Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Infection


  • Please log in to reply
19 replies to this topic

#1 Brewsky

Brewsky

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 11 May 2012 - 07:32 AM

I have encountered a mean one. This started after I visted a site. My Avast Antivirus is popping up with a Malicious URL Blocker. Is says "
Object Http:\\and various websites.
URL:MAL
C:\\windows\system32\svchost.exe

When I launch IE 8, I get an Add On box that pops up telling me to select my search provider. Google was #1 and Bing was #2. But Bing is now selected, is not the default, but I cannot change or delete the search providers.

I ran Malwarebytes in Chameleon mode and it found the following:
RootKit.0Access
Trojan.Medfos
Trojan.Agent.H

I let Malware remove the files and rebooted.

The problem is still there. Oh, and this PC is running very slow.

Oh I also tried to restore from an earlier restore point and that didn't fix it. And I tried to restore to factory default from D: and it failed.

Any thoughts? I would appreciate some help.

BC AdBot (Login to Remove)

 


#2 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:52 AM

Posted 11 May 2012 - 08:46 AM

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

unite_blue.png

Please post the final results, good or bad. We like to know!


#3 Brewsky

Brewsky
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 11 May 2012 - 09:54 AM

Here is the OTL.txt log.

OTL logfile created on: 5/11/2012 9:29:56 AM - Run 4
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Sweet Pea\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

957.76 Mb Total Physical Memory | 378.37 Mb Available Physical Memory | 39.51% Memory free
2.23 Gb Paging File | 1.21 Gb Available in Paging File | 54.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 98.57 Gb Free Space | 70.93% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.40 Gb Free Space | 54.03% Space Free | Partition Type: NTFS

Computer Name: CFDELLINSPIRON | User Name: Sweet Pea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/18 10:57:57 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sweet Pea\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/06 18:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/02/01 19:44:06 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/09/09 17:01:16 | 001,804,648 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
PRC - [2011/09/09 16:49:30 | 000,643,944 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 02:33:39 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/01/02 21:40:10 | 000,210,520 | R--- | M] (Hewlett-Packard Co.) -- C:\Users\Sweet Pea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe
PRC - [2006/10/20 17:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/09/16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2006/12/10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006/12/10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe -- (OSCM Utility Service)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2012/05/10 10:02:50 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2009/03/03 14:53:08 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rt73.sys -- (RT73)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\SWEETP~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/05/10 15:14:17 | 000,028,488 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/06 18:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 18:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 18:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 18:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 18:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 18:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/07/14 19:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/07 09:55:22 | 000,767,488 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/01/26 03:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/06/30 04:10:54 | 000,738,304 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\A3ABv.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2007/03/23 06:09:16 | 000,129,832 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/03/15 08:57:30 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/01/30 17:09:38 | 000,158,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2007/01/30 17:09:36 | 000,092,160 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2007/01/30 17:09:36 | 000,092,160 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2007/01/30 17:09:36 | 000,092,160 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2004/07/30 10:55:48 | 000,091,830 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\P0630Vid.sys -- (P0630VID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1070904
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1070904
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4122650406-24239967-75659528-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
IE - HKU\S-1-5-21-4122650406-24239967-75659528-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4122650406-24239967-75659528-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-4122650406-24239967-75659528-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4122650406-24239967-75659528-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7RNQN_enUS469
IE - HKU\S-1-5-21-4122650406-24239967-75659528-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4122650406-24239967-75659528-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/19 15:52:29 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sweet Pea\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sweet Pea\AppData\Local\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sweet Pea\AppData\Local\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sweet Pea\AppData\Local\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\Sweet Pea\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Users\Sweet Pea\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Sweet Pea\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2012/04/24 18:00:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-4122650406-24239967-75659528-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-4122650406-24239967-75659528-1000..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Users\Sweet Pea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Sweet Pea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4122650406-24239967-75659528-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-4122650406-24239967-75659528-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C577DBBC-9AAA-44A9-9A6B-ECD05D4AA686}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O24 - Desktop WallPaper: C:\Users\Sweet Pea\Pictures\Wall Paper 1.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sweet Pea\Pictures\Wall Paper 1.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/05/11 09:24:45 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Sweet Pea\Desktop\OTL.exe
[2012/05/01 09:52:53 | 000,000,000 | ---D | C] -- C:\Users\Sweet Pea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/05/01 09:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/04/24 18:10:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/24 17:41:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/24 17:41:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/24 17:41:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/24 17:41:00 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/24 17:21:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/24 17:21:26 | 004,474,625 | R--- | C] (Swearware) -- C:\Users\Sweet Pea\Desktop\ComboFix.exe
[2012/04/24 12:30:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/24 10:02:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/24 10:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/04/24 10:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/04/23 14:26:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/04/23 14:26:29 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/04/20 16:00:21 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/04/20 00:13:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012/04/19 23:27:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/04/18 08:13:11 | 000,000,000 | ---D | C] -- C:\Users\Sweet Pea\AppData\Roaming\Malwarebytes
[2012/04/18 08:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/18 08:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/18 08:12:39 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/18 08:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/18 03:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/17 22:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/04/17 22:08:17 | 000,185,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012/04/17 22:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/04/17 22:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/04/17 22:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/04/17 22:06:16 | 000,000,000 | ---D | C] -- C:\Users\Sweet Pea\AppData\Roaming\TestApp
[2012/04/17 09:57:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/17 09:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/04/17 09:57:36 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/04/17 09:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

