Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bad Image Errors, and dll errors


  • This topic is locked This topic is locked
31 replies to this topic

#1 thebeej

thebeej

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 10 April 2012 - 08:29 PM

Hello,

I have been receiving a bad image error over and over. I also get the error when I try to download new programs or run existing malware tools. It most commonly says _____.dll is not a valid windows image. I have prepared the recommended logs. Please find them below and attached. Thank you for your help, you guys are the best!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Bret Johnson at 21:19:05 on 2012-04-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.272 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
svchost.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\msiexec.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mWindow Title = Microsoft Internet Explorer presented by Comcast
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
BHO: AutorunsDisabled - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10t_Plugin.exe -update plugin
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: imageservr.com\locator.cdn
Trusted Zone: intuit.com\ttlc
Trusted Zone: sysprotect.com\scanner
Trusted Zone: turbotax.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} - hxxp://simcity.ea.com/play/classic/SimCityX.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3E8BDEF5-9EB7-4F4F-962D-0CF06FA2ED64} : DhcpNameServer = 10.113.82.1
TCP: Interfaces\{7AF72576-62EB-4E46-AC35-C14BFA84FAFE} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8C815A05-5E81-4739-8576-1299707C148C} : DhcpNameServer = 192.168.0.1
Handler: AutorunsDisabled\skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bret johnson\application data\mozilla\firefox\profiles\0deups41.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\bret johnson\application data\mozilla\firefox\profiles\0deups41.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dll
FF - plugin: c:\documents and settings\bret johnson\application data\mozilla\firefox\profiles\0deups41.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\bret johnson\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-13 136176]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-13 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-12-3 27064]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2006-6-29 2383152]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 21:20:31.03 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:44 AM

Posted 11 April 2012 - 05:58 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 thebeej

thebeej
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 11 April 2012 - 07:30 PM

Hi Gringo. You have helped me before and I apprciate the help again. Here is the combofixlog:

ComboFix 12-04-11.03 - Bret Johnson 04/11/2012 20:05:14.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.314 [GMT -4:00]
Running from: c:\documents and settings\Bret Johnson\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Bret Johnson\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 )))))))))))))))))))))))))))))))
.
.
2012-04-11 22:16 . 2012-04-11 22:16 -------- d-----w- c:\windows\LastGood
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 09:22 . 2004-08-11 22:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2007-08-06 17:07 . 2009-03-05 16:04 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-07-18 19:54 . 2009-03-05 16:04 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
2011-11-05 06:53 . 2011-04-23 18:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-11-17 329096]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 06:05 127035 ----a-w- c:\windows\system32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX6400]
2003-06-03 08:00 99840 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S4I2L1.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
2006-12-28 15:40 958464 ----a-w- c:\program files\Wireless Laser Mouse\MOffice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2006-10-13 22:01 277296 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-05-28 01:58 4269296 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-12-05 06:41 8523776 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-12-05 06:41 81920 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-12-05 06:41 1626112 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Openwares LiveUpdate]
2003-12-13 17:17 61440 ----a-w- c:\program files\LIVEUPDATE\LiveUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2005-05-04 00:38 64512 ----a-w- c:\windows\system32\P17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-05 02:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-03-23 05:20 339968 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX6000]
2006-10-13 22:04 994096 ----a-w- c:\windows\vVX6000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 00:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Intel\\PROSetWired\\NCS\\PROSet\\PROSet.exe"=
"c:\\Program Files\\Compact Wireless-G USB Adapter Wireless Network Monitor\\InvokeSvc2.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\BugReport\\BugReport.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Documents and Settings\\Bret Johnson\\Desktop\\Games\\Rollcage\\Rollcage\\Direct3D\\Rollcage.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 5:12 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 2:19 PM 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 7:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 9:42 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 9:42 PM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 9:42 PM 16720]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/13/2010 4:32 PM 136176]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/13/2010 4:32 PM 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [12/3/2011 3:45 PM 27064]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [6/29/2006 7:56 PM 2383152]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - GTNDIS5
*Deregistered* - pxtdqpow
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-01 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-11 10:42]
.
2012-03-19 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-08-02 12:26]
.
2012-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-13 20:30]
.
2012-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-13 20:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mWindow Title = Microsoft Internet Explorer presented by Comcast
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: imageservr.com\locator.cdn
Trusted Zone: intuit.com\ttlc
Trusted Zone: sysprotect.com\scanner
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Bret Johnson\Application Data\Mozilla\Firefox\Profiles\0deups41.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
Notify-avgrsstarter - (no file)
MSConfigStartUp-DVDLauncher - c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-11 20:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-898642373-1164693347-3914985641-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a3,11,d4,28,e9,c9,7b,d5,ec,e6,c5,08,4b,a3,bb,fa,89,fb,a7,82,87,f6,dd,
29,42,75,8d,b2,80,bd,02,2d,80,8f,05,b4,43,bb,8a,a3,1c,43,4a,a5,74,9d,e2,06,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
[HKEY_USERS\S-1-5-21-898642373-1164693347-3914985641-1006\Software\SecuROM\License information*]
"datasecu"=hex:17,82,df,b2,65,0e,77,c8,a2,72,70,3c,bd,c8,a4,83,6d,83,2b,89,d9,
34,77,b6,a8,75,05,bd,94,25,48,d4,c8,38,9f,3f,d3,f9,5c,27,04,6a,1e,18,e5,4a,\
"rkeysecu"=hex:5a,a7,95,fc,1d,ea,66,fc,0c,98,2f,68,b5,13,99,d5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(900)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2940)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\AVG\AVG2012\avgsysx.dll
c:\program files\AVG\AVG2012\avgopensslx.dll
c:\program files\AVG\AVG2012\avgntopensslx.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\windows\system32\dla\tfswshx.dll
c:\windows\system32\tfswapi.dll
c:\windows\system32\dla\tfswcres.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
.
Completion time: 2012-04-11 20:29:46
ComboFix-quarantined-files.txt 2012-04-12 00:29
.
Pre-Run: 39,149,109,248 bytes free
Post-Run: 39,453,495,296 bytes free
.
- - End Of File - - 61F66CEA6B43285BEFE9D4B3B33D988B



I am still noticing the .dll errors

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:44 AM

Posted 11 April 2012 - 08:59 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 thebeej

thebeej
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 12 April 2012 - 08:13 PM

Here is the TDSSKiller Log:

