:\windows\system32\mshtmled.dll
+ 2007-08-13 08:54 . 2012-03-01 11:01 55296 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 08:54 . 2011-12-17 19:46 55296 c:\windows\system32\msfeedsbs.dll
- 2004-08-04 12:00 . 2011-12-17 19:46 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 12:00 . 2012-03-01 11:01 25600 c:\windows\system32\jsproxy.dll
- 2009-06-24 03:03 . 2011-12-17 19:46 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-24 03:03 . 2012-03-01 11:01 12800 c:\windows\system32\dllcache\xpshims.dll
- 2004-08-04 12:00 . 2011-12-17 19:46 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-04 12:00 . 2012-03-01 11:01 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2008-02-18 08:43 . 2011-12-17 19:46 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-02-18 08:43 . 2012-03-01 11:01 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2004-08-04 12:00 . 2012-03-01 11:01 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2004-08-04 12:00 . 2011-12-17 19:46 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-04 12:00 . 2012-03-01 11:01 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 12:00 . 2011-12-17 19:46 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2011-06-06 02:55 . 2011-06-06 02:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 02:55 . 2011-06-06 02:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 02:55 . 2011-06-06 02:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 02:55 . 2011-06-06 02:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 02:55 . 2011-06-06 02:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 02:55 . 2011-06-06 02:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 02:55 . 2011-06-06 02:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 02:55 . 2011-06-06 02:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 02:55 . 2011-06-06 02:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2012-04-12 04:55 . 2011-12-17 19:46 12800 c:\windows\ie8updates\KB2675157-IE8\xpshims.dll
+ 2012-04-12 04:55 . 2011-12-17 19:46 66560 c:\windows\ie8updates\KB2675157-IE8\mshtmled.dll
+ 2012-04-12 04:55 . 2011-12-17 19:46 55296 c:\windows\ie8updates\KB2675157-IE8\msfeedsbs.dll
+ 2012-04-12 04:55 . 2011-12-17 19:46 43520 c:\windows\ie8updates\KB2675157-IE8\licmgr10.dll
+ 2012-04-12 04:55 . 2011-12-17 19:46 25600 c:\windows\ie8updates\KB2675157-IE8\jsproxy.dll
+ 2012-04-13 00:31 . 2012-04-13 00:31 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\36124bfc4baaa1c2063d699e77324080\System.Web.DynamicData.Design.ni.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-02-15 11:08 . 2012-02-15 11:08 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-02-15 11:08 . 2012-02-15 11:08 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2004-08-04 12:00 . 2011-12-17 19:46 105984 c:\windows\system32\url.dll
+ 2004-08-04 12:00 . 2012-03-01 11:01 105984 c:\windows\system32\url.dll
+ 2004-08-04 12:00 . 2012-04-12 04:53 514064 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2012-03-01 11:01 206848 c:\windows\system32\occache.dll
- 2004-08-04 12:00 . 2011-12-17 19:46 206848 c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2012-03-01 11:01 611840 c:\windows\system32\mstime.dll
- 2004-08-04 12:00 . 2011-12-17 19:46 611840 c:\windows\system32\mstime.dll
- 2007-08-13 08:54 . 2011-12-17 19:46 602112 c:\windows\system32\msfeeds.dll
+ 2007-08-13 08:54 . 2012-03-01 11:01 602112 c:\windows\system32\msfeeds.dll
+ 2012-04-04 12:39 . 2012-04-04 12:39 157472 c:\windows\system32\javaws.exe
+ 2012-04-04 12:39 . 2012-04-04 12:39 149280 c:\windows\system32\javaw.exe
+ 2012-04-04 12:39 . 2012-04-04 12:39 149280 c:\windows\system32\java.exe
- 2004-08-04 12:00 . 2011-12-17 19:46 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2012-03-01 11:01 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2012-03-01 11:01 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-04 12:00 . 2011-12-17 19:46 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 12:00 . 2012-02-29 12:17 174080 c:\windows\system32\ie4uinit.exe
- 2004-08-04 12:00 . 2011-12-16 12:23 174080 c:\windows\system32\ie4uinit.exe
+ 2009-12-24 06:59 . 2012-02-29 14:10 177664 c:\windows\system32\dllcache\wintrust.dll
- 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
- 2004-08-04 12:00 . 2011-12-17 19:46 916992 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 12:00 . 2012-03-01 11:01 916992 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 12:00 . 2012-03-01 11:01 105984 c:\windows\system32\dllcache\url.dll
- 2004-08-04 12:00 . 2011-12-17 19:46 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-04 12:00 . 2012-03-01 11:01 206848 c:\windows\system32\dllcache\occache.dll
- 2004-08-04 12:00 . 2011-12-17 19:46 206848 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 12:00 . 2012-03-01 11:01 611840 c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 12:00 . 2011-12-17 19:46 611840 c:\windows\system32\dllcache\mstime.dll
- 2008-02-18 08:43 . 2011-12-17 19:46 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-02-18 08:43 . 2012-03-01 11:01 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2012-02-29 14:10 . 2012-02-29 14:10 148480 c:\windows\system32\dllcache\imagehlp.dll
+ 2009-06-24 03:03 . 2012-03-01 11:01 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-06-24 03:03 . 2011-12-17 19:46 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2004-08-04 12:00 . 2011-12-17 19:46 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 12:00 . 2012-03-01 11:01 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-10 22:52 . 2012-03-01 11:01 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-10 22:52 . 2011-12-17 19:46 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2004-08-04 12:00 . 2012-03-01 11:01 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-04 12:00 . 2011-12-17 19:46 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-04 12:00 . 2012-02-29 12:17 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2004-08-04 12:00 . 2011-12-16 12:23 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2012-01-30 17:38 . 2012-01-30 17:38 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2012-02-02 13:56 . 2012-02-02 13:56 963584 c:\windows\Installer\4c6f58.msp
+ 2012-04-04 12:39 . 2012-04-04 12:39 203776 c:\windows\Installer\12c28e.msi
+ 2012-04-04 12:39 . 2012-04-04 12:39 901120 c:\windows\Installer\12c27e.msi
+ 2012-04-14 22:48 . 2012-04-14 22:48 380928 c:\windows\Installer\{23B8A91D-680B-462B-87AD-3D70F7341731}\iTunesIco.exe
+ 2011-06-06 02:55 . 2011-06-06 02:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 02:55 . 2011-06-06 02:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 02:55 . 2011-06-06 02:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
+ 2011-06-06 02:55 . 2011-06-06 02:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 02:55 . 2011-06-06 02:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 02:55 . 2011-06-06 02:55 937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearm.exe
+ 2011-06-06 02:55 . 2011-06-06 02:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 02:55 . 2011-06-06 02:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 02:55 . 2011-06-06 02:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 02:55 . 2011-06-06 02:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2012-04-12 04:55 . 2011-12-17 19:46 916992 c:\windows\ie8updates\KB2675157-IE8\wininet.dll
+ 2012-04-12 04:55 . 2011-12-17 19:46 105984 c:\windows\ie8updates\KB2675157-IE8\url.dll
+ 2012-04-12 04:55 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2675157-IE8\spuninst\updspapi.dll
+ 2012-04-12 04:55 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2675157-IE8\spuninst\spuninst.exe
+ 2012-04-12 04:55 . 2011-12-17 19:46 206848 c:\windows\ie8updates\KB2675157-IE8\occache.dll
+ 2012-04-12 04:55 . 2011-12-17 19:46 611840 c:\windows\ie8updates\KB2675157-IE8\mstime.dll
+ 2012-04-12 04:55 . 2011-12-17 19:46 602112 c:\windows\ie8updates\KB2675157-IE8\msfeeds.dll
+ 2012-04-12 04:55 . 2011-12-17 19:46 247808 c:\windows\ie8updates\KB2675157-IE8\ieproxy.dll
+ 2012-04-12 04:55 . 2011-12-17 19:46 184320 c:\windows\ie8updates\KB2675157-IE8\iepeers.dll
+ 2012-04-12 04:55 . 2011-12-17 19:46 743424 c:\windows\ie8updates\KB2675157-IE8\iedvtool.dll
+ 2012-04-12 04:55 . 2011-12-17 19:46 387584 c:\windows\ie8updates\KB2675157-IE8\iedkcs32.dll
+ 2012-04-12 04:55 . 2011-12-16 12:23 174080 c:\windows\ie8updates\KB2675157-IE8\ie4uinit.exe
+ 2012-04-12 04:56 . 2012-04-12 04:56 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\5be064066858620a8aa628fca459a888\WindowsFormsIntegration.ni.dll
+ 2012-04-13 00:31 . 2012-04-13 00:31 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\1107b3a711bab40c83e2561ba2431d62\System.Web.Routing.ni.dll
+ 2012-04-13 00:31 . 2012-04-13 00:31 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\d7c8c294920cfe79765215e242308d28\System.Web.Extensions.Design.ni.dll
+ 2012-04-13 00:31 . 2012-04-13 00:31 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\5176923a8264305118a299419e1c7bde\System.Web.Entity.ni.dll
+ 2012-04-13 00:31 . 2012-04-13 00:31 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d746c0f0ed36226efb2e0115de42cdd6\System.Web.Entity.Design.ni.dll
+ 2012-04-13 00:31 . 2012-04-13 00:31 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\df5542604898c9ea3fda32c8619ae0e5\System.Web.DynamicData.ni.dll
+ 2012-04-13 00:31 . 2012-04-13 00:31 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\b9c8715157536097b489132574ad5c17\System.Web.Abstractions.ni.dll
+ 2012-04-13 00:30 . 2012-04-13 00:30 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e433394df8d44e43690a855e403555\System.ServiceProcess.ni.dll
+ 2012-04-12 04:55 . 2012-04-12 04:55 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\cc2cd3bc46c9c2b30e47281e404a3230\System.Drawing.Design.ni.dll
+ 2012-04-13 00:30 . 2012-04-13 00:30 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\8d6cd6a93f679608d52b6c874088b963\AspNetMMCExt.ni.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2004-08-04 12:00 . 2011-12-17 19:46 1212416 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2012-03-01 11:01 1212416 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2012-03-01 11:01 5978624 c:\windows\system32\mshtml.dll
- 2007-08-13 08:34 . 2011-12-17 19:46 2000384 c:\windows\system32\iertutil.dll
+ 2007-08-13 08:34 . 2012-03-01 11:01 2000384 c:\windows\system32\iertutil.dll
+ 2004-08-04 12:00 . 2012-03-01 11:01 1212416 c:\windows\system32\dllcache\urlmon.dll
- 2004-08-04 12:00 . 2011-12-17 19:46 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 12:00 . 2012-03-01 11:01 5978624 c:\windows\system32\dllcache\mshtml.dll
+ 2008-02-18 08:43 . 2012-03-01 11:01 2000384 c:\windows\system32\dllcache\iertutil.dll
- 2008-02-18 08:43 . 2011-12-17 19:46 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2012-04-14 22:48 . 2012-04-14 22:48 4288000 c:\windows\Installer\537397.msi
+ 2012-04-14 22:46 . 2012-04-14 22:46 1530368 c:\windows\Installer\53738b.msi
+ 2012-04-04 12:47 . 2012-04-04 12:47 2295808 c:\windows\Installer\12c362.msi
+ 2012-04-04 12:42 . 2012-04-04 12:42 1094656 c:\windows\Installer\12c292.msi
+ 2011-06-06 02:55 . 2011-06-06 02:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 02:55 . 2011-06-06 02:55 1189004 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
+ 2011-06-06 02:55 . 2011-06-06 02:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 02:55 . 2011-06-06 02:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 02:55 . 2011-06-06 02:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2012-04-12 04:55 . 2011-12-17 19:46 1212416 c:\windows\ie8updates\KB2675157-IE8\urlmon.dll
+ 2012-04-12 04:55 . 2011-12-17 19:46 5979136 c:\windows\ie8updates\KB2675157-IE8\mshtml.dll
+ 2012-04-12 04:55 . 2011-12-17 19:46 2000384 c:\windows\ie8updates\KB2675157-IE8\iertutil.dll
+ 2012-04-13 00:31 . 2012-04-13 00:31 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\d31d2eb0a862d3c1d3561be5f1570c3e\System.WorkflowServices.ni.dll
+ 2012-04-13 00:31 . 2012-04-13 00:31 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\53c2336db392bfa5484850780048e37a\System.Workflow.ComponentModel.ni.dll
+ 2012-04-13 00:31 . 2012-04-13 00:31 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\f243723cda77dd647b250dd9c42c35e2\System.Workflow.Activities.ni.dll
+ 2012-04-13 00:31 . 2012-04-13 00:31 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d1dacd5cb445b242b70bf7d606464293\System.Web.Mobile.ni.dll
+ 2012-04-13 00:31 . 2012-04-13 00:31 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6acbb8bb1a43fab0fdcf55bedd1fbcc3\System.Web.Extensions.ni.dll
+ 2012-04-12 04:55 . 2012-04-12 04:55 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\44d507a702c1623810e094adf751f687\System.Printing.ni.dll
+ 2012-04-12 04:55 . 2012-04-12 04:55 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll
+ 2012-04-13 00:30 . 2012-04-13 00:30 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3d253a2235f7c03630003bc1fbaf34a3\System.Deployment.ni.dll
+ 2012-04-12 04:54 . 2012-04-12 04:54 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\c73e109dbac6b099786cc68fe36e3d0b\ReachFramework.ni.dll
+ 2012-04-12 04:54 . 2012-04-12 04:54 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\20d72aeac1109863b77532d37d3f4fa2\PresentationUI.ni.dll
+ 2012-04-13 00:30 . 2012-04-13 00:30 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ec4a3f74cb80c9b9581d778e8645b2c\Microsoft.VisualBasic.ni.dll
+ 2012-04-13 00:30 . 2012-04-13 00:30 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\876b7280cf4e81fd65b120f60d38a7d9\Microsoft.Build.Tasks.ni.dll
+ 2012-04-13 00:30 . 2012-04-13 00:30 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\64ba53308e90fa3837fe47977e2d37b6\Microsoft.Build.Tasks.v3.5.ni.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-02-15 11:08 . 2012-02-15 11:08 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-04-12 04:52 . 2012-04-12 04:52 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-02-11 22:18 . 2012-04-12 04:48 55154568 c:\windows\system32\MRT.exe
+ 2007-08-13 08:54 . 2012-03-01 20:01 11082752 c:\windows\system32\ieframe.dll
+ 2008-02-18 08:43 . 2012-03-01 20:01 11082752 c:\windows\system32\dllcache\ieframe.dll
+ 2012-04-04 13:32 . 2012-04-04 13:32 16613376 c:\windows\Installer\6095dd.msp
+ 2012-01-03 17:44 . 2012-01-03 17:44 15929344 c:\windows\Installer\12c363.msp
+ 2011-06-06 02:55 . 2011-06-06 02:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
+ 2012-04-12 04:55 . 2011-12-18 03:46 11082240 c:\windows\ie8updates\KB2675157-IE8\ieframe.dll
+ 2012-04-12 04:55 . 2012-04-12 04:55 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll
+ 2012-04-13 00:31 . 2012-04-13 00:31 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\db1d2470de43ffcb6f562277208d56e5\System.Web.ni.dll
+ 2012-04-12 04:55 . 2012-04-12 04:55 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\561138d8d199861578c197c4d24e3934\System.Design.ni.dll
+ 2012-04-12 04:54 . 2012-04-12 04:54 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\029d1d9e6495065aa4f38bcf2315ee8c\PresentationFramework.ni.dll
+ 2012-04-12 04:54 . 2012-04-12 04:54 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\0a059ecfca6e421629a8298b03a7814c\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{687578B9-7132-4A7A-80E4-30EE31099E03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 16841216]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-10-01 98304]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2012-03-25 329312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 01:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 00:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\User 1\\Desktop\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/06/2009 3:45 PM 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/06/2009 3:45 PM 22344]
S0 yewucpc;yewucpc;c:\windows\system32\drivers\vojkivq.sys --> c:\windows\system32\drivers\vojkivq.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13/03/2010 5:14 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13/03/2010 5:14 PM 135664]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [4/08/2004 10:00 PM 14336]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [15/04/2012 9:10 AM 27064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 07:14]
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 07:14]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://ninemsn.com.au
uInternet Settings,ProxyOverride = <local>;*.local
Trusted Zone: select2perform.com.au
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\User 1\Application Data\Mozilla\Firefox\Profiles\397mz4yq.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 61333
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
user_pref(security.warn_viewing_mixed,false);
user_pref(security.warn_viewing_mixed.show_once,false);
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
user_pref(security.warn_submit_insecure,false);
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Notify-avgrsstarter - avgrsstx.dll
SafeBoot-69078788.sys
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-20 23:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(520)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-04-20 23:21:40
ComboFix-quarantined-files.txt 2012-04-20 13:21
ComboFix2.txt 2012-04-04 13:32
ComboFix3.txt 2012-04-04 12:24
.
Pre-Run: 152,595,226,624 bytes free
Post-Run: 152,661,504,000 bytes free
.
- - End Of File - - F68DB270B93C44549360D99B30CBD4E2