========== Files - Modified Within 30 Days ==========

[2012/05/11 09:32:46 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/11 09:29:27 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/11 09:29:27 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/11 09:27:11 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/11 09:27:11 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/11 09:26:32 | 000,002,595 | ---- | M] () -- C:\Users\Sweet Pea\Desktop\Microsoft Word.lnk
[2012/05/11 08:59:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/10 16:15:59 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012/05/10 16:15:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/10 16:15:29 | 1005,051,904 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/10 15:14:17 | 000,028,488 | ---- | M] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2012/05/10 15:13:36 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/10 10:02:51 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/06 09:39:18 | 171,940,531 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/05/03 14:02:06 | 000,000,980 | ---- | M] () -- C:\Users\Sweet Pea\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/05/02 15:09:50 | 000,007,620 | ---- | M] () -- C:\Users\Sweet Pea\AppData\Local\d3d9caps.dat
[2012/05/01 09:52:54 | 000,001,958 | ---- | M] () -- C:\Users\Sweet Pea\Desktop\HiJackThis.lnk
[2012/04/25 10:22:54 | 000,017,267 | ---- | M] () -- C:\Windows\System32\drivers\etc\services
[2012/04/24 18:00:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/24 17:19:03 | 004,474,625 | R--- | M] (Swearware) -- C:\Users\Sweet Pea\Desktop\ComboFix.exe
[2012/04/24 10:02:24 | 000,000,955 | ---- | M] () -- C:\Users\Sweet Pea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/04/24 10:00:06 | 000,000,775 | ---- | M] () -- C:\Users\Sweet Pea\Desktop\NTREGOPT.lnk
[2012/04/24 10:00:06 | 000,000,756 | ---- | M] () -- C:\Users\Sweet Pea\Desktop\ERUNT.lnk
[2012/04/23 10:30:24 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/04/22 09:57:49 | 000,000,176 | ---- | M] () -- C:\MSsupport.htm
[2012/04/20 09:56:27 | 000,343,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/04/19 16:15:39 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/04/19 16:02:14 | 000,001,882 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/04/18 12:41:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012/04/18 10:57:57 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sweet Pea\Desktop\OTL.exe
[2012/04/18 03:18:17 | 000,001,706 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/18 01:21:07 | 000,002,523 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2011.lnk
[2012/04/17 22:10:56 | 002,011,087 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB

========== Files Created - No Company Name ==========

[2012/05/10 15:49:16 | 1005,051,904 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/10 15:14:17 | 000,028,488 | ---- | C] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2012/05/10 10:02:51 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/01 09:52:54 | 000,001,958 | ---- | C] () -- C:\Users\Sweet Pea\Desktop\HiJackThis.lnk
[2012/04/24 17:41:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/24 17:41:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/24 17:41:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/24 17:41:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/24 17:41:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/24 10:02:24 | 000,000,955 | ---- | C] () -- C:\Users\Sweet Pea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/04/24 10:00:06 | 000,000,775 | ---- | C] () -- C:\Users\Sweet Pea\Desktop\NTREGOPT.lnk
[2012/04/24 10:00:06 | 000,000,756 | ---- | C] () -- C:\Users\Sweet Pea\Desktop\ERUNT.lnk
[2012/04/22 09:57:49 | 000,000,176 | ---- | C] () -- C:\MSsupport.htm
[2012/04/20 16:00:01 | 171,940,531 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/04/19 16:15:38 | 000,001,929 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/04/18 12:41:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012/04/18 08:12:43 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/18 03:18:17 | 000,001,706 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/17 22:08:31 | 002,011,087 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2012/04/17 21:28:01 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/31 16:18:53 | 000,000,590 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/27 14:42:32 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/10/08 09:42:50 | 000,148,320 | ---- | C] () -- C:\Windows\hpwins05.dat.temp
[2011/10/08 09:42:50 | 000,004,785 | ---- | C] () -- C:\Windows\hpwmdl05.dat.temp
[2011/10/08 09:42:15 | 000,016,059 | ---- | C] () -- C:\Windows\hpwscr05.dat
[2011/10/08 09:42:15 | 000,004,785 | ---- | C] () -- C:\Windows\hpwmdl05.dat
[2011/09/22 21:33:23 | 000,147,974 | ---- | C] () -- C:\Windows\hpwins05.dat
[2011/03/24 09:41:21 | 000,000,221 | ---- | C] () -- C:\Windows\NCLogConfig.ini
[2011/03/04 11:05:38 | 000,000,438 | ---- | C] () -- C:\Users\Sweet Pea\AppData\Roaming\wklnhst.dat
[2011/02/01 12:53:31 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/02/01 12:53:31 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/02/01 12:53:26 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/02/01 12:53:26 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/02/01 12:53:25 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/01/25 16:29:54 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