20:12:48.0828 2564 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
20:12:49.0000 2564 ============================================================
20:12:49.0000 2564 Current date / time: 2012/04/12 20:12:49.0000
20:12:49.0000 2564 SystemInfo:
20:12:49.0000 2564
20:12:49.0000 2564 OS Version: 5.1.2600 ServicePack: 3.0
20:12:49.0000 2564 Product type: Workstation
20:12:49.0000 2564 ComputerName: BRET
20:12:49.0015 2564 UserName: Bret Johnson
20:12:49.0015 2564 Windows directory: C:\WINDOWS
20:12:49.0015 2564 System windows directory: C:\WINDOWS
20:12:49.0015 2564 Processor architecture: Intel x86
20:12:49.0015 2564 Number of processors: 2
20:12:49.0015 2564 Page size: 0x1000
20:12:49.0015 2564 Boot type: Normal boot
20:12:49.0015 2564 ============================================================
20:12:50.0578 2564 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:12:50.0593 2564 \Device\Harddisk0\DR0:
20:12:50.0593 2564 MBR used
20:12:50.0593 2564 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x122408C1
20:12:50.0734 2564 Initialize success
20:12:50.0734 2564 ============================================================
20:12:53.0109 2820 ============================================================
20:12:53.0109 2820 Scan started
20:12:53.0109 2820 Mode: Manual;
20:12:53.0109 2820 ============================================================
20:12:54.0000 2820 Abiosdsk - ok
20:12:54.0078 2820 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
20:12:54.0078 2820 abp480n5 - ok
20:12:54.0140 2820 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:12:54.0140 2820 ACPI - ok
20:12:54.0187 2820 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:12:54.0187 2820 ACPIEC - ok
20:12:54.0218 2820 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
20:12:54.0218 2820 adpu160m - ok
20:12:54.0281 2820 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:12:54.0281 2820 aec - ok
20:12:54.0328 2820 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:12:54.0328 2820 AegisP - ok
20:12:54.0390 2820 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:12:54.0390 2820 AFD - ok
20:12:54.0437 2820 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
20:12:54.0437 2820 agp440 - ok
20:12:54.0453 2820 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
20:12:54.0453 2820 agpCPQ - ok
20:12:54.0500 2820 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
20:12:54.0500 2820 Aha154x - ok
20:12:54.0515 2820 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
20:12:54.0515 2820 aic78u2 - ok
20:12:54.0531 2820 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:12:54.0546 2820 aic78xx - ok
20:12:54.0578 2820 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:12:54.0593 2820 Alerter - ok
20:12:54.0640 2820 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:12:54.0640 2820 ALG - ok
20:12:54.0671 2820 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
20:12:54.0671 2820 AliIde - ok
20:12:54.0703 2820 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
20:12:54.0703 2820 alim1541 - ok
20:12:54.0734 2820 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
20:12:54.0734 2820 amdagp - ok
20:12:54.0765 2820 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
20:12:54.0765 2820 amsint - ok
20:12:54.0906 2820 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:12:54.0906 2820 Apple Mobile Device - ok
20:12:54.0984 2820 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
20:12:55.0000 2820 AppMgmt - ok
20:12:55.0015 2820 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
20:12:55.0015 2820 asc - ok
20:12:55.0046 2820 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
20:12:55.0046 2820 asc3350p - ok
20:12:55.0062 2820 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
20:12:55.0062 2820 asc3550 - ok
20:12:55.0296 2820 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:12:55.0296 2820 aspnet_state - ok
20:12:55.0593 2820 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:12:55.0593 2820 AsyncMac - ok
20:12:55.0750 2820 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:12:55.0750 2820 atapi - ok
20:12:55.0765 2820 Atdisk - ok
20:12:55.0843 2820 Ati HotKey Poller (abc57a6f6070baf9786c318f59f29f0b) C:\WINDOWS\system32\Ati2evxx.exe
20:12:55.0843 2820 Ati HotKey Poller - ok
20:12:55.0921 2820 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:12:55.0968 2820 ati2mtag - ok
20:12:56.0015 2820 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:12:56.0015 2820 Atmarpc - ok
20:12:56.0062 2820 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:12:56.0062 2820 AudioSrv - ok
20:12:56.0140 2820 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:12:56.0156 2820 audstub - ok
20:12:56.0281 2820 AVGIDSAgent (eec03b5fa63f192b5c1662a6b84a2fcd) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
20:12:56.0453 2820 Suspicious file (Forged): C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe. Real md5: eec03b5fa63f192b5c1662a6b84a2fcd, Fake md5: 6d440ff3f44ca72edfd6176c6d6a89c0
20:12:56.0468 2820 AVGIDSAgent ( ForgedFile.Multi.Generic ) - warning
20:12:56.0468 2820 AVGIDSAgent - detected ForgedFile.Multi.Generic (1)
20:12:56.0531 2820 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
20:12:56.0531 2820 AVGIDSDriver - ok
20:12:56.0562 2820 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
20:12:56.0562 2820 AVGIDSEH - ok
20:12:56.0578 2820 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
20:12:56.0593 2820 AVGIDSFilter - ok
20:12:56.0609 2820 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
20:12:56.0609 2820 AVGIDSShim - ok
20:12:56.0640 2820 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
20:12:56.0640 2820 Avgldx86 - ok
20:12:56.0656 2820 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
20:12:56.0656 2820 Avgmfx86 - ok
20:12:56.0687 2820 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
20:12:56.0687 2820 Avgrkx86 - ok
20:12:56.0734 2820 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
20:12:56.0750 2820 Avgtdix - ok
20:12:56.0843 2820 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
20:12:56.0843 2820 avgwd - ok
20:12:56.0890 2820 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\BCM42RLY.SYS
20:12:56.0890 2820 BCM42RLY - ok
20:12:56.0953 2820 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:12:56.0953 2820 Beep - ok
20:12:57.0015 2820 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:12:57.0046 2820 BITS - ok
20:12:57.0078 2820 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:12:57.0078 2820 Browser - ok
20:12:57.0125 2820 bvrp_pci (c945dc4eee3f624dfd07788ea7f0db0a) C:\WINDOWS\system32\drivers\bvrp_pci.sys
20:12:57.0125 2820 bvrp_pci - ok
20:12:57.0265 2820 catchme - ok
20:12:57.0296 2820 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
20:12:57.0296 2820 cbidf - ok
20:12:57.0312 2820 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:12:57.0312 2820 cbidf2k - ok
20:12:57.0359 2820 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:12:57.0359 2820 CCDECODE - ok
20:12:57.0390 2820 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
20:12:57.0390 2820 cd20xrnt - ok
20:12:57.0421 2820 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:12:57.0421 2820 Cdaudio - ok
20:12:57.0453 2820 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:12:57.0453 2820 Cdfs - ok
20:12:57.0500 2820 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:12:57.0500 2820 Cdrom - ok
20:12:57.0515 2820 Changer - ok
20:12:57.0562 2820 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:12:57.0562 2820 CiSvc - ok
20:12:57.0609 2820 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:12:57.0609 2820 ClipSrv - ok
20:12:57.0718 2820 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:12:57.0718 2820 clr_optimization_v2.0.50727_32 - ok
20:12:57.0765 2820 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
20:12:57.0765 2820 CmdIde - ok
20:12:57.0781 2820 COMSysApp - ok
20:12:57.0812 2820 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
20:12:57.0812 2820 Cpqarray - ok
20:12:57.0843 2820 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.EXE
20:12:57.0859 2820 Creative Service for CDROM Access - ok
20:12:57.0906 2820 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:12:57.0906 2820 CryptSvc - ok
20:12:58.0000 2820 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
20:12:58.0000 2820 ctsfm2k - ok
20:12:58.0046 2820 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
20:12:58.0046 2820 dac2w2k - ok
20:12:58.0062 2820 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
20:12:58.0062 2820 dac960nt - ok
20:12:58.0125 2820 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:12:58.0140 2820 DcomLaunch - ok
20:12:58.0187 2820 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:12:58.0187 2820 Dhcp - ok
20:12:58.0250 2820 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:12:58.0250 2820 Disk - ok
20:12:58.0265 2820 dmadmin - ok
20:12:58.0328 2820 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:12:58.0359 2820 dmboot - ok
20:12:58.0375 2820 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:12:58.0375 2820 dmio - ok
20:12:58.0390 2820 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:12:58.0390 2820 dmload - ok
20:12:58.0437 2820 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:12:58.0437 2820 dmserver - ok
20:12:58.0453 2820 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:12:58.0453 2820 DMusic - ok
20:12:58.0515 2820 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:12:58.0515 2820 Dnscache - ok
20:12:58.0562 2820 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:12:58.0562 2820 Dot3svc - ok
20:12:58.0593 2820 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20:12:58.0593 2820 dpti2o - ok
20:12:58.0640 2820 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:12:58.0640 2820 drmkaud - ok
20:12:58.0703 2820 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
20:12:58.0703 2820 drvmcdb - ok
20:12:58.0734 2820 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
20:12:58.0734 2820 drvnddm - ok
20:12:58.0843 2820 DSBrokerService (fe80901578e7e3da70299a5aeb2b7fbd) C:\Program Files\DellSupport\brkrsvc.exe
20:12:58.0843 2820 DSBrokerService - ok
20:12:58.0875 2820 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
20:12:58.0875 2820 DSproct - ok
20:12:58.0906 2820 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
20:12:58.0906 2820 dsunidrv - ok
20:12:58.0937 2820 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:12:58.0937 2820 E100B - ok
20:12:59.0000 2820 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:12:59.0000 2820 EapHost - ok
20:12:59.0046 2820 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:12:59.0062 2820 ERSvc - ok
20:12:59.0125 2820 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:12:59.0156 2820 Eventlog - ok
20:12:59.0203 2820 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
20:12:59.0203 2820 EventSystem - ok
20:12:59.0265 2820 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:12:59.0265 2820 Fastfat - ok
20:12:59.0328 2820 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:12:59.0328 2820 FastUserSwitchingCompatibility - ok
20:12:59.0390 2820 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
20:12:59.0390 2820 Fax - ok
20:12:59.0421 2820 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:12:59.0421 2820 Fdc - ok
20:12:59.0453 2820 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:12:59.0453 2820 Fips - ok
20:12:59.0484 2820 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:12:59.0484 2820 Flpydisk - ok
20:12:59.0531 2820 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:12:59.0531 2820 FltMgr - ok
20:12:59.0656 2820 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:12:59.0656 2820 FontCache3.0.0.0 - ok
20:12:59.0687 2820 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:12:59.0687 2820 Fs_Rec - ok
20:12:59.0718 2820 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:12:59.0718 2820 Ftdisk - ok
20:12:59.0750 2820 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:12:59.0750 2820 GEARAspiWDM - ok
20:12:59.0765 2820 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
20:12:59.0765 2820 giveio - ok
20:12:59.0796 2820 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:12:59.0796 2820 Gpc - ok
20:12:59.0890 2820 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
20:12:59.0906 2820 GTNDIS5 - ok
20:13:00.0078 2820 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:13:00.0125 2820 gupdate - ok
20:13:00.0140 2820 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:13:00.0140 2820 gupdatem - ok
20:13:00.0171 2820 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:13:00.0171 2820 HDAudBus - ok
20:13:00.0265 2820 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:13:00.0265 2820 helpsvc - ok
20:13:00.0312 2820 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
20:13:00.0328 2820 HidServ - ok
20:13:00.0375 2820 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:13:00.0375 2820 HidUsb - ok
20:13:00.0421 2820 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:13:00.0421 2820 hkmsvc - ok
20:13:00.0453 2820 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
20:13:00.0453 2820 hpn - ok