#12 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:01:05 PM

Posted 21 April 2012 - 09:56 AM

Hello j ryan,

I need you to run a CFScript:.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\drivers\vojkivq.sys

Driver::
yewucpc

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==============================================================================

Please run another scan with TDSSKiller and copy/paste it's log in your next reply.

==============================================================================

In your next reply, please copy/paste the contents of the following:
  • C:\ComboFix.txt
  • TDSSKiller Log
How is your machine running now?

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#13 j ryan

j ryan
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 21 April 2012 - 08:17 PM

ComboFix 12-04-20.02 - User 1 22/04/2012 10:01:10.13.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.2046.1666 [GMT 10:00]
Running from: c:\documents and settings\User 1\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User 1\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\windows\system32\drivers\vojkivq.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_yewucpc
.
.
((((((((((((((((((((((((( Files Created from 2012-03-22 to 2012-04-22 )))))))))))))))))))))))))))))))
.
.
2012-04-15 21:41 . 2012-04-15 21:41 -------- d-----w- C:\_OTL
2012-04-14 23:10 . 2009-12-30 00:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-04-14 22:47 . 2012-04-14 22:47 -------- d-----w- c:\program files\iPod
2012-04-14 02:13 . 2012-04-14 02:13 -------- d-----w- c:\program files\Conduit
2012-04-14 02:13 . 2012-04-14 02:14 -------- d-----w- c:\documents and settings\User 1\Local Settings\Application Data\uTorrentControl2
2012-04-14 02:13 . 2012-04-14 02:13 -------- d-----w- c:\documents and settings\User 1\Local Settings\Application Data\Conduit
2012-04-14 02:13 . 2012-04-14 02:13 -------- d-----w- c:\program files\uTorrent
2012-04-14 02:12 . 2012-04-20 13:29 -------- d-----w- c:\documents and settings\User 1\Application Data\uTorrent
2012-04-13 19:25 . 2012-04-13 19:25 711240 ----a-w- c:\windows\is-441V6.exe
2012-04-04 13:58 . 2012-04-04 14:00 -------- d-----w- c:\program files\SpywareBlaster
2012-04-04 13:43 . 2012-04-04 13:43 -------- d-----w- c:\documents and settings\User 1\Application Data\WinPatrol
2012-04-04 13:43 . 2012-04-04 13:43 -------- d-----w- c:\program files\BillP Studios
2012-04-04 13:43 . 2012-04-04 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2012-04-04 13:38 . 2012-04-04 13:38 -------- d-----w- c:\program files\CCleaner
2012-04-04 12:46 . 2012-04-14 23:08 -------- d-----w- c:\program files\Common Files\Adobe
2012-04-04 12:42 . 2012-04-04 12:42 388096 ----a-r- c:\documents and settings\User 1\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-04 12:42 . 2012-04-04 12:42 -------- d-----w- c:\program files\Trend Micro
2012-04-04 12:39 . 2012-04-04 12:39 -------- d-----w- c:\program files\Common Files\Java
2012-04-04 12:39 . 2012-04-04 12:39 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2012-04-04 12:39 . 2012-04-04 12:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-04 12:39 . 2012-04-04 12:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 11:55 . 2012-04-14 23:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2012-03-24 21:09 . 2012-03-25 22:08 -------- d-----w- c:\program files\TimeLineRemove
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 05:56 . 2009-06-04 05:45 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-04 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2012-02-15 00:01 . 2009-12-25 02:43 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 00:01 . 2008-11-12 10:21 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-04 01:18 . 2012-02-04 01:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2004-08-04 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2005-03-31 12:17 . 2008-02-08 09:06 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-20_13.20.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-22 00:11 . 2012-04-22 00:11 16384 c:\windows\Temp\Perflib_Perfdata_3e4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{687578B9-7132-4A7A-80E4-30EE31099E03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 16841216]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-10-01 98304]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2012-03-25 329312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 01:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 00:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\User 1\\Desktop\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/06/2009 3:45 PM 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/06/2009 3:45 PM 22344]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13/03/2010 5:14 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13/03/2010 5:14 PM 135664]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [4/08/2004 10:00 PM 14336]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [15/04/2012 9:10 AM 27064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 07:14]
.
2012-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 07:14]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://ninemsn.com.au
uInternet Settings,ProxyOverride = <local>;*.local
Trusted Zone: select2perform.com.au
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\User 1\Application Data\Mozilla\Firefox\Profiles\397mz4yq.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 61333
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
user_pref(security.warn_viewing_mixed,false);
user_pref(security.warn_viewing_mixed.show_once,false);
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
user_pref(security.warn_submit_insecure,false);
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-22 10:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(520)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2956)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\ImgUtil.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-04-22 10:15:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-22 00:15
ComboFix2.txt 2012-04-20 13:21
ComboFix3.txt 2012-04-04 13:32
ComboFix4.txt 2012-04-04 12:24
.
Pre-Run: 152,754,028,544 bytes free
Post-Run: 152,776,568,832 bytes free
.
- - End Of File - - 58B641E37D6BA16F988FEE099F69D674

