Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Which file is bad?


  • This topic is locked This topic is locked
52 replies to this topic

#1 branch

branch

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 AM

Posted 02 May 2012 - 07:35 PM

I need to separate the good applications from the bad within my log file on HijackThis.com How do you sort through this data to find the trojans and adware located within my files? How do you check for authenticity and registered addresses to narrow down this check list? HELP PLEASE! I can not use my SYSTEM RESTORE OR SEARCH in Windows. I have USB connectivity issues in iTunes. Download problems such as installing Adobe Flash Player. I had problems with AVG (kmzmybj.dll....application missing with secure search), but problem was fixed with Malware Bytes.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:47 AM

Posted 02 May 2012 - 08:21 PM

Hello, you will need to post the HJT log here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 AM

Posted 07 May 2012 - 10:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

If needed.
The scan will also create this Attach.txt log I would also like to see the content.
Please post it in a other post for my review, do not attach the file.

Posted Image

===

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs for my review.

#4 branch

branch
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 AM

Posted 14 May 2012 - 12:40 AM

Thank you for responding and sorry for the delay. Your response and other members are greatly appreciated. Please note, my computer was cleaned a month ago. The technician installed 2012 AVG, but I'm displeased with some it's features. Any Anti-Virus program that wants to control my browser settings is annoying. I eliminated the toolbar, but had problems with the AVG secure search feature. The first problem, kmzkybj.dll error, was encounter and fixed using Malware Bytes. That still does not resolve other issues with my registry. The technician suggested HIJACK THIS, but still need instruction. I pick up things fast, but I've never used this program. Below, I copied and pasted the DDS attachments requested for review. I will wait patiently for your reply.


.
µTorrent
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AVG 2012
Bonjour
CDBurnerXP
Conexant D110 MDC V.92 Modem
Intel® Graphics Media Accelerator Driver for Mobile
iTunes
Java Auto Updater
Java SE Development Kit 7 Update 4
Java™ 6 Update 24
Java™ 6 Update 30
Java™ 6 Update 31
Java™ 7 Update 4
JavaFX 2.1.0
JavaFX 2.1.0 SDK
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 11.0 (x86 en-US)
MSN
Net's Bundle
NETGEAR WNA1100 N150 Wireless USB Adapter
OpenOffice.org 3.3
QuickTime
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Update for Windows Internet Explorer 8 (KB2598845)
uTorrentControl2 Toolbar
VLC media player 1.1.11
WebFldrs XP
Windows Internet Explorer 8
.
==== End Of File ===========================

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1
Run by User at 0:14:40 on 2012-05-14
.
============== Running Processes ===============
.
\??\C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
\??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\User\My Documents\Downloads\dds.scr
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com/chrome/eula.html?hl=en&brand=CHFX&utm_campaign=en&utm_source=en-oa-na-us-bk-bng&utm_medium=oa&installdataindex=homepagepromo
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [<NO NAME>] A
mRun: [New Value #1]
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=TlVIRDQtWUg5UEUtTzNQNEUtUVJERUstR0RKWjctVk9YVUw"&"inst=NzctMTI0NTk5NjA3MS1TVDEyRkFQUCsxLUREVCswLUVVTEErMQ"&"prod=55"&"ver=2012.0.1809"&"mid=15c2d5dabb8747d0904fd15d643bfac2-2404027c94af33b94b09ca06f24ae5ce12944c59
dRun: [Update] rundll32.exe "c:\documents and settings\user\application data\avg secure search\avg secure search\kmzkybj.dll",DllRegisterServer
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{10E16838-973F-4365-A5D8-E0EB36738941} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\ingmq1zu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bec0ca9c7-047e-4bdd-b04d-f402239733b2%7D&mid=15c2d5dabb8747d0904fd15d643bfac2-2404027c94af33b94b09ca06f24ae5ce12944c59&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2012-04-30%2015%3A13%3A32&sap=ku&q=
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R? jswpsapi;JumpStart Wi-Fi Protected Setup
R? MBAMSwissArmy;MBAMSwissArmy
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? AR9271;Atheros AR9271 Wireless Network Adapter Service
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSEH;AVGIDSEH
S? AVGIDSFilter;AVGIDSFilter
S? AVGIDSShim;AVGIDSShim
S? Avgldx86;AVG AVI Loader Driver
S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx86;AVG Anti-Rootkit Driver
S? Avgtdix;AVG TDI Driver
S? avgwd;AVG WatchDog
S? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
S? JSWSCIMD;jswscimd Service
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? vToolbarUpdater10.2.0;vToolbarUpdater10.2.0
S? WSWNA1100;WSWNA1100
.
=============== Created Last 30 ================
.
2012-05-12 05:29:47 -------- d-----w- c:\documents and settings\user\local settings\application data\Sun
2012-05-10 19:43:43 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-05-01 20:22:20 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search
2012-05-01 20:18:22 -------- d-----w- c:\documents and settings\user\application data\OpenOffice.org
2012-05-01 08:26:01 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes
2012-05-01 08:25:51 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2012-05-01 08:25:44 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-05-01 08:25:43 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-01 08:25:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-30 20:17:02 -------- d-----w- c:\program files\ASK.COM
2012-04-30 20:13:33 -------- d-----w- c:\documents and settings\user\application data\AVG Secure Search
2012-04-30 20:13:26 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-04-30 20:13:22 -------- d-----w- c:\program files\AVG Secure Search
2012-04-30 20:10:54 -------- d-----w- c:\windows\system32\drivers\AVG
2012-04-30 20:09:57 -------- d-----w- c:\program files\AVG
2012-04-29 21:29:32 -------- d-----w- c:\program files\Oracle
2012-04-29 21:28:13 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-29 21:28:11 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-04-29 20:55:29 -------- d-----w- c:\program files\FrostWire
2012-04-27 23:08:36 -------- d-----w- c:\documents and settings\user\local settings\application data\Google
2012-04-27 23:08:36 -------- d-----w- c:\documents and settings\user\local settings\application data\CRE
2012-04-27 23:08:26 -------- d-----w- c:\documents and settings\user\local settings\application data\uTorrentControl2
2012-04-27 23:08:24 -------- d-----w- c:\program files\uTorrentControl2
2012-04-27 22:27:23 -------- d-----w- c:\documents and settings\user\application data\Curiolab
2012-04-27 04:14:28 -------- d-----w- c:\windows\pss
2012-04-26 03:32:24 -------- d-----w- c:\documents and settings\user\application data\PC Cleaners
2012-04-26 03:32:18 -------- d-----w- c:\documents and settings\user\application data\PCPro
2012-04-26 03:32:16 -------- d-----w- c:\documents and settings\all users\application data\PC1Data
2012-04-22 09:11:19 0 ----a-w- c:\windows\system32\REN58.tmp
2012-04-22 09:11:19 0 ----a-w- c:\windows\system32\REN57.tmp
2012-04-22 09:11:19 0 ----a-w- c:\windows\system32\REN56.tmp
2012-04-22 08:52:02 -------- d-----w- c:\documents and settings\user\local settings\application data\Mozilla
2012-04-22 06:24:15 2560 ----a-w- c:\documents and settings\all users\application data\microsoft\usmt\iconlib.dll
2012-04-22 06:11:25 -------- d-----w- c:\documents and settings\user\application data\SpeedyPC Software
2012-04-22 06:11:13 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software
2012-04-20 13:15:01 -------- d-----w- c:\documents and settings\user\application data\DriverCure
2012-04-20 13:14:58 -------- d-----w- c:\documents and settings\user\application data\ParetoLogic
2012-04-20 13:14:23 -------- d-----w- c:\documents and settings\all users\application data\ParetoLogic
2012-04-20 12:59:45 -------- d-----w- c:\windows\system32\NtmsData
2012-04-20 10:40:48 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-04-20 10:40:48 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-20 03:56:32 -------- d-----w- c:\documents and settings\user\application data\uTorrent(3)
2012-04-19 22:46:57 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2012-04-19 22:46:57 75776 ------w- c:\windows\system32\strmfilt.dll
2012-04-19 22:46:57 265728 -c----w- c:\windows\system32\dllcache\http.sys
2012-04-19 22:46:57 265728 ------w- c:\windows\system32\drivers\http.sys
2012-04-19 22:46:57 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2012-04-19 22:46:57 25088 ------w- c:\windows\system32\httpapi.dll
2012-04-19 09:26:06 -------- d-----w- c:\documents and settings\user\application data\AVG
2012-04-16 03:06:09 -------- d-----w- c:\documents and settings\user\application data\uTorrent(2)
2012-04-15 09:06:27 -------- d-----w- c:\program files\common files\Java(2)
2012-04-15 04:38:27 -------- d-----w- c:\documents and settings\user\local settings\application data\Conduit
2012-04-14 23:43:20 -------- d-----w- c:\windows\system32\cache
2012-04-14 09:58:53 -------- d-sh--w- c:\documents and settings\user\IECompatCache
2012-04-14 09:57:25 -------- d-sh--w- c:\documents and settings\user\PrivacIE
2012-04-14 09:47:54 -------- d-sh--w- c:\documents and settings\user\IETldCache
2012-04-14 09:37:39 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-04-14 09:36:34 -------- d-----w- c:\windows\ie8updates
2012-04-14 09:36:04 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-04-14 09:35:56 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-04-14 09:35:53 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-04-14 09:32:27 -------- dc-h--w- c:\windows\ie8
2012-04-14 08:58:19 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-04-14 08:41:34 -------- d-----w- c:\documents and settings\user\application data\MSNInstaller
.
==================== Find3M ====================
.
2012-04-13 15:11:07 715038 ----a-w- c:\windows\unins000.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 23:47:02 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 0:15:48.51 ===============

#5 branch

branch
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 AM

Posted 14 May 2012 - 12:49 AM

This is the additional information on the checkup.txt. requested. Again, thank you for the input.



Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2012
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

JavaFX 2.1.0
JavaFX 2.1.0 SDK
Java™ 6 Update 24
Java™ 6 Update 30
Java™ 6 Update 31
Java™ 7 Update 4
Java SE Development Kit 7 Update 4
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 AM

Posted 14 May 2012 - 08:15 AM

We need to check further.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#7 branch

branch
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 AM

Posted 16 May 2012 - 12:05 AM

This is the report from TDDS. Before I downloaded the AVAST, I wanted to know if conflicting problems are going to happen with Malware Bytes, AVG, and now Kapriesky's TDDS running simultaneously. Thank you.



23:30:56.0015 5112 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
23:30:56.0437 5112 ============================================================
23:30:56.0437 5112 Current date / time: 2012/05/15 23:30:56.0437
23:30:56.0437 5112 SystemInfo:
23:30:56.0437 5112
23:30:56.0453 5112 OS Version: 5.1.2600 ServicePack: 3.0
23:30:56.0453 5112 Product type: Workstation
23:30:56.0453 5112 ComputerName: OWNER-702859C76
23:30:56.0453 5112 UserName: User
23:30:56.0453 5112 Windows directory: C:\WINDOWS
23:30:56.0453 5112 System windows directory: C:\WINDOWS
23:30:56.0453 5112 Processor architecture: Intel x86
23:30:56.0453 5112 Number of processors: 1
23:30:56.0453 5112 Page size: 0x1000
23:30:56.0453 5112 Boot type: Normal boot
23:30:56.0453 5112 ============================================================
23:31:00.0781 5112 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:31:00.0781 5112 ============================================================
23:31:00.0781 5112 \Device\Harddisk0\DR0:
23:31:00.0781 5112 MBR partitions:
23:31:00.0781 5112 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A81400
23:31:00.0781 5112 ============================================================
23:31:00.0781 5112 C: <-> \Device\Harddisk0\DR0\Partition0
23:31:00.0781 5112 ============================================================
23:31:00.0781 5112 Initialize success
23:31:00.0781 5112 ============================================================
23:31:07.0343 3340 ============================================================
23:31:07.0343 3340 Scan started
23:31:07.0343 3340 Mode: Manual;
23:31:07.0343 3340 ============================================================
23:31:07.0953 3340 Abiosdsk - ok
23:31:07.0968 3340 abp480n5 - ok
23:31:08.0046 3340 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:31:08.0046 3340 ACPI - ok
23:31:08.0109 3340 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:31:08.0109 3340 ACPIEC - ok
23:31:08.0203 3340 ACS (4acf9052a6355d1530cf782e0919c5b4) C:\WINDOWS\system32\acs.exe
23:31:08.0218 3340 ACS - ok
23:31:08.0234 3340 adpu160m - ok
23:31:08.0312 3340 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:31:08.0328 3340 aec - ok
23:31:08.0421 3340 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:31:08.0421 3340 AFD - ok
23:31:08.0437 3340 Aha154x - ok
23:31:08.0453 3340 aic78u2 - ok
23:31:08.0468 3340 aic78xx - ok
23:31:08.0484 3340 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
23:31:08.0484 3340 Alerter - ok
23:31:08.0531 3340 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
23:31:08.0531 3340 ALG - ok
23:31:08.0531 3340 AliIde - ok
23:31:08.0546 3340 amsint - ok
23:31:08.0718 3340 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:31:08.0718 3340 Apple Mobile Device - ok
23:31:08.0765 3340 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
23:31:08.0781 3340 AppMgmt - ok
23:31:08.0984 3340 AR9271 (3bc98a53c0abe3feb3b2b9b3bd9e7aa5) C:\WINDOWS\system32\DRIVERS\athuw.sys
23:31:09.0062 3340 AR9271 - ok
23:31:09.0203 3340 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:31:09.0203 3340 Arp1394 - ok
23:31:09.0218 3340 asc - ok
23:31:09.0218 3340 asc3350p - ok
23:31:09.0234 3340 asc3550 - ok
23:31:09.0375 3340 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:31:09.0421 3340 aspnet_state - ok
23:31:09.0484 3340 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:31:09.0484 3340 AsyncMac - ok
23:31:09.0546 3340 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:31:09.0546 3340 atapi - ok
23:31:09.0546 3340 Atdisk - ok
23:31:09.0609 3340 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:31:09.0625 3340 Atmarpc - ok
23:31:09.0656 3340 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
23:31:09.0656 3340 AudioSrv - ok
23:31:09.0718 3340 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:31:09.0718 3340 audstub - ok
23:31:10.0390 3340 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
23:31:10.0546 3340 AVGIDSAgent - ok
23:31:10.0718 3340 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
23:31:10.0718 3340 AVGIDSDriver - ok
23:31:10.0750 3340 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
23:31:10.0750 3340 AVGIDSEH - ok
23:31:10.0765 3340 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
23:31:10.0765 3340 AVGIDSFilter - ok
23:31:10.0843 3340 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
23:31:10.0843 3340 AVGIDSShim - ok
23:31:10.0890 3340 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
23:31:10.0890 3340 Avgldx86 - ok
23:31:10.0921 3340 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
23:31:10.0937 3340 Avgmfx86 - ok
23:31:10.0953 3340 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
23:31:10.0953 3340 Avgrkx86 - ok
23:31:11.0000 3340 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
23:31:11.0031 3340 Avgtdix - ok
23:31:11.0218 3340 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
23:31:11.0234 3340 avgwd - ok
23:31:11.0296 3340 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
23:31:11.0296 3340 bcm4sbxp - ok
23:31:11.0375 3340 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:31:11.0375 3340 Beep - ok
23:31:11.0468 3340 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
23:31:11.0484 3340 BITS - ok
23:31:11.0593 3340 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
23:31:11.0609 3340 Bonjour Service - ok
23:31:11.0671 3340 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
23:31:11.0671 3340 Browser - ok
23:31:11.0718 3340 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:31:11.0718 3340 cbidf2k - ok
23:31:11.0718 3340 cd20xrnt - ok
23:31:11.0765 3340 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:31:11.0781 3340 Cdaudio - ok
23:31:11.0812 3340 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:31:11.0812 3340 Cdfs - ok
23:31:11.0828 3340 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:31:11.0843 3340 Cdrom - ok
23:31:11.0859 3340 Changer - ok
23:31:11.0890 3340 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
23:31:11.0890 3340 CiSvc - ok
23:31:11.0937 3340 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
23:31:11.0937 3340 ClipSrv - ok
23:31:12.0031 3340 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:31:12.0062 3340 clr_optimization_v4.0.30319_32 - ok
23:31:12.0109 3340 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:31:12.0109 3340 CmBatt - ok
23:31:12.0125 3340 CmdIde - ok
23:31:12.0171 3340 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:31:12.0187 3340 Compbatt - ok
23:31:12.0187 3340 COMSysApp - ok
23:31:12.0218 3340 Cpqarray - ok
23:31:12.0234 3340 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
23:31:12.0234 3340 CryptSvc - ok
23:31:12.0250 3340 dac2w2k - ok
23:31:12.0265 3340 dac960nt - ok
23:31:12.0406 3340 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
23:31:12.0421 3340 DcomLaunch - ok
23:31:12.0453 3340 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
23:31:12.0453 3340 Dhcp - ok
23:31:12.0468 3340 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:31:12.0484 3340 Disk - ok
23:31:12.0484 3340 dmadmin - ok
23:31:12.0593 3340 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:31:12.0609 3340 dmboot - ok
23:31:12.0656 3340 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:31:12.0656 3340 dmio - ok
23:31:12.0703 3340 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:31:12.0703 3340 dmload - ok
23:31:12.0734 3340 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
23:31:12.0750 3340 dmserver - ok
23:31:12.0796 3340 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:31:12.0812 3340 DMusic - ok
23:31:12.0859 3340 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
23:31:12.0859 3340 Dnscache - ok
23:31:12.0921 3340 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
23:31:12.0921 3340 Dot3svc - ok
23:31:12.0937 3340 dpti2o - ok
23:31:12.0984 3340 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:31:12.0984 3340 drmkaud - ok
23:31:13.0015 3340 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
23:31:13.0015 3340 EapHost - ok
23:31:13.0078 3340 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
23:31:13.0078 3340 ERSvc - ok
23:31:13.0156 3340 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:31:13.0171 3340 Eventlog - ok
23:31:13.0250 3340 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
23:31:13.0250 3340 EventSystem - ok
23:31:13.0296 3340 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:31:13.0312 3340 Fastfat - ok
23:31:13.0390 3340 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:31:13.0390 3340 FastUserSwitchingCompatibility - ok
23:31:13.0437 3340 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
23:31:13.0437 3340 Fdc - ok
23:31:13.0453 3340 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:31:13.0453 3340 Fips - ok
23:31:13.0468 3340 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:31:13.0468 3340 Flpydisk - ok
23:31:13.0546 3340 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:31:13.0546 3340 FltMgr - ok
23:31:13.0578 3340 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:31:13.0578 3340 Fs_Rec - ok
23:31:13.0609 3340 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:31:13.0609 3340 Ftdisk - ok
23:31:13.0671 3340 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:31:13.0703 3340 GEARAspiWDM - ok
23:31:13.0750 3340 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:31:13.0750 3340 Gpc - ok
23:31:13.0828 3340 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:31:13.0828 3340 helpsvc - ok
23:31:13.0843 3340 HidServ - ok
23:31:13.0906 3340 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:31:13.0906 3340 hidusb - ok
23:31:13.0953 3340 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
23:31:13.0953 3340 hkmsvc - ok
23:31:13.0968 3340 hpn - ok
23:31:14.0031 3340 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
23:31:14.0062 3340 HSFHWICH - ok
23:31:14.0187 3340 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
23:31:14.0218 3340 HSF_DPV - ok
23:31:14.0296 3340 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:31:14.0328 3340 HTTP - ok
23:31:14.0375 3340 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
23:31:14.0375 3340 HTTPFilter - ok
23:31:14.0390 3340 i2omgmt - ok
23:31:14.0406 3340 i2omp - ok
23:31:14.0453 3340 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:31:14.0453 3340 i8042prt - ok
23:31:14.0687 3340 ialm (da91f5385cfc8ba0f110f2fde112b563) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
23:31:14.0734 3340 ialm - ok
23:31:14.0781 3340 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:31:14.0781 3340 Imapi - ok
23:31:14.0812 3340 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
23:31:14.0828 3340 ImapiService - ok
23:31:14.0843 3340 ini910u - ok