20:13:00.0500 2820 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:13:00.0515 2820 HTTP - ok
20:13:00.0562 2820 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:13:00.0562 2820 HTTPFilter - ok
20:13:00.0609 2820 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
20:13:00.0609 2820 i2omgmt - ok
20:13:00.0625 2820 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
20:13:00.0625 2820 i2omp - ok
20:13:00.0640 2820 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:13:00.0656 2820 i8042prt - ok
20:13:00.0734 2820 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:13:00.0750 2820 ialm - ok
20:13:00.0890 2820 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:13:00.0890 2820 IDriverT - ok
20:13:01.0046 2820 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:13:01.0234 2820 idsvc - ok
20:13:01.0375 2820 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:13:01.0375 2820 Imapi - ok
20:13:01.0437 2820 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:13:01.0437 2820 ImapiService - ok
20:13:01.0468 2820 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
20:13:01.0468 2820 ini910u - ok
20:13:01.0515 2820 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
20:13:01.0546 2820 IntelC51 - ok
20:13:01.0593 2820 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
20:13:01.0593 2820 IntelC52 - ok
20:13:01.0625 2820 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
20:13:01.0625 2820 IntelC53 - ok
20:13:01.0671 2820 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:13:01.0671 2820 IntelIde - ok
20:13:01.0718 2820 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:13:01.0718 2820 intelppm - ok
20:13:01.0843 2820 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
20:13:01.0859 2820 IntuitUpdateService - ok
20:13:01.0890 2820 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:13:01.0906 2820 Ip6Fw - ok
20:13:01.0921 2820 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:13:01.0921 2820 IpFilterDriver - ok
20:13:01.0953 2820 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:13:01.0953 2820 IpInIp - ok
20:13:02.0000 2820 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:13:02.0000 2820 IpNat - ok
20:13:02.0062 2820 iPod Service - ok
20:13:02.0125 2820 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:13:02.0125 2820 IPSec - ok
20:13:02.0171 2820 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:13:02.0171 2820 IRENUM - ok
20:13:02.0203 2820 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:13:02.0203 2820 isapnp - ok
20:13:02.0218 2820 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:13:02.0234 2820 Kbdclass - ok
20:13:02.0250 2820 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:13:02.0250 2820 kbdhid - ok
20:13:02.0312 2820 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:13:02.0312 2820 kmixer - ok
20:13:02.0343 2820 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:13:02.0343 2820 KSecDD - ok
20:13:02.0390 2820 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:13:02.0406 2820 lanmanserver - ok
20:13:02.0453 2820 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:13:02.0453 2820 lanmanworkstation - ok
20:13:02.0468 2820 lbrtfdc - ok
20:13:02.0562 2820 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:13:02.0562 2820 LmHosts - ok
20:13:02.0578 2820 lmimirr - ok
20:13:02.0781 2820 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
20:13:02.0781 2820 McComponentHostService - ok
20:13:02.0859 2820 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
20:13:02.0875 2820 MDM - ok
20:13:02.0906 2820 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:13:02.0906 2820 Messenger - ok
20:13:02.0953 2820 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:13:02.0953 2820 mnmdd - ok
20:13:03.0000 2820 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
20:13:03.0000 2820 mnmsrvc - ok
20:13:03.0140 2820 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:13:03.0140 2820 Modem - ok
20:13:03.0171 2820 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:13:03.0171 2820 MODEMCSA - ok
20:13:03.0187 2820 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
20:13:03.0187 2820 mohfilt - ok
20:13:03.0234 2820 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:13:03.0234 2820 Mouclass - ok
20:13:03.0421 2820 moufiltr (6ed1d87904edfbd26dfb31abf1040d92) C:\WINDOWS\system32\DRIVERS\moufiltr.sys
20:13:03.0421 2820 moufiltr - ok
20:13:03.0453 2820 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:13:03.0453 2820 mouhid - ok
20:13:03.0515 2820 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:13:03.0515 2820 MountMgr - ok
20:13:03.0546 2820 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
20:13:03.0546 2820 mraid35x - ok
20:13:03.0578 2820 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:13:03.0593 2820 MRxDAV - ok
20:13:03.0640 2820 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:13:03.0671 2820 MRxSmb - ok
20:13:03.0796 2820 MSCamSvc (af661f9eaf65c024ee85ac531fdad9fa) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
20:13:03.0796 2820 MSCamSvc - ok
20:13:03.0843 2820 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
20:13:03.0843 2820 MSDTC - ok
20:13:03.0906 2820 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:13:03.0906 2820 Msfs - ok
20:13:03.0906 2820 MSIServer - ok
20:13:03.0953 2820 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:13:03.0953 2820 MSKSSRV - ok
20:13:04.0000 2820 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:13:04.0000 2820 MSPCLOCK - ok
20:13:04.0062 2820 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:13:04.0062 2820 MSPQM - ok
20:13:04.0171 2820 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:13:04.0171 2820 mssmbios - ok
20:13:04.0218 2820 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:13:04.0218 2820 MSTEE - ok
20:13:04.0265 2820 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:13:04.0265 2820 Mup - ok
20:13:04.0296 2820 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:13:04.0296 2820 NABTSFEC - ok
20:13:04.0343 2820 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:13:04.0359 2820 napagent - ok
20:13:04.0390 2820 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:13:04.0406 2820 NDIS - ok
20:13:04.0453 2820 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:13:04.0453 2820 NdisIP - ok
20:13:04.0500 2820 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:13:04.0500 2820 NdisTapi - ok
20:13:04.0546 2820 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:13:04.0546 2820 Ndisuio - ok
20:13:04.0578 2820 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:13:04.0578 2820 NdisWan - ok
20:13:04.0609 2820 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:13:04.0609 2820 NDProxy - ok
20:13:04.0656 2820 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:13:04.0656 2820 NetBIOS - ok
20:13:04.0687 2820 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:13:04.0687 2820 NetBT - ok
20:13:04.0734 2820 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:13:04.0734 2820 NetDDE - ok
20:13:04.0750 2820 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:13:04.0750 2820 NetDDEdsdm - ok
20:13:04.0781 2820 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:13:04.0781 2820 Netlogon - ok
20:13:04.0828 2820 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:13:04.0828 2820 Netman - ok
20:13:05.0046 2820 NetSvc (b9b53a8328ed38170bda39638cc4b67a) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
20:13:05.0046 2820 NetSvc - ok
20:13:05.0296 2820 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:13:05.0296 2820 NetTcpPortSharing - ok
20:13:05.0406 2820 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:13:05.0421 2820 Nla - ok
20:13:05.0484 2820 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:13:05.0484 2820 Npfs - ok
20:13:05.0562 2820 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:13:05.0578 2820 Ntfs - ok
20:13:05.0703 2820 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:13:05.0718 2820 NtLmSsp - ok
20:13:05.0781 2820 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:13:05.0781 2820 NtmsSvc - ok
20:13:05.0828 2820 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
20:13:05.0828 2820 NuidFltr - ok
20:13:05.0859 2820 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:13:05.0859 2820 Null - ok
20:13:05.0937 2820 nv (ec901af72da08bacf5954ccc0dbeb267) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:13:06.0187 2820 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\nv4_mini.sys. Real md5: ec901af72da08bacf5954ccc0dbeb267, Fake md5: 8c0456001b6900114bbb1c548bd8aaf5
20:13:06.0218 2820 nv ( ForgedFile.Multi.Generic ) - warning
20:13:06.0218 2820 nv - detected ForgedFile.Multi.Generic (1)
20:13:06.0265 2820 NVSvc (472a00d2183c9e5edb3e076272741812) C:\WINDOWS\system32\nvsvc32.exe
20:13:06.0265 2820 NVSvc - ok
20:13:06.0296 2820 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:13:06.0296 2820 NwlnkFlt - ok
20:13:06.0328 2820 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:13:06.0328 2820 NwlnkFwd - ok
20:13:06.0375 2820 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
20:13:06.0375 2820 NwlnkIpx - ok
20:13:06.0406 2820 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
20:13:06.0406 2820 NwlnkNb - ok
20:13:06.0437 2820 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
20:13:06.0437 2820 NwlnkSpx - ok
20:13:06.0484 2820 NwSapAgent (4b83fcbbe72af5f99d109798653e8b78) C:\WINDOWS\System32\ipxsap.dll
20:13:06.0500 2820 NwSapAgent - ok
20:13:06.0578 2820 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:13:06.0578 2820 ose - ok
20:13:06.0625 2820 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
20:13:06.0625 2820 ossrv - ok
20:13:06.0687 2820 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys
20:13:06.0734 2820 P17 - ok
20:13:06.0796 2820 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:13:06.0796 2820 Parport - ok
20:13:06.0843 2820 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:13:06.0843 2820 PartMgr - ok
20:13:06.0890 2820 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:13:06.0890 2820 ParVdm - ok
20:13:06.0906 2820 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:13:06.0921 2820 PCI - ok
20:13:06.0937 2820 PCIDump - ok
20:13:06.0953 2820 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:13:06.0953 2820 PCIIde - ok
20:13:07.0015 2820 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:13:07.0015 2820 Pcmcia - ok
20:13:07.0062 2820 PDCOMP - ok
20:13:07.0078 2820 PDFRAME - ok
20:13:07.0093 2820 PDRELI - ok
20:13:07.0109 2820 PDRFRAME - ok
20:13:07.0156 2820 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
20:13:07.0156 2820 perc2 - ok
20:13:07.0187 2820 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:13:07.0187 2820 perc2hib - ok
20:13:07.0234 2820 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:13:07.0250 2820 PlugPlay - ok
20:13:07.0296 2820 PnkBstrA (a9d6b1e7ef097c7f3b5dc4f56c0e7386) C:\WINDOWS\system32\PnkBstrA.exe
20:13:07.0296 2820 PnkBstrA - ok
20:13:07.0328 2820 PnkBstrB (5999d35f209ede2f618252165f3a3e55) C:\WINDOWS\system32\PnkBstrB.exe
20:13:07.0328 2820 PnkBstrB - ok
20:13:07.0359 2820 PnkBstrK (b1022a36863b5cd65eb6b41d32308df7) C:\WINDOWS\system32\drivers\PnkBstrK.sys
20:13:07.0375 2820 PnkBstrK - ok
20:13:07.0421 2820 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:13:07.0421 2820 PolicyAgent - ok
20:13:07.0468 2820 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:13:07.0468 2820 PptpMiniport - ok
20:13:07.0484 2820 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:13:07.0484 2820 ProtectedStorage - ok
20:13:07.0500 2820 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:13:07.0500 2820 PSched - ok
20:13:07.0531 2820 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:13:07.0531 2820 Ptilink - ok
20:13:07.0593 2820 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:13:07.0593 2820 PxHelp20 - ok
20:13:07.0625 2820 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:13:07.0625 2820 ql1080 - ok
20:13:07.0640 2820 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:13:07.0640 2820 Ql10wnt - ok
20:13:07.0671 2820 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:13:07.0671 2820 ql12160 - ok
20:13:07.0687 2820 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:13:07.0687 2820 ql1240 - ok
20:13:07.0718 2820 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:13:07.0718 2820 ql1280 - ok
20:13:07.0765 2820 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:13:07.0765 2820 RasAcd - ok
20:13:07.0812 2820 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:13:07.0828 2820 RasAuto - ok
20:13:07.0875 2820 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:13:07.0875 2820 Rasl2tp - ok
20:13:07.0921 2820 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:13:07.0937 2820 RasMan - ok
20:13:07.0953 2820 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:13:07.0968 2820 RasPppoe - ok
20:13:08.0000 2820 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:13:08.0000 2820 Raspti - ok
20:13:08.0125 2820 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:13:08.0140 2820 Rdbss - ok
20:13:08.0187 2820 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:13:08.0187 2820 RDPCDD - ok