11:19:10.0562 3808 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
11:19:11.0484 3808 ============================================================
11:19:11.0484 3808 Current date / time: 2012/04/22 11:19:11.0484
11:19:11.0484 3808 SystemInfo:
11:19:11.0484 3808
11:19:11.0484 3808 OS Version: 5.1.2600 ServicePack: 3.0
11:19:11.0484 3808 Product type: Workstation
11:19:11.0484 3808 ComputerName: JD
11:19:11.0484 3808 UserName: User 1
11:19:11.0484 3808 Windows directory: C:\WINDOWS
11:19:11.0484 3808 System windows directory: C:\WINDOWS
11:19:11.0484 3808 Processor architecture: Intel x86
11:19:11.0484 3808 Number of processors: 2
11:19:11.0484 3808 Page size: 0x1000
11:19:11.0484 3808 Boot type: Normal boot
11:19:11.0484 3808 ============================================================
11:19:14.0171 3808 Drive \Device\Harddisk0\DR0 - Size: 0x2E93D2DE00 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:19:14.0187 3808 Drive \Device\Harddisk1\DR1 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:19:14.0187 3808 \Device\Harddisk0\DR0:
11:19:14.0187 3808 MBR partitions:
11:19:14.0187 3808 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17499EC1
11:19:14.0187 3808 \Device\Harddisk1\DR1:
11:19:14.0187 3808 MBR partitions:
11:19:14.0187 3808 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
11:19:14.0218 3808 C: <-> \Device\Harddisk1\DR1\Partition0
11:19:14.0218 3808 E: <-> \Device\Harddisk0\DR0\Partition0
11:19:14.0218 3808 Initialize success
11:19:14.0218 3808 ============================================================
11:19:16.0750 0556 ============================================================
11:19:16.0750 0556 Scan started
11:19:16.0750 0556 Mode: Manual;
11:19:16.0750 0556 ============================================================
11:19:17.0593 0556 Abiosdsk - ok
11:19:17.0703 0556 abp480n5 - ok
11:19:17.0890 0556 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:19:17.0937 0556 ACPI - ok
11:19:18.0171 0556 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:19:18.0171 0556 ACPIEC - ok
11:19:18.0296 0556 adpu160m - ok
11:19:18.0406 0556 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:19:18.0406 0556 aec - ok
11:19:18.0531 0556 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:19:18.0531 0556 AFD - ok
11:19:18.0609 0556 Aha154x - ok
11:19:18.0703 0556 aic78u2 - ok
11:19:18.0781 0556 aic78xx - ok
11:19:18.0875 0556 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
11:19:18.0875 0556 Alerter - ok
11:19:18.0953 0556 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
11:19:18.0953 0556 ALG - ok
11:19:19.0015 0556 AliIde - ok
11:19:19.0140 0556 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
11:19:19.0140 0556 AmdK8 - ok
11:19:19.0203 0556 amsint - ok
11:19:19.0343 0556 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:19:19.0343 0556 Apple Mobile Device - ok
11:19:19.0437 0556 AppMgmt - ok
11:19:19.0546 0556 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:19:19.0546 0556 Arp1394 - ok
11:19:19.0625 0556 asc - ok
11:19:19.0718 0556 asc3350p - ok
11:19:19.0796 0556 asc3550 - ok
11:19:19.0906 0556 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:19:19.0906 0556 aspnet_state - ok
11:19:20.0031 0556 asusgsb (d320732bcf5ff856120bd06855c66867) C:\WINDOWS\system32\drivers\asusgsb.sys
11:19:20.0031 0556 asusgsb - ok
11:19:20.0109 0556 asuskbnt (b3b881eb81013aac11594a5400ada47a) C:\WINDOWS\system32\drivers\atkkbnt.sys
11:19:20.0109 0556 asuskbnt - ok
11:19:20.0218 0556 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:19:20.0218 0556 AsyncMac - ok
11:19:20.0328 0556 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:19:20.0328 0556 atapi - ok
11:19:20.0406 0556 Atdisk - ok
11:19:20.0546 0556 Ati HotKey Poller (af61e4353c2257b32baa22d97b822c04) C:\WINDOWS\system32\Ati2evxx.exe
11:19:20.0546 0556 Ati HotKey Poller - ok
11:19:20.0703 0556 ATI Smart (106c8d405a14387a7b21ed3a73a9511a) C:\WINDOWS\system32\ati2sgag.exe
11:19:20.0703 0556 ATI Smart - ok
11:19:21.0218 0556 ati2mtag (9cd9658b9575a07aad676639fe3b51d6) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:19:21.0250 0556 ati2mtag - ok
11:19:21.0343 0556 AtiHdmiService (fac04a8e09c8d70594382656d99772a3) C:\WINDOWS\system32\drivers\AtiHdmi.sys
11:19:21.0343 0556 AtiHdmiService - ok
11:19:21.0421 0556 ATKKeyboardService (b453700b9eb83fef29811b28dae27d29) C:\WINDOWS\ATKKBService.exe
11:19:21.0421 0556 ATKKeyboardService - ok
11:19:21.0531 0556 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:19:21.0531 0556 Atmarpc - ok
11:19:21.0625 0556 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
11:19:21.0625 0556 AudioSrv - ok
11:19:21.0765 0556 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:19:21.0765 0556 audstub - ok
11:19:21.0890 0556 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:19:21.0890 0556 Beep - ok
11:19:22.0015 0556 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
11:19:22.0015 0556 BITS - ok
11:19:22.0187 0556 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
11:19:22.0187 0556 Bonjour Service - ok
11:19:22.0375 0556 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
11:19:22.0375 0556 Browser - ok
11:19:22.0390 0556 catchme - ok
11:19:22.0500 0556 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:19:22.0500 0556 cbidf2k - ok
11:19:22.0609 0556 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:19:22.0609 0556 CCDECODE - ok
11:19:22.0718 0556 cd20xrnt - ok
11:19:22.0812 0556 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:19:22.0812 0556 Cdaudio - ok
11:19:22.0890 0556 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:19:22.0890 0556 Cdfs - ok
11:19:23.0031 0556 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:19:23.0031 0556 Cdrom - ok
11:19:23.0078 0556 Changer - ok
11:19:23.0171 0556 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
11:19:23.0171 0556 CiSvc - ok
11:19:23.0234 0556 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
11:19:23.0234 0556 ClipSrv - ok
11:19:23.0359 0556 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:19:23.0359 0556 clr_optimization_v2.0.50727_32 - ok
11:19:23.0453 0556 CmdIde - ok
11:19:23.0531 0556 COMSysApp - ok
11:19:23.0609 0556 Cpqarray - ok
11:19:23.0734 0556 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
11:19:23.0734 0556 CryptSvc - ok
11:19:23.0812 0556 dac2w2k - ok
11:19:23.0875 0556 dac960nt - ok
11:19:24.0015 0556 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
11:19:24.0015 0556 DcomLaunch - ok
11:19:24.0156 0556 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
11:19:24.0156 0556 Dhcp - ok
11:19:24.0265 0556 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:19:24.0265 0556 Disk - ok
11:19:24.0328 0556 dmadmin - ok
11:19:24.0500 0556 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:19:24.0593 0556 dmboot - ok
11:19:24.0765 0556 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:19:24.0781 0556 dmio - ok
11:19:24.0875 0556 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:19:24.0875 0556 dmload - ok
11:19:24.0953 0556 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
11:19:24.0953 0556 dmserver - ok
11:19:25.0046 0556 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:19:25.0062 0556 DMusic - ok
11:19:25.0171 0556 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
11:19:25.0171 0556 Dnscache - ok
11:19:25.0265 0556 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
11:19:25.0281 0556 Dot3svc - ok
11:19:25.0343 0556 dpti2o - ok
11:19:25.0437 0556 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:19:25.0437 0556 drmkaud - ok
11:19:25.0546 0556 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
11:19:25.0546 0556 EapHost - ok
11:19:25.0671 0556 EIO (0daf3544804650526751c478aeccce63) C:\WINDOWS\system32\drivers\EIO.sys
11:19:25.0687 0556 EIO - ok
11:19:25.0796 0556 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
11:19:25.0796 0556 ERSvc - ok
11:19:25.0890 0556 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:19:25.0890 0556 Eventlog - ok
11:19:26.0031 0556 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
11:19:26.0031 0556 EventSystem - ok
11:19:26.0140 0556 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:19:26.0156 0556 Fastfat - ok
11:19:26.0250 0556 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:19:26.0250 0556 FastUserSwitchingCompatibility - ok
11:19:26.0328 0556 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:19:26.0328 0556 Fdc - ok
11:19:26.0406 0556 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:19:26.0406 0556 Fips - ok
11:19:26.0484 0556 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:19:26.0484 0556 Flpydisk - ok
11:19:26.0609 0556 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:19:26.0609 0556 FltMgr - ok
11:19:26.0750 0556 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:19:26.0750 0556 FontCache3.0.0.0 - ok
11:19:26.0875 0556 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:19:26.0875 0556 Fs_Rec - ok
11:19:27.0000 0556 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:19:27.0000 0556 Ftdisk - ok
11:19:27.0062 0556 gdrv (54789f9ba0d59072cdd4e7c200e122c4) C:\WINDOWS\gdrv.sys
11:19:27.0062 0556 gdrv - ok
11:19:27.0203 0556 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
11:19:27.0203 0556 GEARAspiWDM - ok
11:19:27.0312 0556 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:19:27.0312 0556 Gpc - ok
11:19:27.0453 0556 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
11:19:27.0453 0556 gupdate - ok
11:19:27.0468 0556 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
11:19:27.0468 0556 gupdatem - ok
11:19:27.0640 0556 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:19:27.0640 0556 HDAudBus - ok
11:19:27.0765 0556 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:19:27.0765 0556 helpsvc - ok
11:19:27.0828 0556 HidServ - ok
11:19:27.0937 0556 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:19:27.0937 0556 HidUsb - ok
11:19:28.0015 0556 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
11:19:28.0031 0556 hkmsvc - ok
11:19:28.0093 0556 hpn - ok
11:19:28.0218 0556 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:19:28.0234 0556 HTTP - ok
11:19:28.0328 0556 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
11:19:28.0328 0556 HTTPFilter - ok
11:19:28.0390 0556 i2omgmt - ok
11:19:28.0453 0556 i2omp - ok
11:19:28.0562 0556 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:19:28.0562 0556 i8042prt - ok
11:19:28.0671 0556 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:19:28.0671 0556 IDriverT - ok
11:19:28.0890 0556 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:19:28.0890 0556 idsvc - ok
11:19:29.0031 0556 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:19:29.0031 0556 Imapi - ok
11:19:29.0140 0556 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
11:19:29.0140 0556 ImapiService - ok
11:19:29.0203 0556 ini910u - ok
11:19:29.0765 0556 IntcAzAudAddService (8c65fcf7ab3389e7c224ea2ec4456f2d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:19:29.0781 0556 IntcAzAudAddService - ok
11:19:29.0859 0556 IntelIde - ok
11:19:29.0953 0556 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:19:29.0953 0556 Ip6Fw - ok
11:19:30.0046 0556 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:19:30.0046 0556 IpFilterDriver - ok
11:19:30.0187 0556 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:19:30.0187 0556 IpInIp - ok
11:19:30.0296 0556 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:19:30.0312 0556 IpNat - ok
11:19:30.0453 0556 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
11:19:30.0453 0556 iPod Service - ok
11:19:30.0640 0556 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:19:30.0640 0556 IPSec - ok
11:19:30.0781 0556 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:19:30.0781 0556 IRENUM - ok
11:19:30.0875 0556 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:19:30.0875 0556 isapnp - ok
11:19:31.0000 0556 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
11:19:31.0000 0556 JavaQuickStarterService - ok
11:19:31.0156 0556 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:19:31.0156 0556 Kbdclass - ok
11:19:31.0281 0556 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:19:31.0281 0556 kmixer - ok
11:19:31.0390 0556 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:19:31.0390 0556 KSecDD - ok
11:19:31.0500 0556 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
11:19:31.0515 0556 lanmanserver - ok
11:19:31.0625 0556 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
11:19:31.0625 0556 lanmanworkstation - ok
11:19:31.0718 0556 lbrtfdc - ok
11:19:31.0812 0556 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
11:19:31.0812 0556 LmHosts - ok
11:19:31.0921 0556 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
11:19:31.0921 0556 MBAMProtector - ok
11:19:32.0078 0556 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:19:32.0078 0556 MBAMService - ok
11:19:32.0250 0556 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
11:19:32.0250 0556 Messenger - ok
11:19:32.0375 0556 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:19:32.0375 0556 mnmdd - ok
11:19:32.0468 0556 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
11:19:32.0468 0556 mnmsrvc - ok
11:19:32.0593 0556 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:19:32.0593 0556 Modem - ok
11:19:32.0750 0556 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:19:32.0750 0556 Mouclass - ok
11:19:32.0875 0556 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:19:32.0875 0556 mouhid - ok
11:19:32.0984 0556 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:19:32.0984 0556 MountMgr - ok
11:19:33.0062 0556 mraid35x - ok
11:19:33.0156 0556 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:19:33.0171 0556 MRxDAV - ok
11:19:33.0312 0556 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:19:33.0343 0556 MRxSmb - ok
11:19:33.0437 0556 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
11:19:33.0437 0556 MSDTC - ok
11:19:33.0531 0556 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:19:33.0531 0556 Msfs - ok
11:19:33.0593 0556 MSIServer - ok
11:19:33.0718 0556 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:19:33.0718 0556 MSKSSRV - ok
11:19:33.0781 0556 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:19:33.0796 0556 MSPCLOCK - ok
11:19:33.0890 0556 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:19:33.0890 0556 MSPQM - ok
11:19:34.0000 0556 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:19:34.0000 0556 mssmbios - ok
11:19:34.0093 0556 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:19:34.0093 0556 MSTEE - ok