23:31:14.0859 3340 IntelIde - ok
23:31:14.0890 3340 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:31:14.0890 3340 intelppm - ok
23:31:14.0937 3340 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:31:14.0937 3340 Ip6Fw - ok
23:31:14.0984 3340 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:31:14.0984 3340 IpFilterDriver - ok
23:31:15.0015 3340 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:31:15.0015 3340 IpInIp - ok
23:31:15.0062 3340 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:31:15.0078 3340 IpNat - ok
23:31:15.0265 3340 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
23:31:15.0296 3340 iPod Service - ok
23:31:15.0375 3340 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:31:15.0375 3340 IPSec - ok
23:31:15.0421 3340 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:31:15.0437 3340 IRENUM - ok
23:31:15.0484 3340 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:31:15.0484 3340 isapnp - ok
23:31:15.0640 3340 JavaQuickStarterService (8c5c59e1921eca3607390a1f641556df) C:\Program Files\Java\jre7\bin\jqs.exe
23:31:15.0656 3340 JavaQuickStarterService - ok
23:31:15.0796 3340 jswpsapi (ad7c73c72480eecb7675c90eb565e7cb) C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe
23:31:15.0812 3340 jswpsapi - ok
23:31:15.0875 3340 JSWSCIMD (ad67795900aa8c05cc4570f5349e0639) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
23:31:15.0875 3340 JSWSCIMD - ok
23:31:15.0937 3340 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:31:15.0937 3340 Kbdclass - ok
23:31:16.0015 3340 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:31:16.0031 3340 kmixer - ok
23:31:16.0078 3340 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:31:16.0078 3340 KSecDD - ok
23:31:16.0156 3340 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
23:31:16.0156 3340 LanmanServer - ok
23:31:16.0218 3340 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
23:31:16.0234 3340 lanmanworkstation - ok
23:31:16.0250 3340 lbrtfdc - ok
23:31:16.0328 3340 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
23:31:16.0328 3340 LmHosts - ok
23:31:16.0375 3340 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
23:31:16.0375 3340 MBAMProtector - ok
23:31:16.0468 3340 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:31:16.0500 3340 MBAMService - ok
23:31:16.0531 3340 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:31:16.0531 3340 mdmxsdk - ok
23:31:16.0562 3340 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
23:31:16.0578 3340 Messenger - ok
23:31:16.0609 3340 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:31:16.0625 3340 mnmdd - ok
23:31:16.0656 3340 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
23:31:16.0656 3340 mnmsrvc - ok
23:31:16.0703 3340 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:31:16.0703 3340 Modem - ok
23:31:16.0734 3340 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:31:16.0734 3340 Mouclass - ok
23:31:16.0781 3340 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:31:16.0781 3340 mouhid - ok
23:31:16.0828 3340 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:31:16.0828 3340 MountMgr - ok
23:31:16.0906 3340 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:31:16.0906 3340 MozillaMaintenance - ok
23:31:16.0921 3340 mraid35x - ok
23:31:16.0984 3340 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:31:16.0984 3340 MRxDAV - ok
23:31:17.0093 3340 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:31:17.0140 3340 MRxSmb - ok
23:31:17.0187 3340 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
23:31:17.0187 3340 MSDTC - ok
23:31:17.0218 3340 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:31:17.0218 3340 Msfs - ok
23:31:17.0234 3340 MSIServer - ok
23:31:17.0265 3340 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:31:17.0265 3340 MSKSSRV - ok
23:31:17.0296 3340 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:31:17.0296 3340 MSPCLOCK - ok
23:31:17.0312 3340 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:31:17.0328 3340 MSPQM - ok
23:31:17.0343 3340 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:31:17.0359 3340 mssmbios - ok
23:31:17.0375 3340 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:31:17.0390 3340 Mup - ok
23:31:17.0453 3340 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
23:31:17.0453 3340 napagent - ok
23:31:17.0484 3340 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:31:17.0500 3340 NDIS - ok
23:31:17.0515 3340 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:31:17.0515 3340 NdisTapi - ok
23:31:17.0546 3340 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:31:17.0546 3340 Ndisuio - ok
23:31:17.0578 3340 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:31:17.0578 3340 NdisWan - ok
23:31:17.0656 3340 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:31:17.0656 3340 NDProxy - ok
23:31:17.0671 3340 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:31:17.0671 3340 NetBIOS - ok
23:31:17.0750 3340 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:31:17.0750 3340 NetBT - ok
23:31:17.0812 3340 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:31:17.0812 3340 NetDDE - ok
23:31:17.0828 3340 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:31:17.0828 3340 NetDDEdsdm - ok
23:31:17.0890 3340 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:31:17.0890 3340 Netlogon - ok
23:31:17.0937 3340 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
23:31:17.0937 3340 Netman - ok
23:31:18.0046 3340 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:31:18.0062 3340 NetTcpPortSharing - ok
23:31:18.0109 3340 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:31:18.0109 3340 NIC1394 - ok
23:31:18.0187 3340 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
23:31:18.0203 3340 Nla - ok
23:31:18.0375 3340 NMSAccess (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Program Files\CDBurnerXP\NMSAccessU.exe
23:31:18.0375 3340 NMSAccess - ok
23:31:18.0453 3340 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:31:18.0453 3340 Npfs - ok
23:31:18.0531 3340 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:31:18.0546 3340 Ntfs - ok
23:31:18.0562 3340 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:31:18.0562 3340 NtLmSsp - ok
23:31:18.0640 3340 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
23:31:18.0656 3340 NtmsSvc - ok
23:31:18.0703 3340 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:31:18.0703 3340 Null - ok
23:31:18.0734 3340 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:31:18.0734 3340 NwlnkFlt - ok
23:31:18.0750 3340 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:31:18.0765 3340 NwlnkFwd - ok
23:31:18.0796 3340 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:31:18.0796 3340 ohci1394 - ok
23:31:18.0843 3340 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
23:31:18.0859 3340 Parport - ok
23:31:18.0859 3340 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:31:18.0875 3340 PartMgr - ok
23:31:18.0906 3340 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:31:18.0906 3340 ParVdm - ok
23:31:18.0937 3340 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:31:18.0937 3340 PCI - ok
23:31:18.0953 3340 PCIDump - ok
23:31:19.0000 3340 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:31:19.0000 3340 PCIIde - ok
23:31:19.0031 3340 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:31:19.0031 3340 Pcmcia - ok
23:31:19.0046 3340 PDCOMP - ok
23:31:19.0062 3340 PDFRAME - ok
23:31:19.0078 3340 PDRELI - ok
23:31:19.0093 3340 PDRFRAME - ok
23:31:19.0109 3340 perc2 - ok
23:31:19.0125 3340 perc2hib - ok
23:31:19.0218 3340 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:31:19.0218 3340 PlugPlay - ok
23:31:19.0234 3340 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:31:19.0234 3340 PolicyAgent - ok
23:31:19.0250 3340 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:31:19.0265 3340 PptpMiniport - ok
23:31:19.0265 3340 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:31:19.0281 3340 ProtectedStorage - ok
23:31:19.0296 3340 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:31:19.0296 3340 PSched - ok
23:31:19.0328 3340 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:31:19.0328 3340 Ptilink - ok
23:31:19.0343 3340 ql1080 - ok
23:31:19.0359 3340 Ql10wnt - ok
23:31:19.0375 3340 ql12160 - ok
23:31:19.0375 3340 ql1240 - ok
23:31:19.0390 3340 ql1280 - ok
23:31:19.0453 3340 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:31:19.0453 3340 RasAcd - ok
23:31:19.0500 3340 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
23:31:19.0500 3340 RasAuto - ok
23:31:19.0546 3340 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:31:19.0546 3340 Rasl2tp - ok
23:31:19.0593 3340 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
23:31:19.0609 3340 RasMan - ok
23:31:19.0625 3340 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:31:19.0625 3340 RasPppoe - ok
23:31:19.0656 3340 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:31:19.0656 3340 Raspti - ok
23:31:19.0718 3340 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:31:19.0718 3340 Rdbss - ok
23:31:19.0734 3340 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:31:19.0734 3340 RDPCDD - ok
23:31:19.0765 3340 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:31:19.0781 3340 rdpdr - ok
23:31:19.0843 3340 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
23:31:19.0859 3340 RDPWD - ok
23:31:19.0921 3340 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
23:31:19.0937 3340 RDSessMgr - ok
23:31:19.0968 3340 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:31:19.0984 3340 redbook - ok
23:31:20.0031 3340 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
23:31:20.0031 3340 RemoteAccess - ok
23:31:20.0078 3340 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
23:31:20.0093 3340 RemoteRegistry - ok
23:31:20.0156 3340 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
23:31:20.0156 3340 RpcLocator - ok
23:31:20.0250 3340 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
23:31:20.0265 3340 RpcSs - ok
23:31:20.0312 3340 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
23:31:20.0312 3340 RSVP - ok
23:31:20.0343 3340 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:31:20.0359 3340 SamSs - ok
23:31:20.0390 3340 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
23:31:20.0406 3340 SCardSvr - ok
23:31:20.0468 3340 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
23:31:20.0468 3340 Schedule - ok
23:31:20.0500 3340 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
23:31:20.0500 3340 sdbus - ok
23:31:20.0546 3340 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:31:20.0546 3340 Secdrv - ok
23:31:20.0593 3340 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
23:31:20.0593 3340 seclogon - ok
23:31:20.0609 3340 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
23:31:20.0625 3340 SENS - ok
23:31:20.0640 3340 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
23:31:20.0640 3340 Serial - ok
23:31:20.0687 3340 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:31:20.0687 3340 Sfloppy - ok
23:31:20.0781 3340 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
23:31:20.0781 3340 SharedAccess - ok
23:31:20.0859 3340 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:31:20.0859 3340 ShellHWDetection - ok
23:31:20.0875 3340 Simbad - ok
23:31:20.0890 3340 Sparrow - ok
23:31:20.0953 3340 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:31:20.0953 3340 splitter - ok