20:13:08.0234 2820 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:13:08.0250 2820 rdpdr - ok
20:13:08.0312 2820 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
20:13:08.0312 2820 RDPWD - ok
20:13:08.0359 2820 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:13:08.0375 2820 RDSessMgr - ok
20:13:08.0421 2820 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:13:08.0421 2820 redbook - ok
20:13:08.0468 2820 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:13:08.0468 2820 RemoteAccess - ok
20:13:08.0500 2820 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
20:13:08.0515 2820 RemoteRegistry - ok
20:13:08.0562 2820 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
20:13:08.0562 2820 Revoflt - ok
20:13:08.0609 2820 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
20:13:08.0609 2820 RpcLocator - ok
20:13:08.0671 2820 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
20:13:08.0687 2820 RpcSs - ok
20:13:08.0734 2820 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:13:08.0734 2820 RSVP - ok
20:13:08.0781 2820 RT73 (7436bfd3a542cf6ff55097200031b293) C:\WINDOWS\system32\DRIVERS\rt73.sys
20:13:08.0781 2820 RT73 - ok
20:13:08.0812 2820 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:13:08.0812 2820 SamSs - ok
20:13:08.0937 2820 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:13:08.0937 2820 SASDIFSV - ok
20:13:08.0953 2820 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:13:08.0953 2820 SASKUTIL - ok
20:13:09.0000 2820 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:13:09.0000 2820 SCardSvr - ok
20:13:09.0093 2820 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:13:09.0093 2820 Schedule - ok
20:13:09.0187 2820 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:13:09.0187 2820 Secdrv - ok
20:13:09.0250 2820 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:13:09.0250 2820 seclogon - ok
20:13:09.0296 2820 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:13:09.0296 2820 SENS - ok
20:13:09.0359 2820 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:13:09.0359 2820 serenum - ok
20:13:09.0437 2820 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:13:09.0437 2820 Serial - ok
20:13:09.0515 2820 sfdrv01 (adeb7db47a6f3412283259176f408be5) C:\WINDOWS\system32\drivers\sfdrv01.sys
20:13:09.0531 2820 sfdrv01 - ok
20:13:09.0546 2820 sfhlp02 (c1376a954899d98488a19396ea3aae2b) C:\WINDOWS\system32\drivers\sfhlp02.sys
20:13:09.0546 2820 sfhlp02 - ok
20:13:09.0562 2820 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:13:09.0562 2820 Sfloppy - ok
20:13:09.0578 2820 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys
20:13:09.0578 2820 sfvfs02 - ok
20:13:09.0640 2820 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:13:09.0640 2820 SharedAccess - ok
20:13:09.0687 2820 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:13:09.0703 2820 ShellHWDetection - ok
20:13:09.0703 2820 Simbad - ok
20:13:09.0781 2820 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:13:09.0781 2820 sisagp - ok
20:13:09.0828 2820 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:13:09.0828 2820 SLIP - ok
20:13:10.0000 2820 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:13:10.0000 2820 Sparrow - ok
20:13:10.0046 2820 speedfan (3fa2e254bfbce52b3c6f1bf23aab6911) C:\WINDOWS\system32\speedfan.sys
20:13:10.0062 2820 speedfan - ok
20:13:10.0078 2820 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:13:10.0078 2820 splitter - ok
20:13:10.0140 2820 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:13:10.0140 2820 Spooler - ok
20:13:10.0218 2820 sprtsvc_dellsupportcenter - ok
20:13:10.0265 2820 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:13:10.0265 2820 sr - ok
20:13:10.0296 2820 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:13:10.0312 2820 srservice - ok
20:13:10.0343 2820 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:13:10.0343 2820 Srv - ok
20:13:10.0359 2820 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
20:13:10.0359 2820 sscdbhk5 - ok
20:13:10.0406 2820 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:13:10.0406 2820 SSDPSRV - ok
20:13:10.0421 2820 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
20:13:10.0421 2820 ssrtln - ok
20:13:10.0468 2820 STHDA (352b663a81402be7cd7bd4ea27c9998c) C:\WINDOWS\system32\drivers\sthda.sys
20:13:10.0484 2820 STHDA - ok
20:13:10.0515 2820 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:13:10.0531 2820 stisvc - ok
20:13:10.0578 2820 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:13:10.0578 2820 streamip - ok
20:13:10.0593 2820 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:13:10.0593 2820 swenum - ok
20:13:10.0625 2820 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:13:10.0625 2820 swmidi - ok
20:13:10.0640 2820 SwPrv - ok
20:13:10.0703 2820 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
20:13:10.0703 2820 symc810 - ok
20:13:10.0734 2820 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:13:10.0734 2820 symc8xx - ok
20:13:10.0750 2820 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:13:10.0750 2820 sym_hi - ok
20:13:10.0765 2820 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:13:10.0781 2820 sym_u3 - ok
20:13:10.0812 2820 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:13:10.0812 2820 sysaudio - ok
20:13:10.0875 2820 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:13:10.0875 2820 SysmonLog - ok
20:13:10.0921 2820 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:13:10.0937 2820 TapiSrv - ok
20:13:11.0000 2820 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:13:11.0000 2820 Tcpip - ok
20:13:11.0156 2820 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:13:11.0156 2820 TDPIPE - ok
20:13:11.0234 2820 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:13:11.0250 2820 TDTCP - ok
20:13:11.0281 2820 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:13:11.0281 2820 TermDD - ok
20:13:11.0343 2820 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:13:11.0359 2820 TermService - ok
20:13:11.0406 2820 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
20:13:11.0406 2820 tfsnboio - ok
20:13:11.0421 2820 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
20:13:11.0421 2820 tfsncofs - ok
20:13:11.0437 2820 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
20:13:11.0453 2820 tfsndrct - ok
20:13:11.0453 2820 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
20:13:11.0468 2820 tfsndres - ok
20:13:11.0484 2820 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
20:13:11.0484 2820 tfsnifs - ok
20:13:11.0500 2820 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
20:13:11.0500 2820 tfsnopio - ok
20:13:11.0515 2820 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
20:13:11.0515 2820 tfsnpool - ok
20:13:11.0546 2820 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
20:13:11.0546 2820 tfsnudf - ok
20:13:11.0562 2820 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
20:13:11.0562 2820 tfsnudfa - ok
20:13:11.0625 2820 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:13:11.0625 2820 Themes - ok
20:13:11.0671 2820 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
20:13:11.0671 2820 TlntSvr - ok
20:13:11.0750 2820 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
20:13:11.0750 2820 TosIde - ok
20:13:11.0828 2820 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:13:11.0828 2820 TrkWks - ok
20:13:11.0921 2820 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:13:11.0921 2820 Udfs - ok
20:13:11.0968 2820 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
20:13:11.0968 2820 ultra - ok
20:13:12.0031 2820 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:13:12.0046 2820 Update - ok
20:13:12.0078 2820 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:13:12.0093 2820 upnphost - ok
20:13:12.0125 2820 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:13:12.0125 2820 UPS - ok
20:13:12.0203 2820 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:13:12.0203 2820 USBAAPL - ok
20:13:12.0250 2820 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:13:12.0265 2820 usbaudio - ok
20:13:12.0281 2820 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:13:12.0281 2820 usbccgp - ok
20:13:12.0328 2820 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:13:12.0328 2820 usbehci - ok
20:13:12.0343 2820 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:13:12.0343 2820 usbhub - ok
20:13:12.0375 2820 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:13:12.0375 2820 usbprint - ok
20:13:12.0390 2820 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:13:12.0390 2820 usbscan - ok
20:13:12.0437 2820 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:13:12.0437 2820 USBSTOR - ok
20:13:12.0468 2820 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:13:12.0468 2820 usbuhci - ok
20:13:12.0531 2820 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:13:12.0531 2820 VgaSave - ok
20:13:12.0578 2820 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:13:12.0578 2820 viaagp - ok
20:13:12.0609 2820 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:13:12.0609 2820 ViaIde - ok
20:13:12.0656 2820 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:13:12.0656 2820 VolSnap - ok
20:13:12.0703 2820 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:13:12.0703 2820 VSS - ok
20:13:12.0812 2820 VX6000 (61fc38a2e136a2e5944e7ca286abaaae) C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys
20:13:12.0875 2820 VX6000 - ok
20:13:12.0921 2820 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:13:12.0937 2820 w32time - ok
20:13:12.0984 2820 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:13:12.0984 2820 Wanarp - ok
20:13:13.0000 2820 wanatw - ok
20:13:13.0093 2820 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:13:13.0125 2820 Wdf01000 - ok
20:13:13.0140 2820 WDICA - ok
20:13:13.0203 2820 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:13:13.0203 2820 wdmaud - ok
20:13:13.0250 2820 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:13:13.0265 2820 WebClient - ok
20:13:13.0375 2820 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe
20:13:13.0375 2820 WinDefend - ok
20:13:13.0484 2820 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:13:13.0484 2820 winmgmt - ok
20:13:13.0578 2820 WMDM PMSP Service (581176f60885aef8f78c6e38dcc3cdf9) C:\WINDOWS\system32\MsPMSPSv.exe
20:13:13.0578 2820 WMDM PMSP Service - ok
20:13:13.0640 2820 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
20:13:13.0640 2820 WmdmPmSN - ok
20:13:13.0718 2820 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
20:13:13.0718 2820 Wmi - ok
20:13:13.0765 2820 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:13:13.0765 2820 WmiApSrv - ok
20:13:13.0921 2820 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
20:13:13.0968 2820 WMPNetworkSvc - ok
20:13:14.0062 2820 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:13:14.0062 2820 WS2IFSL - ok
20:13:14.0171 2820 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:13:14.0171 2820 wscsvc - ok
20:13:14.0250 2820 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:13:14.0250 2820 WSTCODEC - ok
20:13:14.0312 2820 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:13:14.0328 2820 wuauserv - ok
20:13:14.0421 2820 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:13:14.0421 2820 WudfPf - ok
20:13:14.0453 2820 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:13:14.0453 2820 WudfRd - ok
20:13:14.0484 2820 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
20:13:14.0484 2820 WudfSvc - ok
20:13:14.0609 2820 WUSB54GCSVC (ccfdecd6060ea8eb0f8466782a97ff21) C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
20:13:14.0609 2820 WUSB54GCSVC - ok
20:13:14.0671 2820 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:13:14.0687 2820 WZCSVC - ok
20:13:14.0734 2820 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:13:14.0734 2820 xmlprov - ok
20:13:14.0781 2820 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
20:13:14.0812 2820 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
20:13:14.0812 2820 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
20:13:14.0843 2820 Boot (0x1200) (ff9f1f24c12a5dc6e0920cded650c8cc) \Device\Harddisk0\DR0\Partition0
20:13:14.0843 2820 \Device\Harddisk0\DR0\Partition0 - ok
20:13:14.0843 2820 ============================================================
20:13:14.0843 2820 Scan finished
20:13:14.0843 2820 ============================================================
20:13:14.0843 0240 Detected object count: 3
20:13:14.0843 0240 Actual detected object count: 3
20:13:39.0640 0240 AVGIDSAgent ( ForgedFile.Multi.Generic ) - skipped by user
20:13:39.0640 0240 AVGIDSAgent ( ForgedFile.Multi.Generic ) - User select action: Skip
20:13:39.0640 0240 nv ( ForgedFile.Multi.Generic ) - skipped by user
20:13:39.0640 0240 nv ( ForgedFile.Multi.Generic ) - User select action: Skip
20:13:39.0671 0240 \Device\Harddisk0\DR0\# - copied to quarantine
20:13:39.0671 0240 \Device\Harddisk0\DR0 - copied to quarantine
20:13:39.0703 0240 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
20:13:39.0718 0240 \Device\Harddisk0\DR0 - ok
20:13:39.0718 0240 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
20:13:42.0656 3652 Deinitialize success