11:19:34.0203 0556 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:19:34.0203 0556 Mup - ok
11:19:34.0312 0556 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:19:34.0328 0556 NABTSFEC - ok
11:19:34.0437 0556 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
11:19:34.0437 0556 napagent - ok
11:19:34.0546 0556 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:19:34.0546 0556 NDIS - ok
11:19:34.0625 0556 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:19:34.0640 0556 NdisIP - ok
11:19:34.0765 0556 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:19:34.0765 0556 NdisTapi - ok
11:19:34.0890 0556 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:19:34.0890 0556 Ndisuio - ok
11:19:34.0968 0556 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:19:34.0984 0556 NdisWan - ok
11:19:35.0109 0556 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:19:35.0109 0556 NDProxy - ok
11:19:35.0218 0556 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:19:35.0218 0556 NetBIOS - ok
11:19:35.0312 0556 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:19:35.0328 0556 NetBT - ok
11:19:35.0437 0556 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:19:35.0437 0556 NetDDE - ok
11:19:35.0453 0556 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:19:35.0453 0556 NetDDEdsdm - ok
11:19:35.0531 0556 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:19:35.0531 0556 Netlogon - ok
11:19:35.0609 0556 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
11:19:35.0609 0556 Netman - ok
11:19:35.0796 0556 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:19:35.0796 0556 NetTcpPortSharing - ok
11:19:35.0984 0556 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:19:36.0000 0556 NIC1394 - ok
11:19:36.0140 0556 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
11:19:36.0140 0556 Nla - ok
11:19:36.0218 0556 nosGetPlusHelper (f44addbf29905cb19f52fc9fe6a0efa1) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
11:19:36.0218 0556 nosGetPlusHelper - ok
11:19:36.0375 0556 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:19:36.0375 0556 Npfs - ok
11:19:36.0515 0556 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:19:36.0515 0556 Ntfs - ok
11:19:36.0656 0556 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:19:36.0656 0556 NtLmSsp - ok
11:19:36.0796 0556 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
11:19:36.0812 0556 NtmsSvc - ok
11:19:36.0953 0556 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:19:36.0953 0556 Null - ok
11:19:37.0046 0556 NVENETFD (982702a22349c2b31f7dcef62241058f) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
11:19:37.0046 0556 NVENETFD - ok
11:19:37.0140 0556 nvnetbus (bc0f2c4ed9d6da9a2519c55af7d4fc60) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
11:19:37.0140 0556 nvnetbus - ok
11:19:37.0234 0556 NVSvc (e9e110cdf6a063a5f9b841c36fb5cc95) C:\WINDOWS\system32\nvsvc32.exe
11:19:37.0234 0556 NVSvc - ok
11:19:37.0375 0556 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:19:37.0375 0556 NwlnkFlt - ok
11:19:37.0468 0556 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:19:37.0468 0556 NwlnkFwd - ok
11:19:37.0593 0556 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:19:37.0593 0556 ohci1394 - ok
11:19:37.0734 0556 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:19:37.0734 0556 Parport - ok
11:19:37.0812 0556 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:19:37.0812 0556 PartMgr - ok
11:19:37.0906 0556 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:19:37.0906 0556 ParVdm - ok
11:19:38.0015 0556 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:19:38.0015 0556 PCI - ok
11:19:38.0078 0556 PCIDump - ok
11:19:38.0171 0556 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:19:38.0171 0556 PCIIde - ok
11:19:38.0312 0556 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:19:38.0328 0556 Pcmcia - ok
11:19:38.0390 0556 PDCOMP - ok
11:19:38.0468 0556 PDFRAME - ok
11:19:38.0531 0556 PDRELI - ok
11:19:38.0609 0556 PDRFRAME - ok
11:19:38.0703 0556 perc2 - ok
11:19:38.0781 0556 perc2hib - ok
11:19:38.0890 0556 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:19:38.0890 0556 PlugPlay - ok
11:19:38.0968 0556 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:19:38.0968 0556 PolicyAgent - ok
11:19:39.0062 0556 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:19:39.0062 0556 PptpMiniport - ok
11:19:39.0140 0556 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
11:19:39.0140 0556 Processor - ok
11:19:39.0218 0556 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:19:39.0218 0556 ProtectedStorage - ok
11:19:39.0328 0556 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:19:39.0328 0556 PSched - ok
11:19:39.0515 0556 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:19:39.0515 0556 Ptilink - ok
11:19:39.0593 0556 ql1080 - ok
11:19:39.0656 0556 Ql10wnt - ok
11:19:39.0765 0556 ql12160 - ok
11:19:39.0828 0556 ql1240 - ok
11:19:39.0906 0556 ql1280 - ok
11:19:40.0000 0556 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:19:40.0000 0556 RasAcd - ok
11:19:40.0078 0556 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
11:19:40.0093 0556 RasAuto - ok
11:19:40.0171 0556 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:19:40.0187 0556 Rasl2tp - ok
11:19:40.0296 0556 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
11:19:40.0296 0556 RasMan - ok
11:19:40.0406 0556 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:19:40.0406 0556 RasPppoe - ok
11:19:40.0468 0556 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:19:40.0484 0556 Raspti - ok
11:19:40.0609 0556 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:19:40.0609 0556 Rdbss - ok
11:19:40.0718 0556 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:19:40.0718 0556 RDPCDD - ok
11:19:40.0828 0556 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
11:19:40.0843 0556 RDPWD - ok
11:19:40.0953 0556 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
11:19:40.0953 0556 RDSessMgr - ok
11:19:41.0062 0556 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:19:41.0078 0556 redbook - ok
11:19:41.0171 0556 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
11:19:41.0171 0556 RemoteAccess - ok
11:19:41.0250 0556 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
11:19:41.0250 0556 Revoflt - ok
11:19:41.0359 0556 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
11:19:41.0359 0556 RpcLocator - ok
11:19:41.0484 0556 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
11:19:41.0500 0556 RpcSs - ok
11:19:41.0609 0556 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
11:19:41.0609 0556 RSVP - ok
11:19:41.0734 0556 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:19:41.0734 0556 SamSs - ok
11:19:41.0828 0556 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
11:19:41.0828 0556 SCardSvr - ok
11:19:41.0937 0556 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
11:19:41.0937 0556 Schedule - ok
11:19:42.0031 0556 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:19:42.0031 0556 Secdrv - ok
11:19:42.0125 0556 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
11:19:42.0125 0556 seclogon - ok
11:19:42.0187 0556 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
11:19:42.0187 0556 SENS - ok
11:19:42.0281 0556 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:19:42.0296 0556 serenum - ok
11:19:42.0406 0556 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:19:42.0406 0556 Serial - ok
11:19:42.0500 0556 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:19:42.0500 0556 Sfloppy - ok
11:19:42.0625 0556 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
11:19:42.0625 0556 SharedAccess - ok
11:19:42.0765 0556 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:19:42.0765 0556 ShellHWDetection - ok
11:19:42.0828 0556 Simbad - ok
11:19:42.0921 0556 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:19:42.0921 0556 SLIP - ok
11:19:43.0000 0556 Sparrow - ok
11:19:43.0093 0556 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:19:43.0093 0556 splitter - ok
11:19:43.0187 0556 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
11:19:43.0203 0556 Spooler - ok
11:19:43.0296 0556 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:19:43.0312 0556 sr - ok
11:19:43.0421 0556 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
11:19:43.0421 0556 srservice - ok
11:19:43.0546 0556 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:19:43.0578 0556 Srv - ok
11:19:43.0656 0556 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
11:19:43.0656 0556 SSDPSRV - ok
11:19:43.0781 0556 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
11:19:43.0781 0556 stisvc - ok
11:19:43.0875 0556 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:19:43.0875 0556 streamip - ok
11:19:43.0953 0556 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:19:43.0953 0556 swenum - ok
11:19:44.0031 0556 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:19:44.0046 0556 swmidi - ok
11:19:44.0109 0556 SwPrv - ok
11:19:44.0171 0556 symc810 - ok
11:19:44.0250 0556 symc8xx - ok
11:19:44.0312 0556 sym_hi - ok
11:19:44.0390 0556 sym_u3 - ok
11:19:44.0484 0556 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:19:44.0484 0556 sysaudio - ok
11:19:44.0562 0556 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
11:19:44.0578 0556 SysmonLog - ok
11:19:44.0671 0556 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
11:19:44.0671 0556 TapiSrv - ok
11:19:44.0828 0556 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:19:44.0828 0556 Tcpip - ok
11:19:44.0937 0556 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:19:44.0937 0556 TDPIPE - ok
11:19:45.0015 0556 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:19:45.0031 0556 TDTCP - ok
11:19:45.0109 0556 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:19:45.0125 0556 TermDD - ok
11:19:45.0234 0556 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
11:19:45.0234 0556 TermService - ok
11:19:45.0328 0556 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:19:45.0343 0556 Themes - ok
11:19:45.0406 0556 TosIde - ok
11:19:45.0500 0556 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
11:19:45.0500 0556 TrkWks - ok
11:19:45.0593 0556 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:19:45.0609 0556 Udfs - ok
11:19:45.0703 0556 ultra - ok
11:19:45.0843 0556 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:19:45.0875 0556 Update - ok
11:19:45.0968 0556 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
11:19:45.0968 0556 upnphost - ok
11:19:46.0031 0556 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
11:19:46.0046 0556 UPS - ok
11:19:46.0140 0556 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
11:19:46.0156 0556 USBAAPL - ok
11:19:46.0250 0556 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:19:46.0265 0556 usbccgp - ok
11:19:46.0359 0556 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:19:46.0359 0556 usbehci - ok
11:19:46.0468 0556 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:19:46.0484 0556 usbhub - ok
11:19:46.0546 0556 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:19:46.0562 0556 usbohci - ok
11:19:46.0640 0556 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:19:46.0656 0556 usbprint - ok
11:19:46.0781 0556 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:19:46.0781 0556 usbscan - ok
11:19:46.0890 0556 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:19:46.0890 0556 USBSTOR - ok
11:19:46.0984 0556 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:19:47.0000 0556 VgaSave - ok
11:19:47.0062 0556 ViaIde - ok
11:19:47.0156 0556 Video3D (8643da4a6c83da6c10fcab1e5ab6632d) C:\WINDOWS\system32\Drivers\Video3D32.sys
11:19:47.0171 0556 Video3D - ok
11:19:47.0281 0556 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:19:47.0281 0556 VolSnap - ok
11:19:47.0406 0556 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
11:19:47.0406 0556 VSS - ok
11:19:47.0500 0556 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
11:19:47.0500 0556 W32Time - ok
11:19:47.0593 0556 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:19:47.0593 0556 Wanarp - ok
11:19:47.0671 0556 WDICA - ok
11:19:47.0781 0556 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:19:47.0781 0556 wdmaud - ok
11:19:47.0890 0556 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
11:19:47.0890 0556 WebClient - ok
11:19:48.0015 0556 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:19:48.0015 0556 winmgmt - ok
11:19:48.0140 0556 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
11:19:48.0140 0556 WLSetupSvc - ok
11:19:48.0312 0556 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
11:19:48.0312 0556 WmdmPmSN - ok
11:19:48.0437 0556 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:19:48.0437 0556 WmiApSrv - ok
11:19:48.0609 0556 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
11:19:48.0625 0556 WMPNetworkSvc - ok
11:19:48.0843 0556 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:19:48.0843 0556 WS2IFSL - ok
11:19:48.0953 0556 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
11:19:48.0953 0556 wscsvc - ok
11:19:49.0046 0556 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:19:49.0046 0556 WSTCODEC - ok
11:19:49.0140 0556 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
11:19:49.0140 0556 wuauserv - ok
11:19:49.0234 0556 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:19:49.0234 0556 WudfPf - ok
11:19:49.0312 0556 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:19:49.0328 0556 WudfRd - ok
11:19:49.0390 0556 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
11:19:49.0406 0556 WudfSvc - ok
11:19:49.0546 0556 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
11:19:49.0546 0556 WZCSVC - ok
11:19:49.0656 0556 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
11:19:49.0656 0556 xmlprov - ok
11:19:49.0687 0556 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:19:49.0843 0556 \Device\Harddisk0\DR0 - ok
11:19:49.0859 0556 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
11:19:49.0984 0556 \Device\Harddisk1\DR1 - ok
11:19:49.0984 0556 Boot (0x1200) (e5085950e0e361502a4c028ba3602972) \Device\Harddisk0\DR0\Partition0
11:19:49.0984 0556 \Device\Harddisk0\DR0\Partition0 - ok
11:19:50.0000 0556 Boot (0x1200) (d82ba361deb4f2b92a4504fceb56ac4d) \Device\Harddisk1\DR1\Partition0
11:19:50.0000 0556 \Device\Harddisk1\DR1\Partition0 - ok
11:19:50.0000 0556 ============================================================
11:19:50.0000 0556 Scan finished
11:19:50.0000 0556 ============================================================