========== LOP Check ==========

[2012/01/26 19:23:26 | 000,000,000 | ---D | M] -- C:\Users\Sweet Pea\AppData\Roaming\.minecraft
[2011/05/12 18:21:39 | 000,000,000 | ---D | M] -- C:\Users\Sweet Pea\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/03/07 13:20:23 | 000,000,000 | ---D | M] -- C:\Users\Sweet Pea\AppData\Roaming\Dropbox
[2007/09/06 18:14:22 | 000,000,000 | ---D | M] -- C:\Users\Sweet Pea\AppData\Roaming\Earthlink
[2012/02/01 17:51:50 | 000,000,000 | ---D | M] -- C:\Users\Sweet Pea\AppData\Roaming\Image Zone Express
[2012/02/10 18:10:09 | 000,000,000 | ---D | M] -- C:\Users\Sweet Pea\AppData\Roaming\Leadertech
[2008/05/11 19:46:38 | 000,000,000 | ---D | M] -- C:\Users\Sweet Pea\AppData\Roaming\PeerNetworking
[2011/09/22 23:21:19 | 000,000,000 | ---D | M] -- C:\Users\Sweet Pea\AppData\Roaming\Printer Info Cache
[2012/02/01 20:31:46 | 000,000,000 | ---D | M] -- C:\Users\Sweet Pea\AppData\Roaming\Registry Booster
[2011/03/04 11:05:44 | 000,000,000 | ---D | M] -- C:\Users\Sweet Pea\AppData\Roaming\Template
[2012/04/17 22:06:16 | 000,000,000 | ---D | M] -- C:\Users\Sweet Pea\AppData\Roaming\TestApp
[2012/05/11 09:30:59 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

#4 Brewsky

Brewsky
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 11 May 2012 - 09:58 AM

Gammo, I don't see that OTL created an Extras.txt log.

#5 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:52 AM

Posted 11 May 2012 - 10:25 AM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
    O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found.
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

unite_blue.png

Please post the final results, good or bad. We like to know!


#6 Brewsky

Brewsky
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 11 May 2012 - 06:49 PM

I ran the custom OTL fix. No issues. It rebooted and came up fine.

I turned off the antivirus.

I ran ComboFix and I could see the DOS-like box pop-up and I saw it finish. I was busy at the time so I let it sit for awhile, maybe 15 minutes. I fould the PC running terribly. Really slow. I tried to look for the ComboFix.txt file and everything seemed to lock up. I tried to do Ctl Alt Del to get to Task Manager and I had a box pop up that said across the banner (top) "Logon process has failed to create the security option dialog box" and in the box it said "Failure - Security Option". I finally ended up doing a forced power off.

The PC came back up, but still would not run right. Same issues. Also I saw Avast AV blocking Trojan files and many Malware attempts to call out. I ended upo doing another forced power off.

But this time it came back up okay. I could not locate the ComboFix.txt file. So something seems wrong.

I have also seen Malwarebytes errors initializing. Should I have turned if off when I ran ComboFix? I did not turn it off, but I did kill the AV.

Do I try to run the ComboFix again?

Thanks

#7 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:52 AM

Posted 12 May 2012 - 05:14 AM

Do I try to run the ComboFix again?

Yes, please do.

unite_blue.png

Please post the final results, good or bad. We like to know!


#8 Brewsky

Brewsky
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 12 May 2012 - 11:53 AM

I ran ComboFix again. It was taking quite awhile so I walked away and when I came back, the system had rebooted and had the message "Windows recovered from an unexpected shutdown".

I searched C:| for ComboFix.txt and it was not there. I looked in C:\Combofix\ and saw a file of the same name. I am not sure if this is the correct one or not, but here it is...


ComboFix 12-05-12.01 - Sweet Pea 05/12/2012 10:02:51.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.958.119 [GMT -5:00]
Running from: C:\Users\Sweet Pea\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((( Files Created from 2012-04-12 to 2012-05-12 )))))))))))))))))))))))))))))))