Here is the aswMBER log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-12 20:20:59
-----------------------------
20:20:59.218 OS Version: Windows 5.1.2600 Service Pack 3
20:20:59.218 Number of processors: 2 586 0x403
20:20:59.218 ComputerName: BRET UserName:
20:21:02.781 Initialize success
20:29:32.421 AVAST engine defs: 12041201
20:31:47.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
20:31:47.703 Disk 0 Vendor: ST3160023AS 8.12 Size: 152587MB BusType: 3
20:31:47.734 Disk 0 MBR read successfully
20:31:47.734 Disk 0 MBR scan
20:31:47.859 Disk 0 unknown MBR code
20:31:47.859 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
20:31:47.875 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 148609 MB offset 112455
20:31:47.953 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3922 MB offset 304463880
20:31:47.968 Disk 0 scanning sectors +312496380
20:31:47.968 Disk 0 malicious Win32:MBRoot code @ sector 312496383 !
20:31:48.031 Disk 0 scanning C:\WINDOWS\system32\drivers
20:32:03.984 Service scanning
20:32:28.203 Modules scanning
20:32:55.296 Disk 0 trace - called modules:
20:32:55.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
20:32:55.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x877ceab8]
20:32:55.312 3 CLASSPNP.SYS[f7592fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x87785b00]
20:32:55.828 AVAST engine scan C:\WINDOWS
20:33:25.781 AVAST engine scan C:\WINDOWS\system32
20:37:25.734 AVAST engine scan C:\WINDOWS\system32\drivers
20:37:54.359 AVAST engine scan C:\Documents and Settings\Bret Johnson
20:59:05.546 AVAST engine scan C:\Documents and Settings\All Users
21:02:43.562 Scan finished successfully
21:13:08.343 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bret Johnson\Desktop\MBR.dat"
21:13:08.343 The log file has been saved successfully to "C:\Documents and Settings\Bret Johnson\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:44 AM