11:19:50.0015 3880 Detected object count: 0
11:19:50.0015 3880 Actual detected object count: 0
11:19:56.0203 3596 ============================================================
11:19:56.0203 3596 Scan started
11:19:56.0203 3596 Mode: Manual; SigCheck; TDLFS;
11:19:56.0203 3596 ============================================================
11:19:56.0562 3596 Abiosdsk - ok
11:19:56.0625 3596 abp480n5 - ok
11:19:56.0781 3596 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:19:58.0531 3596 ACPI - ok
11:19:58.0734 3596 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:19:58.0843 3596 ACPIEC - ok
11:19:58.0984 3596 adpu160m - ok
11:19:59.0093 3596 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:19:59.0250 3596 aec - ok
11:19:59.0375 3596 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:19:59.0406 3596 AFD - ok
11:19:59.0484 3596 Aha154x - ok
11:19:59.0562 3596 aic78u2 - ok
11:19:59.0625 3596 aic78xx - ok
11:19:59.0765 3596 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
11:19:59.0859 3596 Alerter - ok
11:19:59.0953 3596 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
11:20:00.0000 3596 ALG - ok
11:20:00.0125 3596 AliIde - ok
11:20:00.0250 3596 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
11:20:00.0296 3596 AmdK8 - ok
11:20:00.0390 3596 amsint - ok
11:20:00.0515 3596 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:20:00.0531 3596 Apple Mobile Device - ok
11:20:00.0671 3596 AppMgmt - ok
11:20:00.0812 3596 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:20:00.0921 3596 Arp1394 - ok
11:20:01.0000 3596 asc - ok
11:20:01.0062 3596 asc3350p - ok
11:20:01.0140 3596 asc3550 - ok
11:20:01.0265 3596 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:20:01.0265 3596 aspnet_state - ok
11:20:01.0421 3596 asusgsb (d320732bcf5ff856120bd06855c66867) C:\WINDOWS\system32\drivers\asusgsb.sys
11:20:01.0437 3596 asusgsb ( UnsignedFile.Multi.Generic ) - warning
11:20:01.0437 3596 asusgsb - detected UnsignedFile.Multi.Generic (1)
11:20:01.0531 3596 asuskbnt (b3b881eb81013aac11594a5400ada47a) C:\WINDOWS\system32\drivers\atkkbnt.sys
11:20:01.0546 3596 asuskbnt ( UnsignedFile.Multi.Generic ) - warning
11:20:01.0546 3596 asuskbnt - detected UnsignedFile.Multi.Generic (1)
11:20:01.0656 3596 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:20:01.0796 3596 AsyncMac - ok
11:20:01.0906 3596 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:20:02.0031 3596 atapi - ok
11:20:02.0140 3596 Atdisk - ok
11:20:02.0296 3596 Ati HotKey Poller (af61e4353c2257b32baa22d97b822c04) C:\WINDOWS\system32\Ati2evxx.exe
11:20:02.0406 3596 Ati HotKey Poller - ok
11:20:02.0578 3596 ATI Smart (106c8d405a14387a7b21ed3a73a9511a) C:\WINDOWS\system32\ati2sgag.exe
11:20:02.0687 3596 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
11:20:02.0687 3596 ATI Smart - detected UnsignedFile.Multi.Generic (1)
11:20:03.0265 3596 ati2mtag (9cd9658b9575a07aad676639fe3b51d6) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:20:03.0750 3596 ati2mtag - ok
11:20:03.0906 3596 AtiHdmiService (fac04a8e09c8d70594382656d99772a3) C:\WINDOWS\system32\drivers\AtiHdmi.sys
11:20:04.0140 3596 AtiHdmiService - ok
11:20:04.0265 3596 ATKKeyboardService (b453700b9eb83fef29811b28dae27d29) C:\WINDOWS\ATKKBService.exe
11:20:04.0281 3596 ATKKeyboardService ( UnsignedFile.Multi.Generic ) - warning
11:20:04.0281 3596 ATKKeyboardService - detected UnsignedFile.Multi.Generic (1)
11:20:04.0406 3596 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:20:04.0531 3596 Atmarpc - ok
11:20:04.0718 3596 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
11:20:04.0843 3596 AudioSrv - ok
11:20:05.0015 3596 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:20:05.0109 3596 audstub - ok
11:20:05.0281 3596 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:20:05.0390 3596 Beep - ok
11:20:05.0578 3596 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
11:20:05.0765 3596 BITS - ok
11:20:05.0890 3596 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
11:20:05.0921 3596 Bonjour Service - ok
11:20:06.0093 3596 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
11:20:06.0218 3596 Browser - ok
11:20:06.0218 3596 catchme - ok
11:20:06.0312 3596 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:20:06.0437 3596 cbidf2k - ok
11:20:06.0531 3596 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:20:06.0640 3596 CCDECODE - ok
11:20:06.0750 3596 cd20xrnt - ok
11:20:06.0859 3596 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:20:06.0968 3596 Cdaudio - ok
11:20:07.0093 3596 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:20:07.0187 3596 Cdfs - ok
11:20:07.0343 3596 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:20:07.0453 3596 Cdrom - ok
11:20:07.0593 3596 Changer - ok
11:20:07.0718 3596 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
11:20:07.0828 3596 CiSvc - ok
11:20:07.0953 3596 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
11:20:08.0078 3596 ClipSrv - ok
11:20:08.0187 3596 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:20:08.0187 3596 clr_optimization_v2.0.50727_32 - ok
11:20:08.0281 3596 CmdIde - ok
11:20:08.0375 3596 COMSysApp - ok
11:20:08.0453 3596 Cpqarray - ok
11:20:08.0546 3596 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
11:20:08.0703 3596 CryptSvc - ok
11:20:08.0796 3596 dac2w2k - ok
11:20:08.0859 3596 dac960nt - ok
11:20:08.0984 3596 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
11:20:09.0062 3596 DcomLaunch - ok
11:20:09.0234 3596 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
11:20:09.0375 3596 Dhcp - ok
11:20:09.0562 3596 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:20:09.0703 3596 Disk - ok
11:20:09.0828 3596 dmadmin - ok
11:20:10.0015 3596 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:20:10.0156 3596 dmboot - ok
11:20:10.0312 3596 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:20:10.0437 3596 dmio - ok
11:20:10.0578 3596 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:20:10.0734 3596 dmload - ok
11:20:10.0875 3596 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
11:20:10.0984 3596 dmserver - ok
11:20:11.0140 3596 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:20:11.0265 3596 DMusic - ok
11:20:11.0359 3596 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
11:20:11.0421 3596 Dnscache - ok
11:20:11.0593 3596 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
11:20:11.0718 3596 Dot3svc - ok
11:20:11.0796 3596 dpti2o - ok
11:20:11.0906 3596 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:20:12.0015 3596 drmkaud - ok
11:20:12.0109 3596 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
11:20:12.0234 3596 EapHost - ok
11:20:12.0390 3596 EIO (0daf3544804650526751c478aeccce63) C:\WINDOWS\system32\drivers\EIO.sys
11:20:12.0421 3596 EIO ( UnsignedFile.Multi.Generic ) - warning
11:20:12.0421 3596 EIO - detected UnsignedFile.Multi.Generic (1)
11:20:12.0500 3596 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
11:20:12.0625 3596 ERSvc - ok
11:20:12.0765 3596 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:20:12.0796 3596 Eventlog - ok
11:20:12.0921 3596 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
11:20:12.0968 3596 EventSystem - ok
11:20:13.0109 3596 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:20:13.0218 3596 Fastfat - ok
11:20:13.0359 3596 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:20:13.0390 3596 FastUserSwitchingCompatibility - ok
11:20:13.0515 3596 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:20:13.0625 3596 Fdc - ok
11:20:13.0750 3596 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:20:13.0859 3596 Fips - ok
11:20:14.0015 3596 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:20:14.0140 3596 Flpydisk - ok
11:20:14.0281 3596 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:20:14.0375 3596 FltMgr - ok
11:20:14.0484 3596 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:20:14.0500 3596 FontCache3.0.0.0 - ok
11:20:14.0640 3596 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:20:14.0781 3596 Fs_Rec - ok
11:20:14.0953 3596 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:20:15.0062 3596 Ftdisk - ok
11:20:15.0140 3596 gdrv (54789f9ba0d59072cdd4e7c200e122c4) C:\WINDOWS\gdrv.sys
11:20:15.0140 3596 gdrv - ok
11:20:15.0296 3596 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
11:20:15.0312 3596 GEARAspiWDM - ok
11:20:15.0406 3596 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:20:15.0531 3596 Gpc - ok
11:20:15.0656 3596 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
11:20:15.0703 3596 gupdate - ok
11:20:15.0750 3596 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
11:20:15.0750 3596 gupdatem - ok
11:20:15.0953 3596 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:20:16.0078 3596 HDAudBus - ok
11:20:16.0171 3596 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:20:16.0281 3596 helpsvc - ok
11:20:16.0390 3596 HidServ - ok
11:20:16.0500 3596 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:20:16.0609 3596 HidUsb - ok
11:20:16.0781 3596 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
11:20:16.0906 3596 hkmsvc - ok
11:20:17.0046 3596 hpn - ok
11:20:17.0187 3596 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:20:17.0234 3596 HTTP - ok
11:20:17.0343 3596 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
11:20:17.0468 3596 HTTPFilter - ok
11:20:17.0546 3596 i2omgmt - ok
11:20:17.0625 3596 i2omp - ok
11:20:17.0781 3596 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:20:17.0890 3596 i8042prt - ok
11:20:18.0000 3596 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:20:18.0031 3596 IDriverT ( UnsignedFile.Multi.Generic ) - warning
11:20:18.0031 3596 IDriverT - detected UnsignedFile.Multi.Generic (1)
11:20:18.0250 3596 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:20:18.0343 3596 idsvc - ok
11:20:18.0500 3596 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:20:18.0625 3596 Imapi - ok
11:20:18.0781 3596 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
11:20:18.0906 3596 ImapiService - ok
11:20:18.0984 3596 ini910u - ok
11:20:19.0546 3596 IntcAzAudAddService (8c65fcf7ab3389e7c224ea2ec4456f2d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:20:20.0093 3596 IntcAzAudAddService - ok
11:20:20.0218 3596 IntelIde - ok
11:20:20.0343 3596 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:20:20.0453 3596 Ip6Fw - ok
11:20:20.0593 3596 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:20:20.0734 3596 IpFilterDriver - ok
11:20:20.0843 3596 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:20:20.0968 3596 IpInIp - ok
11:20:21.0078 3596 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:20:21.0218 3596 IpNat - ok
11:20:21.0359 3596 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
11:20:21.0421 3596 iPod Service - ok
11:20:21.0609 3596 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:20:21.0750 3596 IPSec - ok
11:20:21.0906 3596 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:20:21.0968 3596 IRENUM - ok
11:20:22.0140 3596 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:20:22.0218 3596 isapnp - ok
11:20:22.0343 3596 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
11:20:22.0343 3596 JavaQuickStarterService - ok
11:20:22.0515 3596 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:20:22.0640 3596 Kbdclass - ok
11:20:22.0875 3596 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:20:22.0984 3596 kmixer - ok
11:20:23.0156 3596 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:20:23.0218 3596 KSecDD - ok
11:20:23.0343 3596 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
11:20:23.0375 3596 lanmanserver - ok
11:20:23.0515 3596 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
11:20:23.0546 3596 lanmanworkstation - ok
11:20:23.0671 3596 lbrtfdc - ok
11:20:23.0812 3596 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
11:20:23.0937 3596 LmHosts - ok
11:20:24.0078 3596 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
11:20:24.0078 3596 MBAMProtector - ok
11:20:24.0218 3596 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:20:24.0281 3596 MBAMService - ok
11:20:24.0453 3596 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
11:20:24.0562 3596 Messenger - ok
11:20:24.0687 3596 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:20:24.0812 3596 mnmdd - ok
11:20:24.0968 3596 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
11:20:25.0078 3596 mnmsrvc - ok
11:20:25.0187 3596 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:20:25.0312 3596 Modem - ok
11:20:25.0453 3596 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:20:25.0531 3596 Mouclass - ok
11:20:25.0687 3596 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:20:25.0828 3596 mouhid - ok
11:20:25.0984 3596 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:20:26.0093 3596 MountMgr - ok
11:20:26.0218 3596 mraid35x - ok
11:20:26.0343 3596 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:20:26.0453 3596 MRxDAV - ok
11:20:26.0609 3596 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:20:26.0671 3596 MRxSmb - ok
11:20:26.0875 3596 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
11:20:26.0968 3596 MSDTC - ok
11:20:27.0093 3596 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:20:27.0218 3596 Msfs - ok
11:20:27.0281 3596 MSIServer - ok
11:20:27.0375 3596 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:20:27.0453 3596 MSKSSRV - ok
11:20:27.0609 3596 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:20:27.0734 3596 MSPCLOCK - ok
11:20:27.0890 3596 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:20:28.0000 3596 MSPQM - ok
11:20:28.0125 3596 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:20:28.0203 3596 mssmbios - ok
11:20:28.0312 3596 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:20:28.0421 3596 MSTEE - ok
11:20:28.0531 3596 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:20:28.0578 3596 Mup - ok
11:20:28.0687 3596 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:20:28.0828 3596 NABTSFEC - ok
11:20:29.0000 3596 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
11:20:29.0125 3596 napagent - ok
11:20:29.0281 3596 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:20:29.0406 3596 NDIS - ok
11:20:29.0546 3596 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:20:29.0656 3596 NdisIP - ok
11:20:29.0828 3596 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:20:29.0859 3596 NdisTapi - ok
11:20:29.0984 3596 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:20:30.0109 3596 Ndisuio - ok
11:20:30.0203 3596 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:20:30.0296 3596 NdisWan - ok