23:31:21.0015 3340 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
23:31:21.0031 3340 Spooler - ok
23:31:21.0062 3340 Sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:31:21.0062 3340 Sr - ok
23:31:21.0109 3340 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
23:31:21.0109 3340 srservice - ok
23:31:21.0203 3340 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:31:21.0203 3340 Srv - ok
23:31:21.0250 3340 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
23:31:21.0250 3340 SSDPSRV - ok
23:31:21.0312 3340 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
23:31:21.0328 3340 STAC97 - ok
23:31:21.0390 3340 StarOpen (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys
23:31:21.0421 3340 StarOpen - ok
23:31:21.0500 3340 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
23:31:21.0500 3340 stisvc - ok
23:31:21.0562 3340 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:31:21.0562 3340 swenum - ok
23:31:21.0593 3340 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:31:21.0593 3340 swmidi - ok
23:31:21.0609 3340 SwPrv - ok
23:31:21.0625 3340 symc810 - ok
23:31:21.0640 3340 symc8xx - ok
23:31:21.0656 3340 sym_hi - ok
23:31:21.0656 3340 sym_u3 - ok
23:31:21.0703 3340 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:31:21.0718 3340 sysaudio - ok
23:31:21.0781 3340 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
23:31:21.0781 3340 SysmonLog - ok
23:31:21.0859 3340 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
23:31:21.0875 3340 TapiSrv - ok
23:31:21.0937 3340 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:31:21.0953 3340 Tcpip - ok
23:31:22.0000 3340 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:31:22.0000 3340 TDPIPE - ok
23:31:22.0015 3340 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:31:22.0031 3340 TDTCP - ok
23:31:22.0078 3340 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:31:22.0078 3340 TermDD - ok
23:31:22.0171 3340 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
23:31:22.0187 3340 TermService - ok
23:31:22.0250 3340 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:31:22.0265 3340 Themes - ok
23:31:22.0296 3340 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
23:31:22.0312 3340 TlntSvr - ok
23:31:22.0312 3340 TosIde - ok
23:31:22.0359 3340 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
23:31:22.0375 3340 TrkWks - ok
23:31:22.0437 3340 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:31:22.0437 3340 Udfs - ok
23:31:22.0453 3340 UIUSys - ok
23:31:22.0468 3340 ultra - ok
23:31:22.0531 3340 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:31:22.0546 3340 Update - ok
23:31:22.0609 3340 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
23:31:22.0625 3340 upnphost - ok
23:31:22.0640 3340 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
23:31:22.0640 3340 UPS - ok
23:31:22.0656 3340 USBAAPL - ok
23:31:22.0718 3340 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:31:22.0718 3340 usbehci - ok
23:31:22.0734 3340 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:31:22.0734 3340 usbhub - ok
23:31:22.0796 3340 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:31:22.0796 3340 USBSTOR - ok
23:31:22.0828 3340 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:31:22.0843 3340 usbuhci - ok
23:31:22.0890 3340 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:31:22.0890 3340 VgaSave - ok
23:31:22.0906 3340 ViaIde - ok
23:31:22.0953 3340 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:31:22.0953 3340 VolSnap - ok
23:31:23.0015 3340 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
23:31:23.0046 3340 VSS - ok
23:31:23.0312 3340 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
23:31:23.0343 3340 vToolbarUpdater10.2.0 - ok
23:31:23.0390 3340 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
23:31:23.0390 3340 W32Time - ok
23:31:23.0437 3340 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:31:23.0437 3340 Wanarp - ok
23:31:23.0453 3340 WDICA - ok
23:31:23.0531 3340 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:31:23.0531 3340 wdmaud - ok
23:31:23.0546 3340 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
23:31:23.0562 3340 WebClient - ok
23:31:23.0687 3340 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:31:23.0781 3340 winachsf - ok
23:31:23.0875 3340 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:31:23.0890 3340 winmgmt - ok
23:31:23.0937 3340 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
23:31:23.0937 3340 WmdmPmSN - ok
23:31:24.0046 3340 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
23:31:24.0062 3340 Wmi - ok
23:31:24.0125 3340 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:31:24.0125 3340 WmiApSrv - ok
23:31:24.0406 3340 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:31:24.0437 3340 WPFFontCache_v0400 - ok
23:31:24.0500 3340 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
23:31:24.0515 3340 wscsvc - ok
23:31:24.0593 3340 WSIMD (7a36f3083e28405d6c5ecdb942513c3b) C:\WINDOWS\system32\DRIVERS\wsimd.sys
23:31:24.0593 3340 WSIMD - ok
23:31:24.0796 3340 WSWNA1100 (35a20217c4d06d1d36a3addfd8ce58c2) C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
23:31:24.0796 3340 WSWNA1100 - ok
23:31:24.0859 3340 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
23:31:24.0859 3340 wuauserv - ok
23:31:24.0953 3340 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
23:31:24.0968 3340 WZCSVC - ok
23:31:25.0031 3340 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
23:31:25.0031 3340 xmlprov - ok
23:31:25.0078 3340 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:31:25.0359 3340 \Device\Harddisk0\DR0 - ok
23:31:25.0359 3340 Boot (0x1200) (d140f7f2b986b427f92c4f53ebd47398) \Device\Harddisk0\DR0\Partition0
23:31:25.0359 3340 \Device\Harddisk0\DR0\Partition0 - ok
23:31:25.0375 3340 ============================================================
23:31:25.0375 3340 Scan finished
23:31:25.0375 3340 ============================================================
23:31:25.0390 2192 Detected object count: 0
23:31:25.0390 2192 Actual detected object count: 0
23:32:20.0906 5952 ============================================================
23:32:20.0906 5952 Scan started
23:32:20.0906 5952 Mode: Manual; SigCheck; TDLFS;
23:32:20.0906 5952 ============================================================
23:32:21.0312 5952 Abiosdsk - ok
23:32:21.0328 5952 abp480n5 - ok
23:32:21.0390 5952 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:32:24.0171 5952 ACPI - ok
23:32:24.0218 5952 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:32:24.0453 5952 ACPIEC - ok
23:32:24.0546 5952 ACS (4acf9052a6355d1530cf782e0919c5b4) C:\WINDOWS\system32\acs.exe
23:32:24.0609 5952 ACS ( UnsignedFile.Multi.Generic ) - warning
23:32:24.0625 5952 ACS - detected UnsignedFile.Multi.Generic (1)
23:32:24.0625 5952 adpu160m - ok
23:32:24.0703 5952 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:32:24.0937 5952 aec - ok
23:32:25.0015 5952 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:32:25.0109 5952 AFD - ok
23:32:25.0125 5952 Aha154x - ok
23:32:25.0140 5952 aic78u2 - ok
23:32:25.0140 5952 aic78xx - ok
23:32:25.0187 5952 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
23:32:25.0390 5952 Alerter - ok
23:32:25.0421 5952 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
23:32:25.0500 5952 ALG - ok
23:32:25.0515 5952 AliIde - ok
23:32:25.0531 5952 amsint - ok
23:32:25.0703 5952 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:32:25.0734 5952 Apple Mobile Device - ok
23:32:25.0781 5952 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
23:32:25.0906 5952 AppMgmt - ok
23:32:26.0156 5952 AR9271 (3bc98a53c0abe3feb3b2b9b3bd9e7aa5) C:\WINDOWS\system32\DRIVERS\athuw.sys
23:32:26.0375 5952 AR9271 - ok
23:32:26.0515 5952 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:32:26.0718 5952 Arp1394 - ok
23:32:26.0734 5952 asc - ok
23:32:26.0734 5952 asc3350p - ok
23:32:26.0750 5952 asc3550 - ok
23:32:26.0875 5952 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:32:26.0890 5952 aspnet_state - ok
23:32:26.0937 5952 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:32:27.0156 5952 AsyncMac - ok
23:32:27.0250 5952 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:32:27.0484 5952 atapi - ok
23:32:27.0500 5952 Atdisk - ok
23:32:27.0546 5952 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:32:27.0781 5952 Atmarpc - ok
23:32:27.0828 5952 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
23:32:28.0062 5952 AudioSrv - ok
23:32:28.0125 5952 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:32:28.0328 5952 audstub - ok
23:32:28.0937 5952 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
23:32:29.0265 5952 AVGIDSAgent - ok
23:32:29.0437 5952 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
23:32:29.0656 5952 AVGIDSDriver - ok
23:32:29.0687 5952 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
23:32:29.0703 5952 AVGIDSEH - ok
23:32:29.0734 5952 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
23:32:29.0765 5952 AVGIDSFilter - ok
23:32:29.0828 5952 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
23:32:29.0843 5952 AVGIDSShim - ok
23:32:29.0921 5952 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
23:32:29.0953 5952 Avgldx86 - ok
23:32:29.0984 5952 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
23:32:30.0000 5952 Avgmfx86 - ok
23:32:30.0031 5952 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
23:32:30.0046 5952 Avgrkx86 - ok
23:32:30.0109 5952 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
23:32:30.0140 5952 Avgtdix - ok
23:32:30.0343 5952 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
23:32:30.0375 5952 avgwd - ok
23:32:30.0437 5952 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
23:32:30.0500 5952 bcm4sbxp - ok
23:32:30.0562 5952 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:32:30.0812 5952 Beep - ok
23:32:30.0906 5952 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
23:32:31.0156 5952 BITS - ok
23:32:31.0234 5952 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
23:32:31.0265 5952 Bonjour Service - ok
23:32:31.0343 5952 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
23:32:31.0609 5952 Browser - ok
23:32:31.0625 5952 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:32:31.0890 5952 cbidf2k - ok
23:32:31.0906 5952 cd20xrnt - ok
23:32:31.0937 5952 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:32:32.0187 5952 Cdaudio - ok
23:32:32.0218 5952 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:32:32.0437 5952 Cdfs - ok
23:32:32.0453 5952 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:32:32.0718 5952 Cdrom - ok
23:32:32.0734 5952 Changer - ok
23:32:32.0765 5952 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
23:32:33.0000 5952 CiSvc - ok
23:32:33.0046 5952 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
23:32:33.0328 5952 ClipSrv - ok
23:32:33.0437 5952 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:32:33.0468 5952 clr_optimization_v4.0.30319_32 - ok
23:32:33.0500 5952 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:32:33.0734 5952 CmBatt - ok
23:32:33.0734 5952 CmdIde - ok
23:32:33.0781 5952 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:32:34.0015 5952 Compbatt - ok
23:32:34.0015 5952 COMSysApp - ok
23:32:34.0046 5952 Cpqarray - ok
23:32:34.0093 5952 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
23:32:34.0375 5952 CryptSvc - ok
23:32:34.0375 5952 dac2w2k - ok
23:32:34.0390 5952 dac960nt - ok