Posted 12 April 2012 - 08:54 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 thebeej

thebeej
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 14 April 2012 - 10:36 AM

Ok, I will run that script. Before I do I wanted to post the most recent error before I close it as it seems related. It is:

javaw.exe - Entry point not found
The procedure entry point JDK_LoadSystemLibrary could not be located in the dynamic link library java.dll

#8 thebeej

thebeej
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 14 April 2012 - 11:01 AM

ComboFix 12-04-11.03 - Bret Johnson 04/14/2012 11:43:12.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.603 [GMT -4:00]
Running from: c:\documents and settings\Bret Johnson\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bret Johnson\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-14 to 2012-04-14 )))))))))))))))))))))))))))))))
.
.
2012-04-13 00:13 . 2012-04-13 00:13 -------- d-----w- C:\TDSSKiller_Quarantine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 09:22 . 2004-08-11 22:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2007-08-06 17:07 . 2009-03-05 16:04 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-07-18 19:54 . 2009-03-05 16:04 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
2011-11-05 06:53 . 2011-04-23 18:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-11-17 329096]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
[BU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 06:05 127035 ----a-w- c:\windows\system32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX6400]
2003-06-03 08:00 99840 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S4I2L1.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
2006-12-28 15:40 958464 ----a-w- c:\program files\Wireless Laser Mouse\MOffice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2006-10-13 22:01 277296 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-05-28 01:58 4269296 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-12-05 06:41 8523776 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-12-05 06:41 81920 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-12-05 06:41 1626112 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Openwares LiveUpdate]
2003-12-13 17:17 61440 ----a-w- c:\program files\LIVEUPDATE\LiveUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2005-05-04 00:38 64512 ----a-w- c:\windows\system32\P17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-05 02:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-03-23 05:20 339968 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX6000]
2006-10-13 22:04 994096 ----a-w- c:\windows\vVX6000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 00:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Intel\\PROSetWired\\NCS\\PROSet\\PROSet.exe"=
"c:\\Program Files\\Compact Wireless-G USB Adapter Wireless Network Monitor\\InvokeSvc2.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\BugReport\\BugReport.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Documents and Settings\\Bret Johnson\\Desktop\\Games\\Rollcage\\Rollcage\\Direct3D\\Rollcage.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 5:12 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 2:19 PM 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 7:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 9:42 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 9:42 PM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 9:42 PM 16720]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/13/2010 4:32 PM 136176]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/13/2010 4:32 PM 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [12/3/2011 3:45 PM 27064]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [6/29/2006 7:56 PM 2383152]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - GTNDIS5
*NewlyCreated* - WS2IFSL
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-01 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-11 10:42]
.
2012-04-13 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-08-02 12:26]
.
2012-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-13 20:30]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-13 20:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mWindow Title = Microsoft Internet Explorer presented by Comcast
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: imageservr.com\locator.cdn
Trusted Zone: intuit.com\ttlc
Trusted Zone: sysprotect.com\scanner
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Bret Johnson\Application Data\Mozilla\Firefox\Profiles\0deups41.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-14 11:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-898642373-1164693347-3914985641-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a3,11,d4,28,e9,c9,7b,d5,ec,e6,c5,08,4b,a3,bb,fa,89,fb,a7,82,87,f6,dd,
29,42,75,8d,b2,80,bd,02,2d,80,8f,05,b4,43,bb,8a,a3,1c,43,4a,a5,74,9d,e2,06,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
[HKEY_USERS\S-1-5-21-898642373-1164693347-3914985641-1006\Software\SecuROM\License information*]
"datasecu"=hex:17,82,df,b2,65,0e,77,c8,a2,72,70,3c,bd,c8,a4,83,6d,83,2b,89,d9,
34,77,b6,a8,75,05,bd,94,25,48,d4,c8,38,9f,3f,d3,f9,5c,27,04,6a,1e,18,e5,4a,\
"rkeysecu"=hex:5a,a7,95,fc,1d,ea,66,fc,0c,98,2f,68,b5,13,99,d5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(864)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3236)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-04-14 12:01:34
ComboFix-quarantined-files.txt 2012-04-14 16:01
ComboFix2.txt 2012-04-12 00:29
.
Pre-Run: 39,308,324,864 bytes free
Post-Run: 39,400,660,992 bytes free
.
- - End Of File - - 416C1742DAE9C8B86CCDE7C0B918A7C7


Only problem I had was that the temporary disable of AVG expired before the scan finished and it popped up a warning. I dismissed it and the scan continued.

I am still getting the Bad Image errors when trying to install programs.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:44 AM

Posted 14 April 2012 - 03:30 PM

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.4.0
Internet Explorer Default Page
Java™ 6 Update 24
McAfee Security Scan Plus
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 thebeej

thebeej
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 14 April 2012 - 04:17 PM

Couple things while following your instructions:
Adobe Reader 9.4.0 - Uninstalled Successfully
I could not find - Internet Explorer Default Page
Java™ 6 Update 24 - Uninstalled Successfully
-While trying to reinstall Java™ 6 Update 24 I encountered the following Bad Image Error:

Java Setup - Progress: jxpiinstall.exe - Bad Image
c:\\WINDOWS\WinSxS\x86_Microsoft.Windows.Gdiplus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll is not a valid Windows image. Please check this against your installation diskette.

McAfee Security Scan Plus - Uninstalled Successfully

I stopped there and did not continue past the "Install Java" instructions.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:44 AM

Posted 14 April 2012 - 08:31 PM

try and keep going and let me know how it goes


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 thebeej

thebeej
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 15 April 2012 - 10:48 AM

The program Internet Explorer Default Page does not show up in the "Add/ Remove Programs" or in "Revo Uninstaller"

I was able to reinstall Java.

I ran ccleaner and it worked fine.

I then Installed mbam and hijack this. However I cannot run either program. Whenever I click on the executable file link on my desktop I get a bad image error and the program does not start. The only option on these error message is "ok." I restarted my computer and tried again but still got the same errors:

mbam.exe - Bad Image
The application or DLL C:\WINDOWS\system32\MSVBVM60.dll is not a valid Windows image. Please check this against your installation diskette.

HiJackThis.exe-Bad Image
The application or DLL C:\WINDOWS\system32\MSVBVM60.dll is not a valid Windows image. Please check this against your installation diskette.

Is there another way to run these programs?

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:44 AM

Posted 15 April 2012 - 04:19 PM

Hello

I want you to rerun this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 thebeej

thebeej
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 15 April 2012 - 06:30 PM