11:20:30.0406 3596 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:20:30.0453 3596 NDProxy - ok
11:20:30.0578 3596 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:20:30.0718 3596 NetBIOS - ok
11:20:30.0875 3596 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:20:30.0984 3596 NetBT - ok
11:20:31.0109 3596 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:20:31.0234 3596 NetDDE - ok
11:20:31.0250 3596 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:20:31.0359 3596 NetDDEdsdm - ok
11:20:31.0484 3596 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:20:31.0609 3596 Netlogon - ok
11:20:31.0828 3596 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
11:20:31.0937 3596 Netman - ok
11:20:32.0140 3596 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:20:32.0140 3596 NetTcpPortSharing - ok
11:20:32.0328 3596 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:20:32.0437 3596 NIC1394 - ok
11:20:32.0625 3596 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
11:20:32.0640 3596 Nla - ok
11:20:32.0765 3596 nosGetPlusHelper (f44addbf29905cb19f52fc9fe6a0efa1) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
11:20:32.0765 3596 nosGetPlusHelper - ok
11:20:32.0953 3596 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:20:33.0046 3596 Npfs - ok
11:20:33.0218 3596 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:20:33.0390 3596 Ntfs - ok
11:20:33.0546 3596 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:20:33.0640 3596 NtLmSsp - ok
11:20:33.0796 3596 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
11:20:33.0937 3596 NtmsSvc - ok
11:20:34.0125 3596 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:20:34.0234 3596 Null - ok
11:20:34.0390 3596 NVENETFD (982702a22349c2b31f7dcef62241058f) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
11:20:34.0406 3596 NVENETFD - ok
11:20:34.0515 3596 nvnetbus (bc0f2c4ed9d6da9a2519c55af7d4fc60) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
11:20:34.0562 3596 nvnetbus - ok
11:20:34.0656 3596 NVSvc (e9e110cdf6a063a5f9b841c36fb5cc95) C:\WINDOWS\system32\nvsvc32.exe
11:20:34.0734 3596 NVSvc - ok
11:20:34.0843 3596 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:20:34.0953 3596 NwlnkFlt - ok
11:20:35.0093 3596 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:20:35.0203 3596 NwlnkFwd - ok
11:20:35.0328 3596 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:20:35.0437 3596 ohci1394 - ok
11:20:35.0562 3596 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:20:35.0671 3596 Parport - ok
11:20:35.0796 3596 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:20:35.0921 3596 PartMgr - ok
11:20:36.0015 3596 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:20:36.0109 3596 ParVdm - ok
11:20:36.0234 3596 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:20:36.0343 3596 PCI - ok
11:20:36.0453 3596 PCIDump - ok
11:20:36.0562 3596 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:20:36.0671 3596 PCIIde - ok
11:20:36.0812 3596 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:20:36.0937 3596 Pcmcia - ok
11:20:37.0062 3596 PDCOMP - ok
11:20:37.0171 3596 PDFRAME - ok
11:20:37.0265 3596 PDRELI - ok
11:20:37.0343 3596 PDRFRAME - ok
11:20:37.0406 3596 perc2 - ok
11:20:37.0468 3596 perc2hib - ok
11:20:37.0609 3596 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:20:37.0656 3596 PlugPlay - ok
11:20:37.0781 3596 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:20:37.0875 3596 PolicyAgent - ok
11:20:37.0968 3596 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:20:38.0093 3596 PptpMiniport - ok
11:20:38.0265 3596 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
11:20:38.0343 3596 Processor - ok
11:20:38.0500 3596 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:20:38.0609 3596 ProtectedStorage - ok
11:20:38.0796 3596 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:20:38.0906 3596 PSched - ok
11:20:39.0062 3596 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:20:39.0171 3596 Ptilink - ok
11:20:39.0296 3596 ql1080 - ok
11:20:39.0359 3596 Ql10wnt - ok
11:20:39.0421 3596 ql12160 - ok
11:20:39.0500 3596 ql1240 - ok
11:20:39.0562 3596 ql1280 - ok
11:20:39.0671 3596 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:20:39.0796 3596 RasAcd - ok
11:20:39.0890 3596 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
11:20:40.0015 3596 RasAuto - ok
11:20:40.0187 3596 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:20:40.0281 3596 Rasl2tp - ok
11:20:40.0437 3596 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
11:20:40.0546 3596 RasMan - ok
11:20:40.0703 3596 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:20:40.0828 3596 RasPppoe - ok
11:20:40.0968 3596 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:20:41.0062 3596 Raspti - ok
11:20:41.0203 3596 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:20:41.0312 3596 Rdbss - ok
11:20:41.0468 3596 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:20:41.0578 3596 RDPCDD - ok
11:20:41.0796 3596 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
11:20:41.0843 3596 RDPWD - ok
11:20:42.0031 3596 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
11:20:42.0109 3596 RDSessMgr - ok
11:20:42.0218 3596 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:20:42.0359 3596 redbook - ok
11:20:42.0468 3596 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
11:20:42.0578 3596 RemoteAccess - ok
11:20:42.0781 3596 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
11:20:42.0781 3596 Revoflt - ok
11:20:42.0937 3596 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
11:20:43.0031 3596 RpcLocator - ok
11:20:43.0171 3596 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
11:20:43.0218 3596 RpcSs - ok
11:20:43.0406 3596 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
11:20:43.0515 3596 RSVP - ok
11:20:43.0671 3596 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:20:43.0796 3596 SamSs - ok
11:20:43.0906 3596 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
11:20:44.0015 3596 SCardSvr - ok
11:20:44.0140 3596 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
11:20:44.0250 3596 Schedule - ok
11:20:44.0359 3596 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:20:44.0406 3596 Secdrv - ok
11:20:44.0531 3596 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
11:20:44.0640 3596 seclogon - ok
11:20:44.0765 3596 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
11:20:44.0890 3596 SENS - ok
11:20:45.0015 3596 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:20:45.0125 3596 serenum - ok
11:20:45.0234 3596 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:20:45.0359 3596 Serial - ok
11:20:45.0484 3596 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:20:45.0578 3596 Sfloppy - ok
11:20:45.0796 3596 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
11:20:45.0937 3596 SharedAccess - ok
11:20:46.0046 3596 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:20:46.0078 3596 ShellHWDetection - ok
11:20:46.0140 3596 Simbad - ok
11:20:46.0234 3596 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:20:46.0343 3596 SLIP - ok
11:20:46.0421 3596 Sparrow - ok
11:20:46.0500 3596 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:20:46.0625 3596 splitter - ok
11:20:46.0781 3596 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
11:20:46.0828 3596 Spooler - ok
11:20:46.0953 3596 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:20:47.0000 3596 sr - ok
11:20:47.0125 3596 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
11:20:47.0171 3596 srservice - ok
11:20:47.0328 3596 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:20:47.0375 3596 Srv - ok
11:20:47.0546 3596 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
11:20:47.0625 3596 SSDPSRV - ok
11:20:47.0859 3596 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
11:20:47.0984 3596 stisvc - ok
11:20:48.0156 3596 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:20:48.0265 3596 streamip - ok
11:20:48.0421 3596 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:20:48.0531 3596 swenum - ok
11:20:48.0703 3596 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:20:48.0843 3596 swmidi - ok
11:20:48.0953 3596 SwPrv - ok
11:20:49.0062 3596 symc810 - ok
11:20:49.0140 3596 symc8xx - ok
11:20:49.0203 3596 sym_hi - ok
11:20:49.0265 3596 sym_u3 - ok
11:20:49.0375 3596 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:20:49.0484 3596 sysaudio - ok
11:20:49.0640 3596 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
11:20:49.0781 3596 SysmonLog - ok
11:20:49.0921 3596 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
11:20:50.0031 3596 TapiSrv - ok
11:20:50.0250 3596 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:20:50.0296 3596 Tcpip - ok
11:20:50.0437 3596 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:20:50.0562 3596 TDPIPE - ok
11:20:50.0656 3596 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:20:50.0796 3596 TDTCP - ok
11:20:50.0921 3596 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:20:51.0062 3596 TermDD - ok
11:20:51.0250 3596 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
11:20:51.0359 3596 TermService - ok
11:20:51.0546 3596 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:20:51.0546 3596 Themes - ok
11:20:51.0656 3596 TosIde - ok
11:20:51.0781 3596 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
11:20:51.0906 3596 TrkWks - ok
11:20:52.0078 3596 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:20:52.0171 3596 Udfs - ok
11:20:52.0265 3596 ultra - ok
11:20:52.0406 3596 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:20:52.0531 3596 Update - ok
11:20:52.0765 3596 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
11:20:52.0828 3596 upnphost - ok
11:20:52.0953 3596 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
11:20:53.0062 3596 UPS - ok
11:20:53.0234 3596 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
11:20:53.0281 3596 USBAAPL - ok
11:20:53.0406 3596 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:20:53.0515 3596 usbccgp - ok
11:20:53.0625 3596 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:20:53.0750 3596 usbehci - ok
11:20:53.0906 3596 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:20:54.0046 3596 usbhub - ok
11:20:54.0140 3596 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:20:54.0234 3596 usbohci - ok
11:20:54.0343 3596 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:20:54.0468 3596 usbprint - ok
11:20:54.0578 3596 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:20:54.0687 3596 usbscan - ok
11:20:54.0828 3596 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:20:54.0953 3596 USBSTOR - ok
11:20:55.0078 3596 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:20:55.0171 3596 VgaSave - ok
11:20:55.0265 3596 ViaIde - ok
11:20:55.0375 3596 Video3D (8643da4a6c83da6c10fcab1e5ab6632d) C:\WINDOWS\system32\Drivers\Video3D32.sys
11:20:55.0390 3596 Video3D ( UnsignedFile.Multi.Generic ) - warning
11:20:55.0390 3596 Video3D - detected UnsignedFile.Multi.Generic (1)
11:20:55.0500 3596 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:20:55.0609 3596 VolSnap - ok
11:20:55.0812 3596 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
11:20:55.0875 3596 VSS - ok
11:20:56.0046 3596 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
11:20:56.0171 3596 W32Time - ok
11:20:56.0281 3596 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:20:56.0390 3596 Wanarp - ok
11:20:56.0453 3596 WDICA - ok
11:20:56.0578 3596 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:20:56.0718 3596 wdmaud - ok
11:20:56.0875 3596 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
11:20:56.0984 3596 WebClient - ok
11:20:57.0125 3596 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:20:57.0234 3596 winmgmt - ok
11:20:57.0343 3596 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
11:20:57.0390 3596 WLSetupSvc - ok
11:20:57.0562 3596 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
11:20:57.0609 3596 WmdmPmSN - ok
11:20:57.0812 3596 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:20:57.0921 3596 WmiApSrv - ok
11:20:58.0109 3596 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
11:20:58.0218 3596 WMPNetworkSvc - ok
11:20:58.0406 3596 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:20:58.0500 3596 WS2IFSL - ok
11:20:58.0656 3596 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
11:20:58.0796 3596 wscsvc - ok
11:20:58.0953 3596 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:20:59.0046 3596 WSTCODEC - ok
11:20:59.0203 3596 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
11:20:59.0312 3596 wuauserv - ok
11:20:59.0421 3596 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:20:59.0453 3596 WudfPf - ok
11:20:59.0609 3596 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:20:59.0625 3596 WudfRd - ok
11:20:59.0765 3596 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
11:20:59.0796 3596 WudfSvc - ok
11:20:59.0968 3596 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
11:21:00.0078 3596 WZCSVC - ok
11:21:00.0203 3596 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
11:21:00.0312 3596 xmlprov - ok
11:21:00.0328 3596 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:21:00.0515 3596 \Device\Harddisk0\DR0 - ok
11:21:00.0546 3596 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
11:21:00.0734 3596 \Device\Harddisk1\DR1 ( TDSS File System ) - warning
11:21:00.0734 3596 \Device\Harddisk1\DR1 - detected TDSS File System (1)
11:21:00.0750 3596 Boot (0x1200) (e5085950e0e361502a4c028ba3602972) \Device\Harddisk0\DR0\Partition0
11:21:00.0750 3596 \Device\Harddisk0\DR0\Partition0 - ok
11:21:00.0750 3596 Boot (0x1200) (d82ba361deb4f2b92a4504fceb56ac4d) \Device\Harddisk1\DR1\Partition0
11:21:00.0750 3596 \Device\Harddisk1\DR1\Partition0 - ok
11:21:00.0750 3596 ============================================================
11:21:00.0750 3596 Scan finished
11:21:00.0750 3596 ============================================================
11:21:00.0859 3216 Detected object count: 8
11:21:00.0859 3216 Actual detected object count: 8
11:21:21.0093 3216 asusgsb ( UnsignedFile.Multi.Generic ) - skipped by user
11:21:21.0093 3216 asusgsb ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:21:21.0093 3216 asuskbnt ( UnsignedFile.Multi.Generic ) - skipped by user
11:21:21.0093 3216 asuskbnt ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:21:21.0093 3216 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
11:21:21.0093 3216 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:21:21.0093 3216 ATKKeyboardService ( UnsignedFile.Multi.Generic ) - skipped by user