23:32:34.0828 5952 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
23:32:34.0984 5952 DcomLaunch - ok
23:32:35.0015 5952 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
23:32:35.0203 5952 Dhcp - ok
23:32:35.0218 5952 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:32:35.0484 5952 Disk - ok
23:32:35.0500 5952 dmadmin - ok
23:32:35.0625 5952 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:32:35.0937 5952 dmboot - ok
23:32:36.0000 5952 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:32:36.0281 5952 dmio - ok
23:32:36.0312 5952 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:32:36.0578 5952 dmload - ok
23:32:36.0640 5952 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
23:32:36.0906 5952 dmserver - ok
23:32:36.0968 5952 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:32:37.0250 5952 DMusic - ok
23:32:37.0328 5952 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
23:32:37.0453 5952 Dnscache - ok
23:32:37.0484 5952 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
23:32:37.0750 5952 Dot3svc - ok
23:32:37.0765 5952 dpti2o - ok
23:32:37.0812 5952 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:32:38.0046 5952 drmkaud - ok
23:32:38.0093 5952 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
23:32:38.0312 5952 EapHost - ok
23:32:38.0343 5952 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
23:32:38.0593 5952 ERSvc - ok
23:32:38.0640 5952 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:32:38.0671 5952 Eventlog - ok
23:32:38.0734 5952 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
23:32:38.0812 5952 EventSystem - ok
23:32:38.0875 5952 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:32:39.0109 5952 Fastfat - ok
23:32:39.0171 5952 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:32:39.0250 5952 FastUserSwitchingCompatibility - ok
23:32:39.0265 5952 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
23:32:39.0515 5952 Fdc - ok
23:32:39.0546 5952 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:32:39.0796 5952 Fips - ok
23:32:39.0812 5952 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:32:40.0062 5952 Flpydisk - ok
23:32:40.0125 5952 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:32:40.0375 5952 FltMgr - ok
23:32:40.0453 5952 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:32:40.0671 5952 Fs_Rec - ok
23:32:40.0718 5952 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:32:41.0015 5952 Ftdisk - ok
23:32:41.0062 5952 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:32:41.0078 5952 GEARAspiWDM - ok
23:32:41.0140 5952 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:32:41.0375 5952 Gpc - ok
23:32:41.0453 5952 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:32:41.0703 5952 helpsvc - ok
23:32:41.0718 5952 HidServ - ok
23:32:41.0750 5952 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:32:41.0984 5952 hidusb - ok
23:32:42.0015 5952 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
23:32:42.0312 5952 hkmsvc - ok
23:32:42.0328 5952 hpn - ok
23:32:42.0734 5952 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
23:32:42.0796 5952 HSFHWICH - ok
23:32:42.0937 5952 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
23:32:43.0015 5952 HSF_DPV - ok
23:32:43.0093 5952 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:32:43.0171 5952 HTTP - ok
23:32:43.0218 5952 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
23:32:43.0453 5952 HTTPFilter - ok
23:32:43.0468 5952 i2omgmt - ok
23:32:43.0468 5952 i2omp - ok
23:32:43.0531 5952 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:32:43.0765 5952 i8042prt - ok
23:32:44.0000 5952 ialm (da91f5385cfc8ba0f110f2fde112b563) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
23:32:44.0218 5952 ialm - ok
23:32:44.0296 5952 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:32:44.0546 5952 Imapi - ok
23:32:44.0828 5952 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
23:32:45.0046 5952 ImapiService - ok
23:32:45.0078 5952 ini910u - ok
23:32:45.0093 5952 IntelIde - ok
23:32:45.0109 5952 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:32:45.0359 5952 intelppm - ok
23:32:45.0406 5952 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:32:45.0656 5952 Ip6Fw - ok
23:32:45.0718 5952 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:32:45.0953 5952 IpFilterDriver - ok
23:32:45.0984 5952 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:32:46.0218 5952 IpInIp - ok
23:32:46.0281 5952 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:32:46.0546 5952 IpNat - ok
23:32:46.0812 5952 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
23:32:46.0890 5952 iPod Service - ok
23:32:46.0921 5952 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:32:47.0156 5952 IPSec - ok
23:32:47.0203 5952 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:32:47.0296 5952 IRENUM - ok
23:32:47.0375 5952 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:32:47.0609 5952 isapnp - ok
23:32:47.0750 5952 JavaQuickStarterService (8c5c59e1921eca3607390a1f641556df) C:\Program Files\Java\jre7\bin\jqs.exe
23:32:47.0781 5952 JavaQuickStarterService - ok
23:32:47.0906 5952 jswpsapi (ad7c73c72480eecb7675c90eb565e7cb) C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe
23:32:47.0937 5952 jswpsapi ( UnsignedFile.Multi.Generic ) - warning
23:32:47.0937 5952 jswpsapi - detected UnsignedFile.Multi.Generic (1)
23:32:48.0015 5952 JSWSCIMD (ad67795900aa8c05cc4570f5349e0639) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
23:32:48.0062 5952 JSWSCIMD - ok
23:32:48.0125 5952 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:32:48.0390 5952 Kbdclass - ok
23:32:48.0468 5952 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:32:48.0671 5952 kmixer - ok
23:32:48.0687 5952 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:32:48.0750 5952 KSecDD - ok
23:32:48.0828 5952 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
23:32:49.0625 5952 LanmanServer ( UnsignedFile.Multi.Generic ) - warning
23:32:49.0625 5952 LanmanServer - detected UnsignedFile.Multi.Generic (1)
23:32:49.0703 5952 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
23:32:49.0781 5952 lanmanworkstation - ok
23:32:49.0796 5952 lbrtfdc - ok
23:32:49.0875 5952 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
23:32:50.0078 5952 LmHosts - ok
23:32:50.0125 5952 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
23:32:50.0156 5952 MBAMProtector - ok
23:32:50.0234 5952 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:32:50.0328 5952 MBAMService - ok
23:32:50.0359 5952 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:32:50.0406 5952 mdmxsdk - ok
23:32:50.0437 5952 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
23:32:50.0671 5952 Messenger - ok
23:32:50.0718 5952 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:32:50.0890 5952 mnmdd - ok
23:32:50.0953 5952 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
23:32:51.0203 5952 mnmsrvc - ok
23:32:51.0250 5952 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:32:51.0421 5952 Modem - ok
23:32:51.0453 5952 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:32:51.0656 5952 Mouclass - ok
23:32:51.0687 5952 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:32:51.0906 5952 mouhid - ok
23:32:51.0921 5952 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:32:52.0140 5952 MountMgr - ok
23:32:52.0218 5952 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:32:52.0250 5952 MozillaMaintenance - ok
23:32:52.0265 5952 mraid35x - ok
23:32:52.0312 5952 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:32:52.0531 5952 MRxDAV - ok
23:32:52.0625 5952 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:32:52.0718 5952 MRxSmb - ok
23:32:52.0750 5952 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
23:32:52.0984 5952 MSDTC - ok
23:32:53.0015 5952 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:32:53.0250 5952 Msfs - ok
23:32:53.0265 5952 MSIServer - ok
23:32:53.0312 5952 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:32:53.0546 5952 MSKSSRV - ok
23:32:53.0593 5952 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:32:53.0828 5952 MSPCLOCK - ok
23:32:53.0843 5952 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:32:54.0078 5952 MSPQM - ok
23:32:54.0093 5952 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:32:54.0296 5952 mssmbios - ok
23:32:54.0343 5952 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:32:54.0406 5952 Mup - ok
23:32:54.0484 5952 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
23:32:54.0703 5952 napagent - ok
23:32:54.0734 5952 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:32:54.0984 5952 NDIS - ok
23:32:55.0031 5952 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:32:55.0109 5952 NdisTapi - ok
23:32:55.0140 5952 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:32:55.0343 5952 Ndisuio - ok
23:32:55.0375 5952 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:32:55.0609 5952 NdisWan - ok
23:32:55.0671 5952 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:32:55.0703 5952 NDProxy - ok
23:32:55.0718 5952 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:32:55.0921 5952 NetBIOS - ok
23:32:55.0953 5952 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:32:56.0203 5952 NetBT - ok
23:32:56.0234 5952 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:32:56.0437 5952 NetDDE - ok
23:32:56.0453 5952 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:32:56.0703 5952 NetDDEdsdm - ok
23:32:56.0750 5952 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:32:56.0921 5952 Netlogon - ok
23:32:56.0968 5952 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
23:32:57.0218 5952 Netman - ok
23:32:57.0343 5952 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:32:57.0390 5952 NetTcpPortSharing - ok
23:32:57.0437 5952 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:32:57.0671 5952 NIC1394 - ok
23:32:57.0750 5952 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
23:32:57.0781 5952 Nla - ok
23:32:57.0937 5952 NMSAccess (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Program Files\CDBurnerXP\NMSAccessU.exe
23:32:57.0968 5952 NMSAccess - ok
23:32:58.0000 5952 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:32:58.0218 5952 Npfs - ok
23:32:58.0296 5952 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:32:58.0500 5952 Ntfs - ok
23:32:58.0500 5952 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:32:58.0750 5952 NtLmSsp - ok
23:32:58.0812 5952 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
23:32:59.0015 5952 NtmsSvc - ok
23:32:59.0046 5952 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:32:59.0250 5952 Null - ok
23:32:59.0296 5952 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:32:59.0484 5952 NwlnkFlt - ok
23:32:59.0484 5952 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:32:59.0750 5952 NwlnkFwd - ok
23:32:59.0781 5952 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:33:00.0000 5952 ohci1394 - ok
23:33:00.0046 5952 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
23:33:00.0265 5952 Parport - ok
23:33:00.0281 5952 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:33:00.0484 5952 PartMgr - ok
23:33:00.0515 5952 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:33:00.0734 5952 ParVdm - ok
23:33:00.0765 5952 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:33:00.0984 5952 PCI - ok
23:33:01.0000 5952 PCIDump - ok
23:33:01.0031 5952 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:33:01.0250 5952 PCIIde - ok