19:29:59.0484 2128 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
19:29:59.0859 2128 ============================================================
19:29:59.0859 2128 Current date / time: 2012/04/15 19:29:59.0859
19:29:59.0859 2128 SystemInfo:
19:29:59.0859 2128
19:29:59.0859 2128 OS Version: 5.1.2600 ServicePack: 3.0
19:29:59.0859 2128 Product type: Workstation
19:29:59.0859 2128 ComputerName: BRET
19:29:59.0859 2128 UserName: Bret Johnson
19:29:59.0859 2128 Windows directory: C:\WINDOWS
19:29:59.0859 2128 System windows directory: C:\WINDOWS
19:29:59.0859 2128 Processor architecture: Intel x86
19:29:59.0859 2128 Number of processors: 2
19:29:59.0859 2128 Page size: 0x1000
19:29:59.0859 2128 Boot type: Normal boot
19:29:59.0859 2128 ============================================================
19:30:03.0187 2128 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:30:03.0203 2128 \Device\Harddisk0\DR0:
19:30:03.0203 2128 MBR used
19:30:03.0203 2128 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x122408C1
19:30:03.0437 2128 Initialize success
19:30:03.0437 2128 ============================================================
19:30:06.0640 3532 ============================================================
19:30:06.0640 3532 Scan started
19:30:06.0640 3532 Mode: Manual;
19:30:06.0640 3532 ============================================================
19:30:07.0671 3532 Abiosdsk - ok
19:30:07.0750 3532 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
19:30:07.0750 3532 abp480n5 - ok
19:30:07.0828 3532 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:30:07.0843 3532 ACPI - ok
19:30:07.0890 3532 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:30:07.0890 3532 ACPIEC - ok
19:30:07.0906 3532 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:30:07.0906 3532 adpu160m - ok
19:30:07.0953 3532 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:30:07.0968 3532 aec - ok
19:30:08.0015 3532 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
19:30:08.0015 3532 AegisP - ok
19:30:08.0078 3532 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:30:08.0078 3532 AFD - ok
19:30:08.0109 3532 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
19:30:08.0125 3532 agp440 - ok
19:30:08.0140 3532 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
19:30:08.0140 3532 agpCPQ - ok
19:30:08.0187 3532 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
19:30:08.0187 3532 Aha154x - ok
19:30:08.0218 3532 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:30:08.0218 3532 aic78u2 - ok
19:30:08.0234 3532 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:30:08.0234 3532 aic78xx - ok
19:30:08.0265 3532 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
19:30:08.0281 3532 Alerter - ok
19:30:08.0312 3532 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
19:30:08.0312 3532 ALG - ok
19:30:08.0343 3532 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
19:30:08.0343 3532 AliIde - ok
19:30:08.0390 3532 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
19:30:08.0390 3532 alim1541 - ok
19:30:08.0421 3532 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
19:30:08.0421 3532 amdagp - ok
19:30:08.0468 3532 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
19:30:08.0468 3532 amsint - ok
19:30:08.0609 3532 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:30:08.0609 3532 Apple Mobile Device - ok
19:30:08.0687 3532 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
19:30:08.0687 3532 AppMgmt - ok
19:30:08.0718 3532 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
19:30:08.0718 3532 asc - ok
19:30:08.0734 3532 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
19:30:08.0734 3532 asc3350p - ok
19:30:08.0765 3532 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
19:30:08.0765 3532 asc3550 - ok
19:30:08.0890 3532 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:30:08.0921 3532 aspnet_state - ok
19:30:08.0953 3532 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:30:08.0953 3532 AsyncMac - ok
19:30:09.0015 3532 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:30:09.0015 3532 atapi - ok
19:30:09.0031 3532 Atdisk - ok
19:30:09.0109 3532 Ati HotKey Poller (abc57a6f6070baf9786c318f59f29f0b) C:\WINDOWS\system32\Ati2evxx.exe
19:30:09.0109 3532 Ati HotKey Poller - ok
19:30:09.0187 3532 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:30:09.0218 3532 ati2mtag - ok
19:30:09.0250 3532 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:30:09.0250 3532 Atmarpc - ok
19:30:09.0296 3532 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
19:30:09.0296 3532 AudioSrv - ok
19:30:09.0359 3532 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:30:09.0359 3532 audstub - ok
19:30:09.0656 3532 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
19:30:09.0828 3532 AVGIDSAgent - ok
19:30:09.0890 3532 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
19:30:09.0906 3532 AVGIDSDriver - ok
19:30:09.0953 3532 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
19:30:09.0953 3532 AVGIDSEH - ok
19:30:09.0968 3532 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
19:30:09.0968 3532 AVGIDSFilter - ok
19:30:09.0984 3532 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
19:30:10.0000 3532 AVGIDSShim - ok
19:30:10.0015 3532 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
19:30:10.0015 3532 Avgldx86 - ok
19:30:10.0031 3532 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
19:30:10.0031 3532 Avgmfx86 - ok
19:30:10.0062 3532 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
19:30:10.0062 3532 Avgrkx86 - ok
19:30:10.0109 3532 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
19:30:10.0125 3532 Avgtdix - ok
19:30:10.0218 3532 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
19:30:10.0218 3532 avgwd - ok
19:30:10.0265 3532 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\BCM42RLY.SYS
19:30:10.0265 3532 BCM42RLY - ok
19:30:10.0312 3532 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:30:10.0312 3532 Beep - ok
19:30:10.0375 3532 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
19:30:10.0453 3532 BITS - ok
19:30:10.0500 3532 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
19:30:10.0500 3532 Browser - ok
19:30:10.0546 3532 bvrp_pci (c945dc4eee3f624dfd07788ea7f0db0a) C:\WINDOWS\system32\drivers\bvrp_pci.sys
19:30:10.0546 3532 bvrp_pci - ok
19:30:10.0687 3532 catchme - ok
19:30:10.0718 3532 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
19:30:10.0718 3532 cbidf - ok
19:30:10.0734 3532 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:30:10.0734 3532 cbidf2k - ok
19:30:10.0781 3532 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:30:10.0781 3532 CCDECODE - ok
19:30:10.0828 3532 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
19:30:10.0828 3532 cd20xrnt - ok
19:30:10.0859 3532 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:30:10.0859 3532 Cdaudio - ok
19:30:10.0875 3532 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:30:10.0890 3532 Cdfs - ok
19:30:10.0937 3532 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:30:10.0937 3532 Cdrom - ok
19:30:10.0953 3532 Changer - ok
19:30:11.0000 3532 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
19:30:11.0000 3532 CiSvc - ok
19:30:11.0046 3532 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
19:30:11.0046 3532 ClipSrv - ok
19:30:11.0156 3532 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:30:11.0203 3532 clr_optimization_v2.0.50727_32 - ok
19:30:11.0250 3532 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
19:30:11.0265 3532 CmdIde - ok
19:30:11.0265 3532 COMSysApp - ok
19:30:11.0296 3532 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
19:30:11.0296 3532 Cpqarray - ok
19:30:11.0343 3532 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.EXE
19:30:11.0343 3532 Creative Service for CDROM Access - ok
19:30:11.0390 3532 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
19:30:11.0390 3532 CryptSvc - ok
19:30:11.0453 3532 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
19:30:11.0453 3532 ctsfm2k - ok
19:30:11.0484 3532 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
19:30:11.0500 3532 dac2w2k - ok
19:30:11.0515 3532 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
19:30:11.0515 3532 dac960nt - ok
19:30:11.0578 3532 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:30:11.0593 3532 DcomLaunch - ok
19:30:11.0640 3532 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
19:30:11.0640 3532 Dhcp - ok
19:30:11.0687 3532 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:30:11.0687 3532 Disk - ok
19:30:11.0703 3532 dmadmin - ok
19:30:11.0781 3532 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:30:11.0812 3532 dmboot - ok
19:30:11.0828 3532 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:30:11.0828 3532 dmio - ok
19:30:11.0843 3532 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:30:11.0843 3532 dmload - ok
19:30:11.0890 3532 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
19:30:11.0890 3532 dmserver - ok
19:30:11.0906 3532 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:30:11.0906 3532 DMusic - ok
19:30:11.0984 3532 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
19:30:11.0984 3532 Dnscache - ok
19:30:12.0015 3532 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
19:30:12.0031 3532 Dot3svc - ok
19:30:12.0062 3532 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
19:30:12.0078 3532 dpti2o - ok
19:30:12.0093 3532 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:30:12.0093 3532 drmkaud - ok
19:30:12.0156 3532 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
19:30:12.0156 3532 drvmcdb - ok
19:30:12.0187 3532 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
19:30:12.0187 3532 drvnddm - ok
19:30:12.0296 3532 DSBrokerService (fe80901578e7e3da70299a5aeb2b7fbd) C:\Program Files\DellSupport\brkrsvc.exe
19:30:12.0296 3532 DSBrokerService - ok
19:30:12.0328 3532 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
19:30:12.0328 3532 DSproct - ok
19:30:12.0359 3532 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
19:30:12.0359 3532 dsunidrv - ok
19:30:12.0390 3532 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:30:12.0406 3532 E100B - ok
19:30:12.0437 3532 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
19:30:12.0437 3532 EapHost - ok
19:30:12.0484 3532 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
19:30:12.0484 3532 ERSvc - ok
19:30:12.0546 3532 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:30:12.0562 3532 Eventlog - ok
19:30:12.0625 3532 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
19:30:12.0625 3532 EventSystem - ok
19:30:12.0671 3532 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:30:12.0687 3532 Fastfat - ok
19:30:12.0734 3532 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:30:12.0734 3532 FastUserSwitchingCompatibility - ok
19:30:12.0796 3532 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
19:30:12.0812 3532 Fax - ok
19:30:12.0828 3532 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:30:12.0828 3532 Fdc - ok
19:30:12.0843 3532 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:30:12.0859 3532 Fips - ok
19:30:12.0890 3532 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:30:12.0890 3532 Flpydisk - ok
19:30:12.0937 3532 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:30:12.0937 3532 FltMgr - ok
19:30:13.0062 3532 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:30:13.0078 3532 FontCache3.0.0.0 - ok
19:30:13.0109 3532 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:30:13.0109 3532 Fs_Rec - ok
19:30:13.0125 3532 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:30:13.0140 3532 Ftdisk - ok
19:30:13.0171 3532 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
19:30:13.0171 3532 GEARAspiWDM - ok
19:30:13.0187 3532 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
19:30:13.0187 3532 giveio - ok
19:30:13.0218 3532 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:30:13.0218 3532 Gpc - ok
19:30:13.0265 3532 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
19:30:13.0265 3532 GTNDIS5 - ok
19:30:13.0437 3532 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:30:13.0437 3532 gupdate - ok
19:30:13.0453 3532 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:30:13.0453 3532 gupdatem - ok
19:30:13.0484 3532 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:30:13.0500 3532 HDAudBus - ok
19:30:13.0578 3532 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:30:13.0578 3532 helpsvc - ok
19:30:13.0625 3532 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
19:30:13.0640 3532 HidServ - ok
19:30:13.0687 3532 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:30:13.0687 3532 HidUsb - ok
19:30:13.0734 3532 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
19:30:13.0734 3532 hkmsvc - ok
19:30:13.0765 3532 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
19:30:13.0765 3532 hpn - ok
19:30:13.0828 3532 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:30:13.0828 3532 HTTP - ok
19:30:13.0875 3532 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
19:30:13.0890 3532 HTTPFilter - ok
19:30:13.0906 3532 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
19:30:13.0906 3532 i2omgmt - ok
19:30:13.0921 3532 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
19:30:13.0921 3532 i2omp - ok
19:30:13.0937 3532 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:30:13.0953 3532 i8042prt - ok
19:30:14.0031 3532 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:30:14.0062 3532 ialm - ok
19:30:14.0203 3532 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:30:14.0203 3532 IDriverT - ok
19:30:14.0312 3532 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:30:14.0328 3532 idsvc - ok
19:30:14.0421 3532 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:30:14.0421 3532 Imapi - ok
19:30:14.0468 3532 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
19:30:14.0484 3532 ImapiService - ok
19:30:14.0531 3532 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
19:30:14.0531 3532 ini910u - ok
19:30:14.0578 3532 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
19:30:14.0609 3532 IntelC51 - ok
19:30:14.0656 3532 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
19:30:14.0671 3532 IntelC52 - ok
19:30:14.0687 3532 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
19:30:14.0687 3532 IntelC53 - ok
19:30:14.0734 3532 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:30:14.0734 3532 IntelIde - ok
19:30:14.0796 3532 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:30:14.0796 3532 intelppm - ok
19:30:14.0921 3532 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
19:30:14.0921 3532 IntuitUpdateService - ok
19:30:14.0968 3532 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:30:14.0968 3532 Ip6Fw - ok
19:30:15.0046 3532 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:30:15.0046 3532 IpFilterDriver - ok
19:30:15.0078 3532 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:30:15.0078 3532 IpInIp - ok
19:30:15.0125 3532 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:30:15.0125 3532 IpNat - ok
19:30:15.0171 3532 iPod Service - ok
19:30:15.0234 3532 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:30:15.0234 3532 IPSec - ok
19:30:15.0281 3532 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:30:15.0281 3532 IRENUM - ok
19:30:15.0312 3532 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:30:15.0312 3532 isapnp - ok
19:30:15.0437 3532 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
19:30:15.0437 3532 JavaQuickStarterService - ok
19:30:15.0593 3532 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:30:15.0593 3532 Kbdclass - ok
19:30:15.0625 3532 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:30:15.0625 3532 kbdhid - ok
19:30:15.0687 3532 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:30:15.0687 3532 kmixer - ok
19:30:15.0734 3532 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:30:15.0734 3532 KSecDD - ok
19:30:15.0796 3532 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
19:30:15.0812 3532 lanmanserver - ok
19:30:15.0859 3532 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
19:30:15.0859 3532 lanmanworkstation - ok
19:30:15.0875 3532 lbrtfdc - ok
19:30:15.0937 3532 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
19:30:15.0937 3532 LmHosts - ok
19:30:15.0953 3532 lmimirr - ok
19:30:16.0078 3532 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
19:30:16.0078 3532 MDM - ok
19:30:16.0109 3532 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
19:30:16.0109 3532 Messenger - ok
19:30:16.0156 3532 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:30:16.0156 3532 mnmdd - ok
19:30:16.0218 3532 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
19:30:16.0218 3532 mnmsrvc - ok
19:30:16.0265 3532 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:30:16.0265 3532 Modem - ok
19:30:16.0296 3532 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:30:16.0296 3532 MODEMCSA - ok
19:30:16.0328 3532 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
19:30:16.0328 3532 mohfilt - ok
19:30:16.0375 3532 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:30:16.0375 3532 Mouclass - ok
19:30:16.0421 3532 moufiltr (6ed1d87904edfbd26dfb31abf1040d92) C:\WINDOWS\system32\DRIVERS\moufiltr.sys
19:30:16.0437 3532 moufiltr - ok
19:30:16.0468 3532 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:30:16.0468 3532 mouhid - ok
19:30:16.0515 3532 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:30:16.0515 3532 MountMgr - ok
19:30:16.0562 3532 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
19:30:16.0562 3532 mraid35x - ok
19:30:16.0593 3532 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:30:16.0593 3532 MRxDAV - ok
19:30:16.0656 3532 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:30:16.0687 3532 MRxSmb - ok
19:30:16.0812 3532 MSCamSvc (af661f9eaf65c024ee85ac531fdad9fa) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
19:30:16.0812 3532 MSCamSvc - ok
19:30:16.0859 3532 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
19:30:16.0859 3532 MSDTC - ok
19:30:16.0906 3532 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:30:16.0906 3532 Msfs - ok
19:30:16.0921 3532 MSIServer - ok
19:30:16.0968 3532 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:30:16.0968 3532 MSKSSRV - ok
19:30:17.0015 3532 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:30:17.0015 3532 MSPCLOCK - ok
19:30:17.0046 3532 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:30:17.0062 3532 MSPQM - ok
19:30:17.0109 3532 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:30:17.0109 3532 mssmbios - ok
19:30:17.0140 3532 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:30:17.0140 3532 MSTEE - ok
19:30:17.0187 3532 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:30:17.0187 3532 Mup - ok
19:30:17.0234 3532 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:30:17.0234 3532 NABTSFEC - ok
19:30:17.0281 3532 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
19:30:17.0281 3532 napagent - ok
19:30:17.0328 3532 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:30:17.0328 3532 NDIS - ok
19:30:17.0390 3532 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:30:17.0390 3532 NdisIP - ok
19:30:17.0437 3532 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:30:17.0437 3532 NdisTapi - ok