11:21:21.0093 3216 ATKKeyboardService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:21:21.0093 3216 EIO ( UnsignedFile.Multi.Generic ) - skipped by user
11:21:21.0093 3216 EIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:21:21.0093 3216 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
11:21:21.0093 3216 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:21:21.0093 3216 Video3D ( UnsignedFile.Multi.Generic ) - skipped by user
11:21:21.0093 3216 Video3D ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:21:21.0093 3216 \Device\Harddisk1\DR1 ( TDSS File System ) - skipped by user
11:21:21.0093 3216 \Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Skip
11:21:29.0718 3532 ============================================================
11:21:29.0718 3532 Scan started
11:21:29.0718 3532 Mode: Manual;
11:21:29.0718 3532 ============================================================
11:21:29.0984 3532 Abiosdsk - ok
11:21:30.0046 3532 abp480n5 - ok
11:21:30.0171 3532 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:21:30.0187 3532 ACPI - ok
11:21:30.0281 3532 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:21:30.0281 3532 ACPIEC - ok
11:21:30.0359 3532 adpu160m - ok
11:21:30.0468 3532 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:21:30.0468 3532 aec - ok
11:21:30.0593 3532 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:21:30.0593 3532 AFD - ok
11:21:30.0671 3532 Aha154x - ok
11:21:30.0781 3532 aic78u2 - ok
11:21:30.0843 3532 aic78xx - ok
11:21:30.0953 3532 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
11:21:30.0953 3532 Alerter - ok
11:21:31.0031 3532 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
11:21:31.0031 3532 ALG - ok
11:21:31.0093 3532 AliIde - ok
11:21:31.0203 3532 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
11:21:31.0203 3532 AmdK8 - ok
11:21:31.0281 3532 amsint - ok
11:21:31.0390 3532 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:21:31.0390 3532 Apple Mobile Device - ok
11:21:31.0515 3532 AppMgmt - ok
11:21:31.0656 3532 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:21:31.0656 3532 Arp1394 - ok
11:21:31.0765 3532 asc - ok
11:21:31.0828 3532 asc3350p - ok
11:21:31.0890 3532 asc3550 - ok
11:21:32.0000 3532 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:21:32.0000 3532 aspnet_state - ok
11:21:32.0125 3532 asusgsb (d320732bcf5ff856120bd06855c66867) C:\WINDOWS\system32\drivers\asusgsb.sys
11:21:32.0125 3532 asusgsb - ok
11:21:32.0218 3532 asuskbnt (b3b881eb81013aac11594a5400ada47a) C:\WINDOWS\system32\drivers\atkkbnt.sys
11:21:32.0218 3532 asuskbnt - ok
11:21:32.0328 3532 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:21:32.0328 3532 AsyncMac - ok
11:21:32.0453 3532 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:21:32.0453 3532 atapi - ok
11:21:32.0531 3532 Atdisk - ok
11:21:32.0671 3532 Ati HotKey Poller (af61e4353c2257b32baa22d97b822c04) C:\WINDOWS\system32\Ati2evxx.exe
11:21:32.0687 3532 Ati HotKey Poller - ok
11:21:32.0843 3532 ATI Smart (106c8d405a14387a7b21ed3a73a9511a) C:\WINDOWS\system32\ati2sgag.exe
11:21:32.0859 3532 ATI Smart - ok
11:21:33.0343 3532 ati2mtag (9cd9658b9575a07aad676639fe3b51d6) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:21:33.0375 3532 ati2mtag - ok
11:21:33.0453 3532 AtiHdmiService (fac04a8e09c8d70594382656d99772a3) C:\WINDOWS\system32\drivers\AtiHdmi.sys
11:21:33.0453 3532 AtiHdmiService - ok
11:21:33.0531 3532 ATKKeyboardService (b453700b9eb83fef29811b28dae27d29) C:\WINDOWS\ATKKBService.exe
11:21:33.0531 3532 ATKKeyboardService - ok
11:21:33.0671 3532 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:21:33.0671 3532 Atmarpc - ok
11:21:33.0812 3532 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
11:21:33.0812 3532 AudioSrv - ok
11:21:33.0921 3532 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:21:33.0921 3532 audstub - ok
11:21:34.0046 3532 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:21:34.0046 3532 Beep - ok
11:21:34.0187 3532 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
11:21:34.0187 3532 BITS - ok
11:21:34.0343 3532 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
11:21:34.0359 3532 Bonjour Service - ok
11:21:34.0546 3532 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
11:21:34.0546 3532 Browser - ok
11:21:34.0546 3532 catchme - ok
11:21:34.0640 3532 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:21:34.0640 3532 cbidf2k - ok
11:21:34.0765 3532 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:21:34.0765 3532 CCDECODE - ok
11:21:34.0828 3532 cd20xrnt - ok
11:21:34.0921 3532 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:21:34.0921 3532 Cdaudio - ok
11:21:35.0000 3532 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:21:35.0000 3532 Cdfs - ok
11:21:35.0125 3532 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:21:35.0125 3532 Cdrom - ok
11:21:35.0187 3532 Changer - ok
11:21:35.0281 3532 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
11:21:35.0281 3532 CiSvc - ok
11:21:35.0343 3532 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
11:21:35.0343 3532 ClipSrv - ok
11:21:35.0468 3532 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:21:35.0468 3532 clr_optimization_v2.0.50727_32 - ok
11:21:35.0562 3532 CmdIde - ok
11:21:35.0640 3532 COMSysApp - ok
11:21:35.0750 3532 Cpqarray - ok
11:21:35.0843 3532 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
11:21:35.0843 3532 CryptSvc - ok
11:21:35.0921 3532 dac2w2k - ok
11:21:35.0984 3532 dac960nt - ok
11:21:36.0109 3532 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
11:21:36.0125 3532 DcomLaunch - ok
11:21:36.0250 3532 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
11:21:36.0265 3532 Dhcp - ok
11:21:36.0375 3532 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:21:36.0375 3532 Disk - ok
11:21:36.0484 3532 dmadmin - ok
11:21:36.0671 3532 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:21:36.0671 3532 dmboot - ok
11:21:36.0812 3532 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:21:36.0812 3532 dmio - ok
11:21:36.0890 3532 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:21:36.0890 3532 dmload - ok
11:21:36.0968 3532 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
11:21:36.0968 3532 dmserver - ok
11:21:37.0078 3532 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:21:37.0078 3532 DMusic - ok
11:21:37.0187 3532 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
11:21:37.0187 3532 Dnscache - ok
11:21:37.0296 3532 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
11:21:37.0296 3532 Dot3svc - ok
11:21:37.0359 3532 dpti2o - ok
11:21:37.0468 3532 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:21:37.0468 3532 drmkaud - ok
11:21:37.0531 3532 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
11:21:37.0546 3532 EapHost - ok
11:21:37.0640 3532 EIO (0daf3544804650526751c478aeccce63) C:\WINDOWS\system32\drivers\EIO.sys
11:21:37.0656 3532 EIO - ok
11:21:37.0781 3532 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
11:21:37.0781 3532 ERSvc - ok
11:21:37.0890 3532 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:21:37.0890 3532 Eventlog - ok
11:21:38.0015 3532 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
11:21:38.0015 3532 EventSystem - ok
11:21:38.0125 3532 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:21:38.0125 3532 Fastfat - ok
11:21:38.0234 3532 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:21:38.0234 3532 FastUserSwitchingCompatibility - ok
11:21:38.0375 3532 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:21:38.0375 3532 Fdc - ok
11:21:38.0468 3532 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:21:38.0468 3532 Fips - ok
11:21:38.0578 3532 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:21:38.0578 3532 Flpydisk - ok
11:21:38.0734 3532 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:21:38.0734 3532 FltMgr - ok
11:21:38.0843 3532 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:21:38.0843 3532 FontCache3.0.0.0 - ok
11:21:38.0953 3532 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:21:38.0953 3532 Fs_Rec - ok
11:21:39.0078 3532 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:21:39.0078 3532 Ftdisk - ok
11:21:39.0140 3532 gdrv (54789f9ba0d59072cdd4e7c200e122c4) C:\WINDOWS\gdrv.sys
11:21:39.0140 3532 gdrv - ok
11:21:39.0296 3532 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
11:21:39.0296 3532 GEARAspiWDM - ok
11:21:39.0390 3532 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:21:39.0390 3532 Gpc - ok
11:21:39.0531 3532 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
11:21:39.0531 3532 gupdate - ok
11:21:39.0546 3532 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
11:21:39.0546 3532 gupdatem - ok
11:21:39.0765 3532 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:21:39.0765 3532 HDAudBus - ok
11:21:39.0828 3532 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:21:39.0828 3532 helpsvc - ok
11:21:39.0937 3532 HidServ - ok
11:21:40.0046 3532 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:21:40.0046 3532 HidUsb - ok
11:21:40.0140 3532 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
11:21:40.0140 3532 hkmsvc - ok
11:21:40.0234 3532 hpn - ok
11:21:40.0375 3532 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:21:40.0375 3532 HTTP - ok
11:21:40.0500 3532 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
11:21:40.0500 3532 HTTPFilter - ok
11:21:40.0578 3532 i2omgmt - ok
11:21:40.0640 3532 i2omp - ok
11:21:40.0781 3532 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:21:40.0781 3532 i8042prt - ok
11:21:40.0875 3532 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:21:40.0875 3532 IDriverT - ok
11:21:41.0140 3532 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:21:41.0140 3532 idsvc - ok
11:21:41.0312 3532 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:21:41.0328 3532 Imapi - ok
11:21:41.0437 3532 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
11:21:41.0437 3532 ImapiService - ok
11:21:41.0500 3532 ini910u - ok
11:21:42.0046 3532 IntcAzAudAddService (8c65fcf7ab3389e7c224ea2ec4456f2d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:21:42.0062 3532 IntcAzAudAddService - ok
11:21:42.0140 3532 IntelIde - ok
11:21:42.0234 3532 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:21:42.0234 3532 Ip6Fw - ok
11:21:42.0328 3532 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:21:42.0328 3532 IpFilterDriver - ok
11:21:42.0437 3532 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:21:42.0437 3532 IpInIp - ok
11:21:42.0531 3532 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:21:42.0531 3532 IpNat - ok
11:21:42.0671 3532 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
11:21:42.0671 3532 iPod Service - ok
11:21:42.0906 3532 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:21:42.0906 3532 IPSec - ok
11:21:43.0015 3532 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:21:43.0015 3532 IRENUM - ok
11:21:43.0140 3532 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:21:43.0140 3532 isapnp - ok
11:21:43.0265 3532 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
11:21:43.0265 3532 JavaQuickStarterService - ok
11:21:43.0421 3532 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:21:43.0421 3532 Kbdclass - ok
11:21:43.0546 3532 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:21:43.0546 3532 kmixer - ok
11:21:43.0656 3532 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:21:43.0656 3532 KSecDD - ok
11:21:43.0812 3532 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
11:21:43.0828 3532 lanmanserver - ok
11:21:43.0937 3532 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
11:21:43.0937 3532 lanmanworkstation - ok
11:21:44.0015 3532 lbrtfdc - ok
11:21:44.0109 3532 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
11:21:44.0109 3532 LmHosts - ok
11:21:44.0218 3532 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
11:21:44.0218 3532 MBAMProtector - ok
11:21:44.0343 3532 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:21:44.0359 3532 MBAMService - ok
11:21:44.0531 3532 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
11:21:44.0546 3532 Messenger - ok
11:21:44.0656 3532 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:21:44.0656 3532 mnmdd - ok
11:21:44.0812 3532 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
11:21:44.0812 3532 mnmsrvc - ok
11:21:44.0906 3532 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:21:44.0906 3532 Modem - ok
11:21:45.0015 3532 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:21:45.0015 3532 Mouclass - ok
11:21:45.0109 3532 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:21:45.0109 3532 mouhid - ok
11:21:45.0218 3532 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:21:45.0218 3532 MountMgr - ok
11:21:45.0296 3532 mraid35x - ok
11:21:45.0375 3532 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:21:45.0375 3532 MRxDAV - ok
11:21:45.0515 3532 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:21:45.0531 3532 MRxSmb - ok
11:21:45.0625 3532 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
11:21:45.0625 3532 MSDTC - ok
11:21:45.0718 3532 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:21:45.0718 3532 Msfs - ok
11:21:45.0828 3532 MSIServer - ok
11:21:45.0921 3532 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:21:45.0921 3532 MSKSSRV - ok
11:21:45.0984 3532 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:21:45.0984 3532 MSPCLOCK - ok
11:21:46.0062 3532 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:21:46.0062 3532 MSPQM - ok
11:21:46.0156 3532 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:21:46.0156 3532 mssmbios - ok
11:21:46.0250 3532 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:21:46.0250 3532 MSTEE - ok
11:21:46.0359 3532 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:21:46.0359 3532 Mup - ok
11:21:46.0468 3532 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:21:46.0484 3532 NABTSFEC - ok
11:21:46.0625 3532 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
11:21:46.0625 3532 napagent - ok
11:21:46.0718 3532 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:21:46.0718 3532 NDIS - ok
11:21:46.0828 3532 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:21:46.0828 3532 NdisIP - ok
11:21:46.0921 3532 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:21:46.0921 3532 NdisTapi - ok
11:21:47.0000 3532 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:21:47.0000 3532 Ndisuio - ok
11:21:47.0078 3532 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:21:47.0078 3532 NdisWan - ok