23:33:01.0281 5952 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:33:01.0484 5952 Pcmcia - ok
23:33:01.0500 5952 PDCOMP - ok
23:33:01.0515 5952 PDFRAME - ok
23:33:01.0531 5952 PDRELI - ok
23:33:01.0531 5952 PDRFRAME - ok
23:33:01.0546 5952 perc2 - ok
23:33:01.0562 5952 perc2hib - ok
23:33:01.0656 5952 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:33:01.0703 5952 PlugPlay - ok
23:33:01.0703 5952 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:33:01.0921 5952 PolicyAgent - ok
23:33:01.0968 5952 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:33:02.0203 5952 PptpMiniport - ok
23:33:02.0218 5952 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:33:02.0406 5952 ProtectedStorage - ok
23:33:02.0718 5952 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:33:02.0937 5952 PSched - ok
23:33:02.0968 5952 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:33:03.0187 5952 Ptilink - ok
23:33:03.0203 5952 ql1080 - ok
23:33:03.0218 5952 Ql10wnt - ok
23:33:03.0234 5952 ql12160 - ok
23:33:03.0250 5952 ql1240 - ok
23:33:03.0265 5952 ql1280 - ok
23:33:03.0296 5952 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:33:03.0484 5952 RasAcd - ok
23:33:03.0531 5952 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
23:33:03.0750 5952 RasAuto - ok
23:33:03.0781 5952 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:33:04.0000 5952 Rasl2tp - ok
23:33:04.0046 5952 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
23:33:04.0234 5952 RasMan - ok
23:33:04.0250 5952 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:33:04.0468 5952 RasPppoe - ok
23:33:04.0500 5952 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:33:04.0703 5952 Raspti - ok
23:33:04.0750 5952 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:33:04.0968 5952 Rdbss - ok
23:33:05.0000 5952 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:33:05.0203 5952 RDPCDD - ok
23:33:05.0234 5952 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:33:05.0468 5952 rdpdr - ok
23:33:05.0546 5952 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
23:33:05.0609 5952 RDPWD - ok
23:33:05.0687 5952 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
23:33:05.0921 5952 RDSessMgr - ok
23:33:05.0968 5952 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:33:06.0203 5952 redbook - ok
23:33:06.0250 5952 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
23:33:06.0453 5952 RemoteAccess - ok
23:33:06.0500 5952 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
23:33:06.0703 5952 RemoteRegistry - ok
23:33:06.0750 5952 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
23:33:06.0953 5952 RpcLocator - ok
23:33:07.0062 5952 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
23:33:07.0109 5952 RpcSs - ok
23:33:07.0140 5952 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
23:33:07.0328 5952 RSVP - ok
23:33:07.0375 5952 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:33:07.0593 5952 SamSs - ok
23:33:07.0625 5952 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
23:33:07.0843 5952 SCardSvr - ok
23:33:07.0906 5952 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
23:33:08.0140 5952 Schedule - ok
23:33:08.0187 5952 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
23:33:08.0390 5952 sdbus - ok
23:33:08.0437 5952 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:33:08.0515 5952 Secdrv - ok
23:33:08.0562 5952 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
23:33:08.0765 5952 seclogon - ok
23:33:08.0812 5952 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
23:33:09.0015 5952 SENS - ok
23:33:09.0046 5952 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
23:33:09.0250 5952 Serial - ok
23:33:09.0296 5952 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:33:09.0468 5952 Sfloppy - ok
23:33:09.0578 5952 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
23:33:09.0796 5952 SharedAccess - ok
23:33:09.0843 5952 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:33:09.0906 5952 ShellHWDetection - ok
23:33:09.0921 5952 Simbad - ok
23:33:09.0937 5952 Sparrow - ok
23:33:10.0015 5952 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:33:10.0250 5952 splitter - ok
23:33:10.0312 5952 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
23:33:10.0390 5952 Spooler - ok
23:33:10.0453 5952 Sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:33:10.0546 5952 Sr - ok
23:33:10.0578 5952 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
23:33:10.0671 5952 srservice - ok
23:33:10.0765 5952 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:33:10.0828 5952 Srv - ok
23:33:10.0859 5952 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
23:33:10.0984 5952 SSDPSRV - ok
23:33:11.0046 5952 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
23:33:11.0140 5952 STAC97 - ok
23:33:11.0187 5952 StarOpen (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys
23:33:11.0218 5952 StarOpen ( UnsignedFile.Multi.Generic ) - warning
23:33:11.0218 5952 StarOpen - detected UnsignedFile.Multi.Generic (1)
23:33:11.0312 5952 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
23:33:11.0515 5952 stisvc - ok
23:33:11.0578 5952 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:33:11.0812 5952 swenum - ok
23:33:11.0859 5952 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:33:12.0062 5952 swmidi - ok
23:33:12.0078 5952 SwPrv - ok
23:33:12.0093 5952 symc810 - ok
23:33:12.0109 5952 symc8xx - ok
23:33:12.0125 5952 sym_hi - ok
23:33:12.0140 5952 sym_u3 - ok
23:33:12.0203 5952 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:33:12.0484 5952 sysaudio - ok
23:33:12.0546 5952 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
23:33:12.0750 5952 SysmonLog - ok
23:33:12.0812 5952 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
23:33:13.0046 5952 TapiSrv - ok
23:33:13.0125 5952 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:33:13.0171 5952 Tcpip - ok
23:33:13.0234 5952 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:33:13.0437 5952 TDPIPE - ok
23:33:13.0484 5952 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:33:13.0718 5952 TDTCP - ok
23:33:13.0734 5952 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:33:13.0921 5952 TermDD - ok
23:33:14.0000 5952 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
23:33:14.0234 5952 TermService - ok
23:33:14.0312 5952 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:33:14.0343 5952 Themes - ok
23:33:14.0390 5952 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
23:33:14.0515 5952 TlntSvr - ok
23:33:14.0531 5952 TosIde - ok
23:33:14.0562 5952 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
23:33:14.0812 5952 TrkWks - ok
23:33:14.0859 5952 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:33:15.0062 5952 Udfs - ok
23:33:15.0078 5952 UIUSys - ok
23:33:15.0093 5952 ultra - ok
23:33:15.0203 5952 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:33:15.0437 5952 Update - ok
23:33:15.0484 5952 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
23:33:15.0609 5952 upnphost - ok
23:33:15.0656 5952 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
23:33:15.0843 5952 UPS - ok
23:33:15.0843 5952 USBAAPL - ok
23:33:15.0906 5952 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:33:16.0109 5952 usbehci - ok
23:33:16.0125 5952 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:33:16.0343 5952 usbhub - ok
23:33:16.0390 5952 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:33:16.0578 5952 USBSTOR - ok
23:33:16.0640 5952 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:33:16.0843 5952 usbuhci - ok
23:33:16.0859 5952 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:33:17.0078 5952 VgaSave - ok
23:33:17.0093 5952 ViaIde - ok
23:33:17.0140 5952 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:33:17.0375 5952 VolSnap - ok
23:33:17.0421 5952 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
23:33:17.0515 5952 VSS - ok
23:33:17.0750 5952 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
23:33:17.0875 5952 vToolbarUpdater10.2.0 - ok
23:33:17.0906 5952 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
23:33:18.0093 5952 W32Time - ok
23:33:18.0140 5952 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:33:18.0375 5952 Wanarp - ok
23:33:18.0390 5952 WDICA - ok
23:33:18.0453 5952 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:33:18.0656 5952 wdmaud - ok
23:33:18.0703 5952 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
23:33:18.0921 5952 WebClient - ok
23:33:19.0031 5952 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:33:19.0109 5952 winachsf - ok
23:33:19.0203 5952 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:33:19.0406 5952 winmgmt - ok
23:33:19.0484 5952 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
23:33:19.0750 5952 WmdmPmSN - ok
23:33:19.0859 5952 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
23:33:19.0953 5952 Wmi - ok
23:33:20.0000 5952 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:33:20.0187 5952 WmiApSrv - ok
23:33:20.0453 5952 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:33:20.0531 5952 WPFFontCache_v0400 - ok
23:33:20.0593 5952 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
23:33:20.0828 5952 wscsvc - ok
23:33:20.0921 5952 WSIMD (7a36f3083e28405d6c5ecdb942513c3b) C:\WINDOWS\system32\DRIVERS\wsimd.sys
23:33:20.0937 5952 WSIMD ( UnsignedFile.Multi.Generic ) - warning
23:33:20.0937 5952 WSIMD - detected UnsignedFile.Multi.Generic (1)
23:33:21.0125 5952 WSWNA1100 (35a20217c4d06d1d36a3addfd8ce58c2) C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
23:33:21.0171 5952 WSWNA1100 ( UnsignedFile.Multi.Generic ) - warning
23:33:21.0171 5952 WSWNA1100 - detected UnsignedFile.Multi.Generic (1)
23:33:21.0250 5952 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
23:33:21.0453 5952 wuauserv - ok
23:33:21.0546 5952 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
23:33:21.0750 5952 WZCSVC - ok
23:33:21.0796 5952 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
23:33:22.0000 5952 xmlprov - ok
23:33:22.0046 5952 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:33:22.0375 5952 \Device\Harddisk0\DR0 - ok
23:33:22.0390 5952 Boot (0x1200) (d140f7f2b986b427f92c4f53ebd47398) \Device\Harddisk0\DR0\Partition0
23:33:22.0390 5952 \Device\Harddisk0\DR0\Partition0 - ok
23:33:22.0390 5952 ============================================================
23:33:22.0390 5952 Scan finished
23:33:22.0390 5952 ============================================================
23:33:22.0531 5940 Detected object count: 6
23:33:22.0531 5940 Actual detected object count: 6
23:35:51.0703 5940 ACS ( UnsignedFile.Multi.Generic ) - skipped by user
23:35:51.0703 5940 ACS ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:35:51.0703 5940 jswpsapi ( UnsignedFile.Multi.Generic ) - skipped by user
23:35:51.0703 5940 jswpsapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:35:51.0703 5940 LanmanServer ( UnsignedFile.Multi.Generic ) - skipped by user
23:35:51.0703 5940 LanmanServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:35:51.0703 5940 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
23:35:51.0703 5940 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:35:51.0718 5940 WSIMD ( UnsignedFile.Multi.Generic ) - skipped by user
23:35:51.0718 5940 WSIMD ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:35:51.0718 5940 WSWNA1100 ( UnsignedFile.Multi.Generic ) - skipped by user
23:35:51.0718 5940 WSWNA1100 ( UnsignedFile.Multi.Generic ) - User select action: Skip