2012-05-12 15:20:19 . 2012-05-12 15:20:19 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-05-10 20:14:17 . 2012-05-10 20:14:17 28488 ----a-w- C:\Windows\system32\drivers\mbamchameleon.sys
2012-05-10 15:02:50 . 2012-05-10 15:02:50 419488 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2012-05-01 14:52:57 . 2012-05-01 14:52:58 388096 ----a-r- C:\Users\Sweet Pea\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-01 14:52:50 . 2012-05-01 14:52:50 -------- d-----w- C:\Program Files\Trend Micro
2012-04-25 15:24:28 . 1998-04-24 04:00:00 37136 ----a-w- C:\Windows\system32\temp.01C
2012-04-25 15:24:09 . 2000-05-27 05:10:18 1388544 ----a-w- C:\Windows\system32\temp.01B
2012-04-25 15:24:09 . 2000-01-19 23:11:46 614672 ----a-w- C:\Windows\system32\temp.01A
2012-04-25 15:24:08 . 2000-01-19 23:11:46 164112 ----a-w- C:\Windows\system32\temp.017
2012-04-25 15:24:08 . 1999-08-31 21:55:18 17920 ----a-w- C:\Windows\system32\temp.018
2012-04-25 15:24:08 . 1998-06-17 04:00:00 77878 ----a-w- C:\Windows\system32\temp.016
2012-04-25 15:24:08 . 1998-06-17 04:00:00 401462 ----a-w- C:\Windows\system32\temp.019
2012-04-25 15:24:06 . 2000-03-07 05:00:00 278581 ----a-w- C:\Windows\system32\temp.014
2012-04-25 15:24:06 . 1999-10-27 05:00:00 995383 ----a-w- C:\Windows\system32\temp.013
2012-04-25 15:24:06 . 1999-06-01 05:00:00 326656 ----a-w- C:\Windows\system32\temp.015
2012-04-25 15:06:22 . 1998-04-24 04:00:00 37136 ----a-w- C:\Windows\system32\temp.012
2012-04-25 15:06:05 . 2000-05-27 05:10:18 1388544 ----a-w- C:\Windows\system32\temp.011
2012-04-25 15:06:05 . 2000-01-19 23:11:46 614672 ----a-w- C:\Windows\system32\temp.010
2012-04-25 15:06:05 . 2000-01-19 23:11:46 164112 ----a-w- C:\Windows\system32\temp.00D
2012-04-25 15:06:05 . 1999-08-31 21:55:18 17920 ----a-w- C:\Windows\system32\temp.00E
2012-04-25 15:06:05 . 1998-06-17 04:00:00 77878 ----a-w- C:\Windows\system32\temp.00C
2012-04-25 15:06:05 . 1998-06-17 04:00:00 401462 ----a-w- C:\Windows\system32\temp.00F
2012-04-25 15:06:03 . 2000-03-07 05:00:00 278581 ----a-w- C:\Windows\system32\temp.00A
2012-04-25 15:06:03 . 1999-06-01 05:00:00 326656 ----a-w- C:\Windows\system32\temp.00B
2012-04-25 15:06:02 . 1999-10-27 05:00:00 995383 ----a-w- C:\Windows\system32\temp.009
2012-04-24 23:14:49 . 2012-04-24 23:15:03 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\Adobe
2012-04-24 17:30:05 . 2012-04-24 17:30:05 -------- d-----w- C:\_OTL
2012-04-24 15:00:04 . 2012-04-24 15:02:24 -------- d-----w- C:\Program Files\ERUNT
2012-04-23 19:26:29 . 2012-04-25 14:46:15 -------- d-----w- C:\Program Files\Spybot - Search & Destroy
2012-04-23 19:26:29 . 2012-04-25 14:44:41 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-04-20 14:42:37 . 2012-04-20 14:42:37 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\PowerDVD DX
2012-04-20 05:13:52 . 2012-04-20 05:14:16 -------- d-----w- C:\Windows\system32\SPReview
2012-04-20 04:27:59 . 2012-04-20 04:28:00 -------- d-----w- C:\Windows\system32\EventProviders
2012-04-18 13:13:11 . 2012-04-18 13:13:11 -------- d-----w- C:\Users\Sweet Pea\AppData\Roaming\Malwarebytes
2012-04-18 13:12:41 . 2012-04-18 13:12:41 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-18 13:12:39 . 2012-05-10 20:13:36 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-04-18 13:12:39 . 2012-04-04 20:56:40 22344 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-04-18 08:16:40 . 2009-05-18 18:17:00 26600 ----a-w- C:\Windows\system32\drivers\GEARAspiWDM.sys
2012-04-18 08:16:40 . 2008-04-17 17:12:54 107368 ----a-w- C:\Windows\system32\GEARAspi.dll
2012-04-18 04:51:35 . 2012-03-14 02:15:38 6582328 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{753BD237-597A-4144-B7B9-9C8603E577FB}\mpengine.dll
2012-04-18 03:18:13 . 2012-04-18 04:55:29 -------- d-----w- C:\Program Files\PC Tools
2012-04-18 03:08:17 . 2012-04-19 20:52:22 -------- d-----w- C:\Program Files\Common Files\PC Tools
2012-04-18 03:08:17 . 2012-02-24 15:36:44 185560 ----a-w- C:\Windows\system32\drivers\PCTSD.sys
2012-04-18 03:06:17 . 2012-04-18 04:51:09 -------- d-----w- C:\ProgramData\PC Tools
2012-04-18 03:06:16 . 2012-04-18 03:06:16 -------- d-----w- C:\Users\Sweet Pea\AppData\Roaming\TestApp
2012-04-17 14:57:39 . 2012-04-18 08:14:19 -------- d-----w- C:\Program Files\iPod
2012-04-17 14:57:36 . 2012-04-19 20:52:28 -------- d-----w- C:\Program Files\iTunes
2012-04-17 14:57:36 . 2012-04-17 14:58:49 -------- d-----w- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-04-17 14:57:07 . 2012-04-17 14:57:07 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Roaming\Apple Computer
2012-04-17 14:55:59 . 2012-04-19 20:52:20 -------- d-----w- C:\Program Files\Bonjour
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-05-10 15:02:50 . 2011-05-27 14:25:36 70304 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2012-03-06 23:15:19 . 2010-08-23 23:46:35 41184 ----a-w- C:\Windows\avastSS.scr
2012-03-06 23:15:14 . 2008-03-08 18:09:06 201352 ----a-w- C:\Windows\system32\aswBoot.exe
2012-03-06 23:03:51 . 2011-06-29 19:18:49 612184 ----a-w- C:\Windows\system32\drivers\aswSnx.sys
2012-03-06 23:03:38 . 2008-04-14 01:40:01 337880 ----a-w- C:\Windows\system32\drivers\aswSP.sys
2012-03-06 23:02:00 . 2008-03-08 18:09:21 35672 ----a-w- C:\Windows\system32\drivers\aswRdr.sys
2012-03-06 23:01:53 . 2008-03-08 18:09:20 53848 ----a-w- C:\Windows\system32\drivers\aswTdi.sys
2012-03-06 23:01:48 . 2008-03-08 18:09:06 57688 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01:30 . 2008-04-14 01:40:01 20696 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys
2012-02-23 14:18:36 . 2009-10-03 06:54:06 237072 ------w- C:\Windows\system32\MpSigStub.exe
2012-02-15 16:01:50 . 2012-02-15 16:01:50 4547944 ----a-w- C:\Windows\system32\usbaaplrc.dll
2012-02-15 16:01:50 . 2012-02-15 16:01:50 43520 ----a-w- C:\Windows\system32\drivers\usbaapl.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15:06 123536 ----a-w- C:\Program Files\Alwil Software\Avast5\ashShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet Pro 8600 (NET)"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2011-09-09 22:01:16 1804648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 12:22:20 4907008]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 22:23:38 118784]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 19:40:10 16384]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 12:41:07 37296]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 16:07:56 843712]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 19:06:06 254696]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 08:41:12 49208]
"TkBellExe"="C:\Program Files\Real\RealPlayer\update\realsched.exe" [2012-02-02 00:44:06 296056]
"avast"="C:\Program Files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 23:15:17 4241512]
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 02:28:32 59240]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2012-03-27 10:09:24 421736]
"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 20:56:38 462408]