11:21:47.0203 3532 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:21:47.0203 3532 NDProxy - ok
11:21:47.0312 3532 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:21:47.0312 3532 NetBIOS - ok
11:21:47.0406 3532 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:21:47.0406 3532 NetBT - ok
11:21:47.0500 3532 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:21:47.0515 3532 NetDDE - ok
11:21:47.0515 3532 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:21:47.0515 3532 NetDDEdsdm - ok
11:21:47.0593 3532 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:21:47.0593 3532 Netlogon - ok
11:21:47.0703 3532 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
11:21:47.0718 3532 Netman - ok
11:21:47.0890 3532 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:21:47.0890 3532 NetTcpPortSharing - ok
11:21:48.0062 3532 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:21:48.0062 3532 NIC1394 - ok
11:21:48.0187 3532 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
11:21:48.0187 3532 Nla - ok
11:21:48.0296 3532 nosGetPlusHelper (f44addbf29905cb19f52fc9fe6a0efa1) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
11:21:48.0296 3532 nosGetPlusHelper - ok
11:21:48.0484 3532 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:21:48.0484 3532 Npfs - ok
11:21:48.0593 3532 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:21:48.0593 3532 Ntfs - ok
11:21:48.0687 3532 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:21:48.0687 3532 NtLmSsp - ok
11:21:48.0843 3532 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
11:21:48.0843 3532 NtmsSvc - ok
11:21:48.0953 3532 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:21:48.0953 3532 Null - ok
11:21:49.0046 3532 NVENETFD (982702a22349c2b31f7dcef62241058f) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
11:21:49.0046 3532 NVENETFD - ok
11:21:49.0125 3532 nvnetbus (bc0f2c4ed9d6da9a2519c55af7d4fc60) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
11:21:49.0125 3532 nvnetbus - ok
11:21:49.0218 3532 NVSvc (e9e110cdf6a063a5f9b841c36fb5cc95) C:\WINDOWS\system32\nvsvc32.exe
11:21:49.0218 3532 NVSvc - ok
11:21:49.0312 3532 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:21:49.0312 3532 NwlnkFlt - ok
11:21:49.0390 3532 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:21:49.0390 3532 NwlnkFwd - ok
11:21:49.0500 3532 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:21:49.0500 3532 ohci1394 - ok
11:21:49.0609 3532 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:21:49.0609 3532 Parport - ok
11:21:49.0671 3532 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:21:49.0671 3532 PartMgr - ok
11:21:49.0812 3532 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:21:49.0812 3532 ParVdm - ok
11:21:49.0921 3532 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:21:49.0921 3532 PCI - ok
11:21:50.0031 3532 PCIDump - ok
11:21:50.0109 3532 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:21:50.0109 3532 PCIIde - ok
11:21:50.0218 3532 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:21:50.0234 3532 Pcmcia - ok
11:21:50.0296 3532 PDCOMP - ok
11:21:50.0359 3532 PDFRAME - ok
11:21:50.0437 3532 PDRELI - ok
11:21:50.0500 3532 PDRFRAME - ok
11:21:50.0562 3532 perc2 - ok
11:21:50.0640 3532 perc2hib - ok
11:21:50.0765 3532 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:21:50.0781 3532 PlugPlay - ok
11:21:50.0875 3532 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:21:50.0875 3532 PolicyAgent - ok
11:21:50.0968 3532 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:21:50.0968 3532 PptpMiniport - ok
11:21:51.0093 3532 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
11:21:51.0093 3532 Processor - ok
11:21:51.0187 3532 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:21:51.0187 3532 ProtectedStorage - ok
11:21:51.0296 3532 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:21:51.0296 3532 PSched - ok
11:21:51.0375 3532 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:21:51.0375 3532 Ptilink - ok
11:21:51.0437 3532 ql1080 - ok
11:21:51.0515 3532 Ql10wnt - ok
11:21:51.0578 3532 ql12160 - ok
11:21:51.0656 3532 ql1240 - ok
11:21:51.0718 3532 ql1280 - ok
11:21:51.0859 3532 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:21:51.0859 3532 RasAcd - ok
11:21:51.0968 3532 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
11:21:51.0968 3532 RasAuto - ok
11:21:52.0062 3532 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:21:52.0062 3532 Rasl2tp - ok
11:21:52.0171 3532 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
11:21:52.0187 3532 RasMan - ok
11:21:52.0312 3532 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:21:52.0328 3532 RasPppoe - ok
11:21:52.0390 3532 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:21:52.0390 3532 Raspti - ok
11:21:52.0515 3532 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:21:52.0515 3532 Rdbss - ok
11:21:52.0625 3532 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:21:52.0640 3532 RDPCDD - ok
11:21:52.0781 3532 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
11:21:52.0781 3532 RDPWD - ok
11:21:52.0890 3532 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
11:21:52.0890 3532 RDSessMgr - ok
11:21:53.0000 3532 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:21:53.0000 3532 redbook - ok
11:21:53.0093 3532 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
11:21:53.0093 3532 RemoteAccess - ok
11:21:53.0250 3532 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
11:21:53.0250 3532 Revoflt - ok
11:21:53.0375 3532 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
11:21:53.0375 3532 RpcLocator - ok
11:21:53.0500 3532 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
11:21:53.0515 3532 RpcSs - ok
11:21:53.0625 3532 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
11:21:53.0625 3532 RSVP - ok
11:21:53.0718 3532 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:21:53.0718 3532 SamSs - ok
11:21:53.0843 3532 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
11:21:53.0843 3532 SCardSvr - ok
11:21:53.0953 3532 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
11:21:53.0953 3532 Schedule - ok
11:21:54.0062 3532 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:21:54.0062 3532 Secdrv - ok
11:21:54.0156 3532 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
11:21:54.0156 3532 seclogon - ok
11:21:54.0218 3532 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
11:21:54.0218 3532 SENS - ok
11:21:54.0328 3532 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:21:54.0328 3532 serenum - ok
11:21:54.0421 3532 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:21:54.0421 3532 Serial - ok
11:21:54.0515 3532 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:21:54.0515 3532 Sfloppy - ok
11:21:54.0640 3532 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
11:21:54.0640 3532 SharedAccess - ok
11:21:54.0750 3532 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:21:54.0781 3532 ShellHWDetection - ok
11:21:54.0843 3532 Simbad - ok
11:21:54.0937 3532 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:21:54.0937 3532 SLIP - ok
11:21:55.0015 3532 Sparrow - ok
11:21:55.0093 3532 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:21:55.0093 3532 splitter - ok
11:21:55.0203 3532 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
11:21:55.0203 3532 Spooler - ok
11:21:55.0359 3532 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:21:55.0359 3532 sr - ok
11:21:55.0468 3532 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
11:21:55.0468 3532 srservice - ok
11:21:55.0609 3532 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:21:55.0609 3532 Srv - ok
11:21:55.0703 3532 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
11:21:55.0703 3532 SSDPSRV - ok
11:21:55.0843 3532 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
11:21:55.0843 3532 stisvc - ok
11:21:55.0921 3532 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:21:55.0921 3532 streamip - ok
11:21:56.0015 3532 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:21:56.0015 3532 swenum - ok
11:21:56.0093 3532 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:21:56.0093 3532 swmidi - ok
11:21:56.0156 3532 SwPrv - ok
11:21:56.0218 3532 symc810 - ok
11:21:56.0296 3532 symc8xx - ok
11:21:56.0359 3532 sym_hi - ok
11:21:56.0421 3532 sym_u3 - ok
11:21:56.0531 3532 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:21:56.0531 3532 sysaudio - ok
11:21:56.0609 3532 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
11:21:56.0609 3532 SysmonLog - ok
11:21:56.0703 3532 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
11:21:56.0703 3532 TapiSrv - ok
11:21:56.0859 3532 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:21:56.0859 3532 Tcpip - ok
11:21:56.0953 3532 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:21:56.0953 3532 TDPIPE - ok
11:21:57.0046 3532 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:21:57.0046 3532 TDTCP - ok
11:21:57.0140 3532 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:21:57.0140 3532 TermDD - ok
11:21:57.0265 3532 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
11:21:57.0281 3532 TermService - ok
11:21:57.0375 3532 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:21:57.0375 3532 Themes - ok
11:21:57.0453 3532 TosIde - ok
11:21:57.0546 3532 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
11:21:57.0546 3532 TrkWks - ok
11:21:57.0640 3532 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:21:57.0640 3532 Udfs - ok
11:21:57.0718 3532 ultra - ok
11:21:57.0875 3532 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:21:57.0875 3532 Update - ok
11:21:57.0968 3532 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
11:21:57.0968 3532 upnphost - ok
11:21:58.0046 3532 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
11:21:58.0062 3532 UPS - ok
11:21:58.0156 3532 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
11:21:58.0156 3532 USBAAPL - ok
11:21:58.0265 3532 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:21:58.0265 3532 usbccgp - ok
11:21:58.0375 3532 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:21:58.0375 3532 usbehci - ok
11:21:58.0484 3532 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:21:58.0484 3532 usbhub - ok
11:21:58.0562 3532 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:21:58.0562 3532 usbohci - ok
11:21:58.0656 3532 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:21:58.0656 3532 usbprint - ok
11:21:58.0750 3532 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:21:58.0750 3532 usbscan - ok
11:21:58.0875 3532 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:21:58.0875 3532 USBSTOR - ok
11:21:58.0984 3532 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:21:58.0984 3532 VgaSave - ok
11:21:59.0046 3532 ViaIde - ok
11:21:59.0156 3532 Video3D (8643da4a6c83da6c10fcab1e5ab6632d) C:\WINDOWS\system32\Drivers\Video3D32.sys
11:21:59.0156 3532 Video3D - ok
11:21:59.0265 3532 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:21:59.0265 3532 VolSnap - ok
11:21:59.0390 3532 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
11:21:59.0390 3532 VSS - ok
11:21:59.0484 3532 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
11:21:59.0484 3532 W32Time - ok
11:21:59.0578 3532 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:21:59.0578 3532 Wanarp - ok
11:21:59.0640 3532 WDICA - ok
11:21:59.0718 3532 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:21:59.0734 3532 wdmaud - ok
11:21:59.0859 3532 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
11:21:59.0875 3532 WebClient - ok
11:21:59.0984 3532 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:21:59.0984 3532 winmgmt - ok
11:22:00.0109 3532 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
11:22:00.0109 3532 WLSetupSvc - ok
11:22:00.0281 3532 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
11:22:00.0281 3532 WmdmPmSN - ok
11:22:00.0421 3532 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:22:00.0421 3532 WmiApSrv - ok
11:22:00.0562 3532 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
11:22:00.0562 3532 WMPNetworkSvc - ok
11:22:00.0703 3532 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:22:00.0703 3532 WS2IFSL - ok
11:22:00.0843 3532 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
11:22:00.0843 3532 wscsvc - ok
11:22:00.0984 3532 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:22:00.0984 3532 WSTCODEC - ok
11:22:01.0078 3532 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
11:22:01.0078 3532 wuauserv - ok
11:22:01.0187 3532 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:22:01.0187 3532 WudfPf - ok
11:22:01.0265 3532 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:22:01.0265 3532 WudfRd - ok
11:22:01.0343 3532 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
11:22:01.0343 3532 WudfSvc - ok
11:22:01.0484 3532 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
11:22:01.0484 3532 WZCSVC - ok
11:22:01.0593 3532 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
11:22:01.0593 3532 xmlprov - ok
11:22:01.0625 3532 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:22:01.0796 3532 \Device\Harddisk0\DR0 - ok
11:22:01.0812 3532 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
11:22:01.0984 3532 \Device\Harddisk1\DR1 - ok
11:22:01.0984 3532 Boot (0x1200) (e5085950e0e361502a4c028ba3602972) \Device\Harddisk0\DR0\Partition0
11:22:01.0984 3532 \Device\Harddisk0\DR0\Partition0 - ok
11:22:02.0000 3532 Boot (0x1200) (d82ba361deb4f2b92a4504fceb56ac4d) \Device\Harddisk1\DR1\Partition0
11:22:02.0000 3532 \Device\Harddisk1\DR1\Partition0 - ok
11:22:02.0000 3532 ============================================================
11:22:02.0000 3532 Scan finished
11:22:02.0000 3532 ============================================================
11:22:02.0015 3288 Detected object count: 0
11:22:02.0015 3288 Actual detected object count: 0
11:22:10.0062 1852 Deinitialize success

Edited by j ryan, 21 April 2012 - 08:24 PM.


#14 j ryan

j ryan
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 21 April 2012 - 08:27 PM

so yeah as you can see TDSKiller is no longer detecting any threats for the first time. computer seems to be running fine.

#15 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:01:05 PM

Posted 22 April 2012 - 07:10 AM

Hi,

That's looking better. I'd like to check another couple of things though.

I see from your logs that you have Malwarebytes installed.

Can you run a quick scan with MBAM (ensuring it's virus definitions are up tp date) and copy/paste it's log in your next reply.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users