19:30:17.0484 3532 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:30:17.0484 3532 Ndisuio - ok
19:30:17.0546 3532 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:30:17.0546 3532 NdisWan - ok
19:30:17.0562 3532 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:30:17.0562 3532 NDProxy - ok
19:30:17.0609 3532 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:30:17.0625 3532 NetBIOS - ok
19:30:17.0640 3532 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:30:17.0640 3532 NetBT - ok
19:30:17.0703 3532 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:30:17.0703 3532 NetDDE - ok
19:30:17.0703 3532 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:30:17.0718 3532 NetDDEdsdm - ok
19:30:17.0734 3532 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:30:17.0750 3532 Netlogon - ok
19:30:17.0781 3532 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
19:30:17.0796 3532 Netman - ok
19:30:18.0000 3532 NetSvc (b9b53a8328ed38170bda39638cc4b67a) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
19:30:18.0015 3532 NetSvc - ok
19:30:18.0140 3532 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:30:18.0140 3532 NetTcpPortSharing - ok
19:30:18.0234 3532 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
19:30:18.0234 3532 Nla - ok
19:30:18.0296 3532 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:30:18.0296 3532 Npfs - ok
19:30:18.0359 3532 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:30:18.0375 3532 Ntfs - ok
19:30:18.0437 3532 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:30:18.0453 3532 NtLmSsp - ok
19:30:18.0500 3532 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
19:30:18.0500 3532 NtmsSvc - ok
19:30:18.0578 3532 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
19:30:18.0593 3532 NuidFltr - ok
19:30:18.0625 3532 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:30:18.0625 3532 Null - ok
19:30:18.0953 3532 nv (8c0456001b6900114bbb1c548bd8aaf5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:30:19.0218 3532 nv - ok
19:30:19.0250 3532 NVSvc (472a00d2183c9e5edb3e076272741812) C:\WINDOWS\system32\nvsvc32.exe
19:30:19.0265 3532 NVSvc - ok
19:30:19.0296 3532 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:30:19.0296 3532 NwlnkFlt - ok
19:30:19.0328 3532 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:30:19.0328 3532 NwlnkFwd - ok
19:30:19.0375 3532 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
19:30:19.0375 3532 NwlnkIpx - ok
19:30:19.0390 3532 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
19:30:19.0390 3532 NwlnkNb - ok
19:30:19.0421 3532 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
19:30:19.0421 3532 NwlnkSpx - ok
19:30:19.0484 3532 NwSapAgent (4b83fcbbe72af5f99d109798653e8b78) C:\WINDOWS\System32\ipxsap.dll
19:30:19.0484 3532 NwSapAgent - ok
19:30:19.0562 3532 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:30:19.0562 3532 ose - ok
19:30:19.0625 3532 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
19:30:19.0625 3532 ossrv - ok
19:30:19.0671 3532 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys
19:30:19.0718 3532 P17 - ok
19:30:19.0781 3532 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:30:19.0796 3532 Parport - ok
19:30:19.0843 3532 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:30:19.0843 3532 PartMgr - ok
19:30:19.0875 3532 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:30:19.0875 3532 ParVdm - ok
19:30:19.0906 3532 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:30:19.0906 3532 PCI - ok
19:30:19.0937 3532 PCIDump - ok
19:30:19.0953 3532 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:30:19.0953 3532 PCIIde - ok
19:30:20.0015 3532 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:30:20.0015 3532 Pcmcia - ok
19:30:20.0031 3532 PDCOMP - ok
19:30:20.0046 3532 PDFRAME - ok
19:30:20.0062 3532 PDRELI - ok
19:30:20.0078 3532 PDRFRAME - ok
19:30:20.0125 3532 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
19:30:20.0125 3532 perc2 - ok
19:30:20.0171 3532 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
19:30:20.0171 3532 perc2hib - ok
19:30:20.0234 3532 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:30:20.0234 3532 PlugPlay - ok
19:30:20.0281 3532 PnkBstrA (a9d6b1e7ef097c7f3b5dc4f56c0e7386) C:\WINDOWS\system32\PnkBstrA.exe
19:30:20.0296 3532 PnkBstrA - ok
19:30:20.0312 3532 PnkBstrB (5999d35f209ede2f618252165f3a3e55) C:\WINDOWS\system32\PnkBstrB.exe
19:30:20.0312 3532 PnkBstrB - ok
19:30:20.0359 3532 PnkBstrK (b1022a36863b5cd65eb6b41d32308df7) C:\WINDOWS\system32\drivers\PnkBstrK.sys
19:30:20.0359 3532 PnkBstrK - ok
19:30:20.0406 3532 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:30:20.0406 3532 PolicyAgent - ok
19:30:20.0453 3532 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:30:20.0453 3532 PptpMiniport - ok
19:30:20.0468 3532 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:30:20.0468 3532 ProtectedStorage - ok
19:30:20.0500 3532 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:30:20.0515 3532 PSched - ok
19:30:20.0546 3532 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:30:20.0546 3532 Ptilink - ok
19:30:20.0593 3532 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:30:20.0609 3532 PxHelp20 - ok
19:30:20.0656 3532 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
19:30:20.0656 3532 ql1080 - ok
19:30:20.0671 3532 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
19:30:20.0671 3532 Ql10wnt - ok
19:30:20.0703 3532 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
19:30:20.0703 3532 ql12160 - ok
19:30:20.0718 3532 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
19:30:20.0718 3532 ql1240 - ok
19:30:20.0750 3532 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
19:30:20.0750 3532 ql1280 - ok
19:30:20.0796 3532 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:30:20.0796 3532 RasAcd - ok
19:30:20.0843 3532 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
19:30:20.0859 3532 RasAuto - ok
19:30:20.0906 3532 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:30:20.0906 3532 Rasl2tp - ok
19:30:21.0062 3532 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
19:30:21.0062 3532 RasMan - ok
19:30:21.0125 3532 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:30:21.0125 3532 RasPppoe - ok
19:30:21.0156 3532 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:30:21.0171 3532 Raspti - ok
19:30:21.0187 3532 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:30:21.0203 3532 Rdbss - ok
19:30:21.0218 3532 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:30:21.0218 3532 RDPCDD - ok
19:30:21.0265 3532 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:30:21.0281 3532 rdpdr - ok
19:30:21.0343 3532 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
19:30:21.0343 3532 RDPWD - ok
19:30:21.0406 3532 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
19:30:21.0406 3532 RDSessMgr - ok
19:30:21.0453 3532 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:30:21.0453 3532 redbook - ok
19:30:21.0500 3532 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
19:30:21.0515 3532 RemoteAccess - ok
19:30:21.0546 3532 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
19:30:21.0546 3532 RemoteRegistry - ok
19:30:21.0593 3532 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
19:30:21.0593 3532 Revoflt - ok
19:30:21.0640 3532 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
19:30:21.0640 3532 RpcLocator - ok
19:30:21.0718 3532 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
19:30:21.0718 3532 RpcSs - ok
19:30:21.0765 3532 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
19:30:21.0765 3532 RSVP - ok
19:30:21.0828 3532 RT73 (7436bfd3a542cf6ff55097200031b293) C:\WINDOWS\system32\DRIVERS\rt73.sys
19:30:21.0828 3532 RT73 - ok
19:30:21.0859 3532 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:30:21.0859 3532 SamSs - ok
19:30:21.0984 3532 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:30:22.0000 3532 SASDIFSV - ok
19:30:22.0015 3532 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:30:22.0015 3532 SASKUTIL - ok
19:30:22.0062 3532 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
19:30:22.0062 3532 SCardSvr - ok
19:30:22.0109 3532 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
19:30:22.0125 3532 Schedule - ok
19:30:22.0171 3532 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:30:22.0187 3532 Secdrv - ok
19:30:22.0218 3532 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
19:30:22.0218 3532 seclogon - ok
19:30:22.0265 3532 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
19:30:22.0265 3532 SENS - ok
19:30:22.0312 3532 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:30:22.0312 3532 serenum - ok
19:30:22.0343 3532 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:30:22.0343 3532 Serial - ok
19:30:22.0406 3532 sfdrv01 (adeb7db47a6f3412283259176f408be5) C:\WINDOWS\system32\drivers\sfdrv01.sys
19:30:22.0421 3532 sfdrv01 - ok
19:30:22.0437 3532 sfhlp02 (c1376a954899d98488a19396ea3aae2b) C:\WINDOWS\system32\drivers\sfhlp02.sys
19:30:22.0437 3532 sfhlp02 - ok
19:30:22.0453 3532 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:30:22.0453 3532 Sfloppy - ok
19:30:22.0468 3532 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys
19:30:22.0468 3532 sfvfs02 - ok
19:30:22.0531 3532 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
19:30:22.0531 3532 SharedAccess - ok
19:30:22.0578 3532 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:30:22.0578 3532 ShellHWDetection - ok
19:30:22.0593 3532 Simbad - ok
19:30:22.0656 3532 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:30:22.0656 3532 sisagp - ok
19:30:22.0703 3532 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:30:22.0703 3532 SLIP - ok
19:30:22.0750 3532 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
19:30:22.0750 3532 Sparrow - ok
19:30:22.0828 3532 speedfan (3fa2e254bfbce52b3c6f1bf23aab6911) C:\WINDOWS\system32\speedfan.sys
19:30:22.0828 3532 speedfan - ok
19:30:22.0890 3532 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:30:22.0890 3532 splitter - ok
19:30:22.0937 3532 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:30:22.0953 3532 Spooler - ok
19:30:23.0046 3532 sprtsvc_dellsupportcenter - ok
19:30:23.0078 3532 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:30:23.0078 3532 sr - ok
19:30:23.0125 3532 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
19:30:23.0125 3532 srservice - ok
19:30:23.0156 3532 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:30:23.0171 3532 Srv - ok
19:30:23.0187 3532 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
19:30:23.0187 3532 sscdbhk5 - ok
19:30:23.0218 3532 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
19:30:23.0218 3532 SSDPSRV - ok
19:30:23.0234 3532 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
19:30:23.0234 3532 ssrtln - ok
19:30:23.0312 3532 STHDA (352b663a81402be7cd7bd4ea27c9998c) C:\WINDOWS\system32\drivers\sthda.sys
19:30:23.0375 3532 STHDA - ok
19:30:23.0484 3532 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
19:30:23.0500 3532 stisvc - ok
19:30:23.0546 3532 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:30:23.0546 3532 streamip - ok
19:30:23.0578 3532 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:30:23.0578 3532 swenum - ok
19:30:23.0593 3532 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:30:23.0593 3532 swmidi - ok
19:30:23.0609 3532 SwPrv - ok
19:30:23.0671 3532 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
19:30:23.0671 3532 symc810 - ok
19:30:23.0687 3532 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
19:30:23.0687 3532 symc8xx - ok
19:30:23.0703 3532 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
19:30:23.0718 3532 sym_hi - ok
19:30:23.0734 3532 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
19:30:23.0734 3532 sym_u3 - ok
19:30:23.0765 3532 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:30:23.0765 3532 sysaudio - ok
19:30:23.0812 3532 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
19:30:23.0828 3532 SysmonLog - ok
19:30:23.0875 3532 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
19:30:23.0875 3532 TapiSrv - ok
19:30:24.0000 3532 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:30:24.0046 3532 Tcpip - ok
19:30:24.0375 3532 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:30:24.0375 3532 TDPIPE - ok
19:30:24.0406 3532 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:30:24.0406 3532 TDTCP - ok
19:30:24.0437 3532 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:30:24.0437 3532 TermDD - ok
19:30:24.0484 3532 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
19:30:24.0500 3532 TermService - ok
19:30:24.0578 3532 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
19:30:24.0578 3532 tfsnboio - ok
19:30:24.0593 3532 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
19:30:24.0609 3532 tfsncofs - ok
19:30:24.0625 3532 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
19:30:24.0625 3532 tfsndrct - ok
19:30:24.0656 3532 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
19:30:24.0656 3532 tfsndres - ok
19:30:24.0687 3532 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
19:30:24.0687 3532 tfsnifs - ok
19:30:24.0703 3532 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
19:30:24.0703 3532 tfsnopio - ok
19:30:24.0718 3532 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
19:30:24.0718 3532 tfsnpool - ok
19:30:24.0750 3532 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
19:30:24.0750 3532 tfsnudf - ok
19:30:24.0765 3532 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
19:30:24.0765 3532 tfsnudfa - ok
19:30:24.0812 3532 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:30:24.0828 3532 Themes - ok
19:30:24.0859 3532 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
19:30:24.0875 3532 TlntSvr - ok
19:30:24.0921 3532 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
19:30:24.0937 3532 TosIde - ok
19:30:25.0000 3532 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
19:30:25.0000 3532 TrkWks - ok
19:30:25.0062 3532 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:30:25.0062 3532 Udfs - ok
19:30:25.0093 3532 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
19:30:25.0109 3532 ultra - ok
19:30:25.0171 3532 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:30:25.0171 3532 Update - ok
19:30:25.0218 3532 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
19:30:25.0218 3532 upnphost - ok
19:30:25.0250 3532 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
19:30:25.0250 3532 UPS - ok
19:30:25.0312 3532 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:30:25.0312 3532 USBAAPL - ok
19:30:25.0359 3532 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:30:25.0359 3532 usbaudio - ok
19:30:25.0375 3532 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:30:25.0375 3532 usbccgp - ok
19:30:25.0421 3532 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:30:25.0421 3532 usbehci - ok
19:30:25.0453 3532 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:30:25.0453 3532 usbhub - ok
19:30:25.0468 3532 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:30:25.0468 3532 usbprint - ok
19:30:25.0500 3532 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:30:25.0500 3532 usbscan - ok
19:30:25.0531 3532 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:30:25.0531 3532 USBSTOR - ok
19:30:25.0562 3532 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:30:25.0562 3532 usbuhci - ok
19:30:25.0625 3532 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:30:25.0625 3532 VgaSave - ok
19:30:25.0671 3532 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:30:25.0671 3532 viaagp - ok
19:30:25.0703 3532 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
19:30:25.0703 3532 ViaIde - ok
19:30:25.0734 3532 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:30:25.0734 3532 VolSnap - ok
19:30:25.0781 3532 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
19:30:25.0796 3532 VSS - ok
19:30:25.0890 3532 VX6000 (61fc38a2e136a2e5944e7ca286abaaae) C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys
19:30:25.0953 3532 VX6000 - ok
19:30:26.0000 3532 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
19:30:26.0000 3532 w32time - ok
19:30:26.0062 3532 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:30:26.0062 3532 Wanarp - ok
19:30:26.0093 3532 wanatw - ok
19:30:26.0187 3532 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:30:26.0187 3532 Wdf01000 - ok
19:30:26.0203 3532 WDICA - ok
19:30:26.0234 3532 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:30:26.0234 3532 wdmaud - ok
19:30:26.0296 3532 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
19:30:26.0296 3532 WebClient - ok
19:30:26.0421 3532 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe
19:30:26.0421 3532 WinDefend - ok
19:30:26.0515 3532 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:30:26.0515 3532 winmgmt - ok
19:30:26.0609 3532 WMDM PMSP Service (581176f60885aef8f78c6e38dcc3cdf9) C:\WINDOWS\system32\MsPMSPSv.exe
19:30:26.0609 3532 WMDM PMSP Service - ok
19:30:26.0671 3532 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
19:30:26.0671 3532 WmdmPmSN - ok
19:30:26.0750 3532 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
19:30:26.0796 3532 Wmi - ok
19:30:26.0828 3532 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:30:26.0828 3532 WmiApSrv - ok
19:30:27.0000 3532 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
19:30:27.0015 3532 WMPNetworkSvc - ok
19:30:27.0046 3532 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:30:27.0046 3532 WS2IFSL - ok
19:30:27.0109 3532 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
19:30:27.0125 3532 wscsvc - ok
19:30:27.0203 3532 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:30:27.0203 3532 WSTCODEC - ok
19:30:27.0265 3532 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
19:30:27.0296 3532 wuauserv - ok
19:30:27.0375 3532 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:30:27.0375 3532 WudfPf - ok
19:30:27.0437 3532 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:30:27.0437 3532 WudfRd - ok
19:30:27.0500 3532 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
19:30:27.0515 3532 WudfSvc - ok
19:30:27.0640 3532 WUSB54GCSVC (ccfdecd6060ea8eb0f8466782a97ff21) C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
19:30:27.0640 3532 WUSB54GCSVC - ok
19:30:27.0703 3532 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
19:30:27.0718 3532 WZCSVC - ok
19:30:27.0765 3532 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
19:30:27.0875 3532 xmlprov - ok
19:30:27.0921 3532 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
19:30:27.0953 3532 \Device\Harddisk0\DR0 - ok
19:30:27.0984 3532 Boot (0x1200) (ff9f1f24c12a5dc6e0920cded650c8cc) \Device\Harddisk0\DR0\Partition0
19:30:27.0984 3532 \Device\Harddisk0\DR0\Partition0 - ok
19:30:27.0984 3532 ============================================================
19:30:27.0984 3532 Scan finished
19:30:27.0984 3532 ============================================================
19:30:27.0984 1796 Detected object count: 0
19:30:27.0984 1796 Actual detected object count: 0

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:44 AM

Posted 22 April 2012 - 01:21 PM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users