C:\Users\Sweet Pea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
hpqtra08.exe [2007-1-2 210520]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-9-4 50688]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4122650406-24239967-75659528-1000]
"EnableNotificationsRef"=dword:00000001

R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\Windows\system32\DRIVERS\A3ABv.sys [2007-06-30 09:10:54 738304]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 15:02:50 257696]
S2 AERTFilters;Andrea RT Filters Service;C:\Windows\system32\AERTSrv.exe [2007-12-05 11:17:24 77824]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC

Contents of the 'Scheduled Tasks' folder

2012-05-10 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 15:02:50 . 2012-05-10 15:02:50]

2012-05-12 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-02 00:43:24 . 2012-02-02 00:43:06]

2012-05-12 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-02 00:43:24 . 2012-02-02 00:43:06]

#9 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:52 AM

Posted 13 May 2012 - 05:27 AM

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.





Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.





Please download DDS and save it to your desktop.
  • Disable any script blocking protection.
  • Double click dds.com to run the tool..
  • When done, DDS will open two logs (DDS.txt and Attach.txt).
  • Save both reports to your desktop.

Please include the contents of DDS.txt in your next reply.




Are you still experiencing any problems?

unite_blue.png

Please post the final results, good or bad. We like to know!


#10 Brewsky

Brewsky
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 13 May 2012 - 10:57 AM

When I installed MWbytes, I got several warning that certain files "Error writing to registry key. ARPOT RETRY IGNORE." I ended up ignoring to get MWarebytes to install. The system said it needed to be restarted.(I already had it installed if that matters). I ran it and there were no bad files detected. Here is the log.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.13.02

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Sweet Pea :: CFDELLINSPIRON [administrator]

Protection: Enabled

5/13/2012 10:31:04 AM
mbam-log-2012-05-13 (10-31-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205678
Time elapsed: 14 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Running TDSSKILLER next.

#11 Brewsky

Brewsky
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 13 May 2012 - 11:25 AM

I ran TDSSKILLER and it found some rootkit entries.