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 AM

Posted 16 May 2012 - 07:25 AM

Before I downloaded the AVAST,
When you download aswMBR you have an option to download AVAST deny it.
===

All the other tools should work well with one and other.

===

Looking at the Security log you have many Java programs running.

You should remove these old versions using the Add/Remove programs list.
Java™ 6 Update 24
Java™ 6 Update 30
Java™ 6 Update 31


Java™ 7 Update 4 Keep this one it's the latest.

Unless you do development work in Java you do not need these. Remove the also using the Add/Remove programs list.
JavaFX 2.1.0
JavaFX 2.1.0 SDK
Java SE Development Kit 7 Update 4

===

Please post the aswMBR log and let me know what problem persists with this computer.

#9 branch

branch
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 AM

Posted 19 May 2012 - 05:15 AM

NASDAQ:

I opened the aswMBR.exe and performed the scan. I denied AVAST. It's now under my DeskTop and the file is attached below. Note, I did not fix after the scan. Also, I did not quarantine or delete any malware from TDDSkiller.exe. After reviewing the attached file, please let me know if these actions need to be executed.

As for the JAVA applications, I realize there is more than 1. I had issues with Internet Explorer due to registry problems. Java or Adobe Flash Player would not reload. Therefore, I went to Mozilla Firefox to upload Java. Adobe Flash Player still continues to not work with Mozilla. The plug-in can not be added. Downloaded a different flash program, but still compatibility issues.

The registry problems are causing issues with my USB device as well. My IPOD still does not open in iTunes. I reinstalled iTunes, but still nothing.
I ran a command prompt to USB devices and see a yellow triangular icon with an exclamation point inside the symbol. I can not open or make sense out of this problem.

Thanks for helping.

#10 branch

branch
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 AM

Posted 19 May 2012 - 05:27 AM

NASDAQ:

Compressed file is attached below.

Branch

Attached Files

  • Attached File  MBR.zip   498bytes   1 downloads


#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 AM

Posted 19 May 2012 - 08:47 AM

Upon completion of the scan, click Save log, and save it to your desktop.