Here is the DDS.txt log



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088
Run by Sweet Pea at 11:20:51 on 2012-05-13
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.958.148 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Users\Sweet Pea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [HP Officejet Pro 8600 (NET)] "c:\program files\hp\hp officejet pro 8600\bin\ScanToPCActivationApp.exe" -deviceID "CN1AM1S09K05KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dscactivate] c:\dell\dsca.exe 3
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\sweetp~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\sweet pea\appdata\roaming\microsoft\windows\start menu\programs\startup\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
Trusted Zone: intuit.com\ttlc
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C577DBBC-9AAA-44A9-9A6B-ECD05D4AA686} : DhcpNameServer = 192.168.0.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2008-5-26 4608]
R0 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-5-10 28488]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-29 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-4-13 337880]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-13 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-3-8 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-23 44768]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-18 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-18 22344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-2-1 136176]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3ABv.sys [2008-8-6 738304]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-10 257696]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-31 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-2-1 136176]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-1-30 92160]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2012-2-9 91830]
.
=============== Created Last 30 ================
.
2012-05-13 16:01:10 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-12 15:31:01 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-12 14:48:01 -------- d-----w- C:\ComboFix
2012-05-10 20:14:17 28488 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-05-10 15:02:50 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-01 14:52:57 388096 ----a-r- c:\users\sweet pea\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-05-01 14:52:50 -------- d-----w- c:\program files\Trend Micro
2012-04-25 15:24:28 37136 ----a-w- c:\windows\system32\temp.01C
2012-04-25 15:24:09 614672 ----a-w- c:\windows\system32\temp.01A
2012-04-25 15:24:09 1388544 ----a-w- c:\windows\system32\temp.01B
2012-04-25 15:24:08 77878 ----a-w- c:\windows\system32\temp.016
2012-04-25 15:24:08 401462 ----a-w- c:\windows\system32\temp.019
2012-04-25 15:24:08 17920 ----a-w- c:\windows\system32\temp.018
2012-04-25 15:24:08 164112 ----a-w- c:\windows\system32\temp.017
2012-04-25 15:24:06 995383 ----a-w- c:\windows\system32\temp.013
2012-04-25 15:24:06 326656 ----a-w- c:\windows\system32\temp.015
2012-04-25 15:24:06 278581 ----a-w- c:\windows\system32\temp.014
2012-04-25 15:06:22 37136 ----a-w- c:\windows\system32\temp.012
2012-04-25 15:06:05 77878 ----a-w- c:\windows\system32\temp.00C
2012-04-25 15:06:05 614672 ----a-w- c:\windows\system32\temp.010
2012-04-25 15:06:05 401462 ----a-w- c:\windows\system32\temp.00F
2012-04-25 15:06:05 17920 ----a-w- c:\windows\system32\temp.00E
2012-04-25 15:06:05 164112 ----a-w- c:\windows\system32\temp.00D
2012-04-25 15:06:05 1388544 ----a-w- c:\windows\system32\temp.011
2012-04-25 15:06:03 326656 ----a-w- c:\windows\system32\temp.00B
2012-04-25 15:06:03 278581 ----a-w- c:\windows\system32\temp.00A
2012-04-25 15:06:02 995383 ----a-w- c:\windows\system32\temp.009
2012-04-24 22:41:30 98816 ----a-w- c:\windows\sed.exe
2012-04-24 22:41:30 518144 ----a-w- c:\windows\SWREG.exe
2012-04-24 22:41:30 256000 ----a-w- c:\windows\PEV.exe
2012-04-24 22:41:30 208896 ----a-w- c:\windows\MBR.exe
2012-04-24 17:30:05 -------- d-----w- C:\_OTL
2012-04-23 19:26:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-23 19:26:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-04-20 05:13:52 -------- d-----w- c:\windows\system32\SPReview
2012-04-20 04:27:59 -------- d-----w- c:\windows\system32\EventProviders
2012-04-18 13:13:11 -------- d-----w- c:\users\sweet pea\appdata\roaming\Malwarebytes
2012-04-18 13:12:41 -------- d-----w- c:\programdata\Malwarebytes
2012-04-18 13:12:39 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-18 13:12:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-18 08:16:40 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-04-18 08:16:40 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-04-18 04:51:35 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{753bd237-597a-4144-b7b9-9c8603e577fb}\mpengine.dll
2012-04-18 03:18:13 -------- d-----w- c:\program files\PC Tools
2012-04-18 03:08:17 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-04-18 03:08:17 -------- d-----w- c:\program files\common files\PC Tools
2012-04-18 03:06:17 -------- d-----w- c:\programdata\PC Tools
2012-04-18 03:06:16 -------- d-----w- c:\users\sweet pea\appdata\roaming\TestApp
2012-04-17 14:57:39 -------- d-----w- c:\program files\iPod
2012-04-17 14:57:36 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-04-17 14:57:36 -------- d-----w- c:\program files\iTunes
2012-04-17 14:55:59 -------- d-----w- c:\program files\Bonjour
.
==================== Find3M ====================
.
2012-05-10 15:02:50 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:01:48 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-23 14:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 16:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 16:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
============= FINISH: 11:23:53.32 ===============

#12 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:52 AM

Posted 13 May 2012 - 11:30 AM

Can you please post the contents of the TDSSKiller log file as well?

You can find it at C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt

unite_blue.png

Please post the final results, good or bad. We like to know!


#13 Brewsky

Brewsky
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 13 May 2012 - 11:54 AM

Here is the TDSKiller log.


10:59:22.0682 2004 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
10:59:23.0321 2004 ============================================================
10:59:23.0321 2004 Current date / time: 2012/05/13 10:59:23.0321
10:59:23.0321 2004 SystemInfo:
10:59:23.0321 2004
10:59:23.0321 2004 OS Version: 6.0.6001 ServicePack: 1.0
10:59:23.0321 2004 Product type: Workstation
10:59:23.0322 2004 ComputerName: CFDELLINSPIRON
10:59:23.0322 2004 UserName: Sweet Pea
10:59:23.0322 2004 Windows directory: C:\Windows
10:59:23.0322 2004 System windows directory: C:\Windows
10:59:23.0322 2004 Processor architecture: Intel x86
10:59:23.0322 2004 Number of processors: 2
10:59:23.0322 2004 Page size: 0x1000
10:59:23.0322 2004 Boot type: Normal boot
10:59:23.0322 2004 ============================================================
10:59:23.0883 2004 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:59:23.0971 2004 ============================================================
10:59:23.0971 2004 \Device\Harddisk0\DR0:
10:59:23.0996 2004 MBR partitions:
10:59:23.0996 2004 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x18000, BlocksNum 0x1400000
10:59:23.0996 2004 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1418000, BlocksNum 0x115ED000
10:59:23.0996 2004 ============================================================
10:59:24.0084 2004 C: <-> \Device\Harddisk0\DR0\Partition1
10:59:24.0106 2004 D: <-> \Device\Harddisk0\DR0\Partition0
10:59:24.0106 2004 ============================================================
10:59:24.0106 2004 Initialize success
10:59:24.0106 2004 ============================================================
11:00:27.0040 3736 ============================================================
11:00:27.0040 3736 Scan started
11:00:27.0040 3736 Mode: Manual; SigCheck; TDLFS;
11:00:27.0040 3736 ============================================================
11:00:28.0649 3736 A3AB (ee5c0ec358b2ce7b73fb154f8b1dbebe) C:\Windows\system32\DRIVERS\A3ABv.sys
11:00:29.0276 3736 A3AB - ok
11:00:29.0333 3736 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
11:00:29.0355 3736 ACPI - ok
11:00:29.0421 3736 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:00:29.0439 3736 AdobeFlashPlayerUpdateSvc - ok
11:00:29.0497 3736 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
11:00:29.0522 3736 adp94xx - ok
11:00:29.0546 3736 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
11:00:29.0564 3736 adpahci - ok
11:00:29.0579 3736 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
11:00:29.0593 3736 adpu160m - ok
11:00:29.0605 3736 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
11:00:29.0621 3736 adpu320 - ok
11:00:29.0659 3736 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
11:00:29.0786 3736 AeLookupSvc - ok
11:00:29.0820 3736 AERTFilters (330a1e4df07c2e29949ed8631cd8828e) C:\Windows\system32\AERTSrv.exe
11:00:29.0884 3736 AERTFilters - ok
11:00:29.0941 3736 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
11:00:30.0005 3736 AFD - ok
11:00:30.0052 3736 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
11:00:30.0065 3736 agp440 - ok
11:00:30.0074 3736 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
11:00:30.0088 3736 aic78xx - ok
11:00:30.0115 3736 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
11:00:30.0231 3736 ALG - ok
11:00:30.0240 3736 aliide (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys
11:00:30.0253 3736 aliide - ok
11:00:30.0288 3736 amacpi (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\DRIVERS\null.sys
11:00:30.0337 3736 amacpi - ok
11:00:30.0370 3736 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
11:00:30.0383 3736 amdagp - ok
11:00:30.0394 3736 amdide (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys
11:00:30.0407 3736 amdide - ok
11:00:30.0438 3736 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
11:00:30.0577 3736 AmdK7 - ok
11:00:30.0603 3736 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
11:00:30.0642 3736 AmdK8 - ok
11:00:30.0727 3736 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
11:00:30.0764 3736 Appinfo - ok
11:00:30.0868 3736 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:00:30.0880 3736 Apple Mobile Device - ok
11:00:30.0912 3736 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
11:00:30.0927 3736 arc - ok
11:00:30.0950 3736 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
11:00:30.0965 3736 arcsas - ok
11:00:31.0067 3736 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys
11:00:31.0139 3736 aswFsBlk - ok
11:00:31.0190 3736 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
11:00:31.0203 3736 aswMonFlt - ok
11:00:31.0218 3736 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\Windows\system32\drivers\aswRdr.sys
11:00:31.0231 3736 aswRdr - ok
11:00:31.0266 3736 aswSnx (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys
11:00:31.0297 3736 aswSnx - ok
11:00:31.0330 3736 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys
11:00:31.0350 3736 aswSP - ok
11:00:31.0399 3736 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys
11:00:31.0411 3736 aswTdi - ok
11:00:31.0437 3736 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
11:00:31.0486 3736 AsyncMac - ok
11:00:31.0510 3736 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
11:00:31.0522 3736 atapi - ok
11:00:31.0573 3736 athr (dcdfc3a5a8b239055aab6bd975ada889) C:\Windows\system32\DRIVERS\athr.sys
11:00:31.0665 3736 athr - ok
11:00:31.0710 3736 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
11:00:31.0751 3736 AudioEndpointBuilder - ok