Can I see the log from aswMBR. I got the .dat file ok.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#12 branch

branch
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 AM

Posted 22 May 2012 - 03:21 AM

NASDAQ:

Here is the aswMBR file copied. I will perform the combo fix and take off the spyware/antivirus this afternoon. Your work is appreciated in this matter. I will give all other data as requested. What spyware/antivirus software should be kept on my labtop after these procedures? Again, sorry for the delay, but my computer is running slow.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-19 04:40:04
-----------------------------
04:40:04.671 OS Version: Windows 5.1.2600 Service Pack 3
04:40:04.671 Number of processors: 1 586 0xD08
04:40:04.671 ComputerName: OWNER-702859C76 UserName: User
04:40:18.671 Initialize success
04:41:10.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
04:41:10.703 Disk 0 Vendor: WDC_WD400VE-75HDT1 11.07D11 Size: 38154MB BusType: 3
04:41:10.718 Disk 0 MBR read successfully
04:41:10.718 Disk 0 MBR scan
04:41:10.734 Disk 0 Windows XP default MBR code
04:41:10.734 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38146 MB offset 63
04:41:10.734 Disk 0 scanning sectors +78124095
04:41:10.859 Disk 0 scanning C:\WINDOWS\system32\drivers
04:41:24.859 Service scanning
04:41:42.031 Modules scanning
04:41:56.406 Disk 0 trace - called modules:
04:41:56.453 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
04:41:56.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8237c9c0]
04:41:56.468 3 CLASSPNP.SYS[f84d2fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x823d04e8]
04:41:56.546 Scan finished successfully
04:44:06.984 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
04:44:06.984 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 AM

Posted 22 May 2012 - 08:33 AM

If after running the tools I suggested you still have some problems I suggest you check the status of the files for the operating system.

How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
http://support.microsoft.com/kb/929833

As for what you should keep I will give you advice when this is over.

#14 branch

branch
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 AM

Posted 23 May 2012 - 04:23 AM

NASDAQ:

I told you this past afternoon, but there is a question that I needed to address. The Malwarebytes is not a problem disabling from the system tray icon. On the other hand, I could not right click on AVG's icon. Therefore, I went to the AVG USER INTERFACE.

My question is this, do I disable the AVG's resident shield or the entire protection under tool's advanced settings? I will follow-up and load COMBOFIX. I'm sure it's the latter.

Note: I would like to mention that a friend gave a CD-R disk of UBUNTO version 10.04 (similar to Linux). I figured if the COMBOFIX does not resolve everything, this is an option. Unfortunately, I will lose disk space if I keep Windows XP and UBUNTO. I do not have a backup. Hopefully, this will not be necessary. I do have the re-installation CD, but it's service pack 2. Service pack 3 is on my DELL-Inspiron 6000 presently. A technician from a local computer store loaded it. I have no CD for this one.

Thank you for your patience in this matter. I'm sure you have dealt with more problematic clients.

BRANCH

#15 branch

branch
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 AM

Posted 23 May 2012 - 05:19 AM

NASDAQ:

I decided to save you the time. I used the advanced settings and disabled the AVG'S entire protection, instead of the resident shield. It gave me the choice of 5,10,15 minutes for the duration. I picked 15 min, but it did come back up during COMBOFIX's preparation the log. The scanning just did clear. I allowed AVG to continue the completion of the log txt. The file is copied below. I will send checkup.txt in next post.

ComboFix 12-05-23.01 - User 05/23/2012 4:39.1.1 - x86
Running from: c:\documents and settings\User\My Documents\Downloads\ComboFix.exe
c:\windows\system32\vbscript.dll is missing
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\User\My Documents\Downloads\PowerPointViewer.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\3fd2e0d1be879e43.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\bc294a929808abc5.fb
c:\windows\system32\Cache\c1bd226c26fbebb7.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f4ed2ec388c34f0b.fb
.
.
((((((((((((((((((((((((( Files Created from 2012-04-23 to 2012-05-23 )))))))))))))))))))))))))))))))
.
.
2012-05-18 20:54 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-05-18 20:54 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-05-18 20:53 . 2012-05-18 20:53 -------- d-----w- c:\program files\iPod
2012-05-18 20:52 . 2012-05-18 20:54 -------- d-----w- c:\program files\iTunes
2012-05-16 02:13 . 2012-05-16 02:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentControl2
2012-05-16 02:13 . 2012-05-16 02:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2012-05-15 10:01 . 2012-05-15 10:01 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-02 04:14 . 2012-03-13 04:38 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-05-01 20:22 . 2012-05-01 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-05-01 20:18 . 2012-05-01 20:18 -------- d-----w- c:\documents and settings\User\Application Data\OpenOffice.org
2012-05-01 08:26 . 2012-05-01 08:26 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2012-05-01 08:25 . 2012-05-23 08:33 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2012-05-01 08:25 . 2012-05-01 08:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-01 08:25 . 2012-05-01 08:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-01 08:25 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-30 20:13 . 2012-04-30 20:13 -------- d-----w- c:\documents and settings\User\Application Data\AVG Secure Search
2012-04-30 20:13 . 2012-04-30 20:13 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-04-30 20:13 . 2012-05-01 20:24 -------- d-----w- c:\program files\AVG Secure Search
2012-04-30 20:10 . 2012-05-23 05:03 -------- d-----w- c:\windows\system32\drivers\AVG
2012-04-30 20:09 . 2012-04-30 20:09 -------- d-----w- c:\program files\AVG
2012-04-29 21:29 . 2012-04-29 21:30 -------- d-----w- c:\program files\Oracle
2012-04-29 21:29 . 2012-04-29 21:29 -------- d-----w- c:\documents and settings\User\Application Data\Oracle
2012-04-29 21:28 . 2012-04-29 21:27 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-29 21:28 . 2012-04-04 23:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-04-29 20:55 . 2012-04-30 00:33 -------- d-----w- c:\program files\FrostWire
2012-04-27 23:08 . 2012-04-27 23:08 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Google
2012-04-27 23:08 . 2012-04-27 23:08 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\CRE
2012-04-27 23:08 . 2012-04-29 20:49 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\uTorrentControl2
2012-04-27 23:08 . 2012-04-27 23:08 -------- d-----w- c:\program files\uTorrentControl2
2012-04-27 22:27 . 2012-04-27 22:27 -------- d-----w- c:\documents and settings\User\Application Data\Curiolab
2012-04-26 09:58 . 2012-04-26 09:58 -------- d-----w- c:\documents and settings\User\Application Data\Lavasoft
2012-04-26 03:32 . 2012-04-26 03:32 -------- d-----w- c:\documents and settings\User\Application Data\PC Cleaners
2012-04-26 03:32 . 2012-04-26 03:32 -------- d-----w- c:\documents and settings\User\Application Data\PCPro
2012-04-26 03:32 . 2012-04-26 03:32 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-22 09:11 . 2012-04-22 09:11 0 ----a-w- c:\windows\system32\REN58.tmp
2012-04-22 09:11 . 2012-04-22 09:11 0 ----a-w- c:\windows\system32\REN57.tmp
2012-04-22 09:11 . 2012-04-22 09:11 0 ----a-w- c:\windows\system32\REN56.tmp
2012-04-13 15:11 . 2012-04-13 15:11 715038 ----a-w- c:\windows\unins000.exe
2012-04-11 13:12 . 2008-04-14 06:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2008-04-14 05:57 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2008-04-14 00:01 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 23:47 . 2012-04-13 15:41 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-01 11:01 . 2009-03-09 14:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2009-03-09 14:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2009-03-09 14:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2008-04-14 10:42 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-14 10:41 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2009-03-09 14:31 385024 ------w- c:\windows\system32\html.iec
2012-05-15 10:00 . 2012-05-02 04:14 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-03-09 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-05-01 20:24 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-05-01 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{687578B9-7132-4A7A-80E4-30EE31099E03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-05-15 880496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2009-03-09 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2009-03-09 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2009-03-09 118784]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-05-01 982880]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=TlVIRDQtWUg5UEUtTzNQNEUtUVJERUstR0RKWjctVk9YVUw&inst=NzctMTI0NTk5NjA3MS1TVDEyRkFQUCsxLUREVCswLUVVTEErMQ&prod=55&ver=2012.0.1809&mid=15c2d5dabb8747d0904fd15d643bfac2-2404027c94af33b94b09ca06f24ae5ce12944c59" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNA1100\jswpsapi.exe [2009-11-05 360529]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-15 129976]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-05-01 918880]
S2 WSWNA1100;WSWNA1100;c:\program files\NETGEAR\WNA1100\WifiSvc.exe [2010-08-04 266240]
S3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athuw.sys [2010-10-01 1759584]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 JSWSCIMD;jswscimd Service;c:\windows\system32\DRIVERS\jswscimd.sys [2008-09-25 57440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-05-23 c:\windows\Tasks\User_Feed_Synchronization-{66C3A58A-F012-438E-9F0C-5D08E8CA250E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-09 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/chrome/eula.html?hl=en&brand=CHFX&utm_campaign=en&utm_source=en-oa-na-us-bk-bng&utm_medium=oa&installdataindex=homepagepromo
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\ingmq1zu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bec0ca9c7-047e-4bdd-b04d-f402239733b2%7D&mid=15c2d5dabb8747d0904fd15d643bfac2-2404027c94af33b94b09ca06f24ae5ce12944c59&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2012-04-30%2015%3A13%3A32&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKLM-Run-New Value #1 - (no file)
HKU-Default-Run-Update - c:\documents and settings\User\Application Data\AVG Secure Search\AVG Secure Search\kmzkybj.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-23 04:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-05-23 05:01:37
ComboFix-quarantined-files.txt 2012-05-23 10:01
.
Pre-Run: 10,538,237,952 bytes free
Post-Run: 10,761,658,368 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - D35C293155A6910A6FDD1F8F9BF70813




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users