11:00:31.0759 3736 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
11:00:31.0794 3736 Audiosrv - ok
11:00:31.0907 3736 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
11:00:31.0919 3736 avast! Antivirus - ok
11:00:31.0958 3736 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
11:00:31.0988 3736 Beep - ok
11:00:32.0055 3736 BFE (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll
11:00:32.0111 3736 BFE - ok
11:00:32.0166 3736 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\system32\qmgr.dll
11:00:32.0243 3736 BITS - ok
11:00:32.0249 3736 blbdrive - ok
11:00:32.0352 3736 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
11:00:32.0373 3736 Bonjour Service - ok
11:00:32.0422 3736 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
11:00:32.0496 3736 bowser - ok
11:00:32.0529 3736 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
11:00:32.0567 3736 BrFiltLo - ok
11:00:32.0578 3736 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
11:00:32.0614 3736 BrFiltUp - ok
11:00:32.0637 3736 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
11:00:32.0677 3736 Browser - ok
11:00:32.0695 3736 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
11:00:32.0760 3736 Brserid - ok
11:00:32.0766 3736 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
11:00:32.0827 3736 BrSerWdm - ok
11:00:32.0848 3736 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
11:00:32.0901 3736 BrUsbMdm - ok
11:00:32.0911 3736 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
11:00:32.0977 3736 BrUsbSer - ok
11:00:33.0055 3736 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
11:00:33.0125 3736 BTHMODEM - ok
11:00:33.0203 3736 catchme - ok
11:00:33.0231 3736 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
11:00:33.0271 3736 cdfs - ok
11:00:33.0337 3736 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
11:00:33.0368 3736 cdrom - ok
11:00:33.0412 3736 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
11:00:33.0455 3736 CertPropSvc - ok
11:00:33.0478 3736 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
11:00:33.0542 3736 circlass - ok
11:00:33.0568 3736 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
11:00:33.0586 3736 CLFS - ok
11:00:33.0652 3736 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:00:33.0665 3736 clr_optimization_v2.0.50727_32 - ok
11:00:33.0766 3736 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:00:33.0781 3736 clr_optimization_v4.0.30319_32 - ok
11:00:33.0799 3736 cmdide (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys
11:00:33.0812 3736 cmdide - ok
11:00:33.0822 3736 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
11:00:33.0834 3736 Compbatt - ok
11:00:33.0839 3736 COMSysApp - ok
11:00:33.0859 3736 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
11:00:33.0871 3736 crcdisk - ok
11:00:33.0886 3736 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
11:00:33.0947 3736 Crusoe - ok
11:00:33.0984 3736 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
11:00:34.0029 3736 CryptSvc - ok
11:00:34.0089 3736 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
11:00:34.0168 3736 DcomLaunch - ok
11:00:34.0195 3736 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
11:00:34.0234 3736 DfsC - ok
11:00:34.0336 3736 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
11:00:34.0436 3736 DFSR - ok
11:00:34.0544 3736 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
11:00:34.0615 3736 Dhcp - ok
11:00:34.0687 3736 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
11:00:34.0701 3736 disk - ok
11:00:34.0763 3736 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
11:00:34.0845 3736 Dnscache - ok
11:00:34.0877 3736 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
11:00:34.0923 3736 dot3svc - ok
11:00:34.0974 3736 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
11:00:35.0023 3736 Dot4 - ok
11:00:35.0036 3736 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
11:00:35.0068 3736 Dot4Print - ok
11:00:35.0090 3736 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
11:00:35.0129 3736 dot4usb - ok
11:00:35.0159 3736 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
11:00:35.0194 3736 DPS - ok
11:00:35.0222 3736 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
11:00:35.0254 3736 drmkaud - ok
11:00:35.0338 3736 DSBrokerService (245f62a2aa67f4a61f10174bf1017327) C:\Program Files\DellSupport\brkrsvc.exe
11:00:35.0356 3736 DSBrokerService ( UnsignedFile.Multi.Generic ) - warning
11:00:35.0356 3736 DSBrokerService - detected UnsignedFile.Multi.Generic (1)
11:00:35.0377 3736 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
11:00:35.0384 3736 DSproct ( UnsignedFile.Multi.Generic ) - warning
11:00:35.0384 3736 DSproct - detected UnsignedFile.Multi.Generic (1)
11:00:35.0398 3736 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
11:00:35.0434 3736 dsunidrv - ok
11:00:35.0479 3736 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
11:00:35.0517 3736 DXGKrnl - ok
11:00:35.0546 3736 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
11:00:35.0617 3736 e1express - ok
11:00:35.0636 3736 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
11:00:35.0704 3736 E1G60 - ok
11:00:35.0748 3736 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
11:00:35.0774 3736 EapHost - ok
11:00:35.0816 3736 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
11:00:35.0832 3736 Ecache - ok
11:00:35.0877 3736 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
11:00:35.0896 3736 elxstor - ok
11:00:35.0940 3736 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
11:00:36.0022 3736 EMDMgmt - ok
11:00:36.0065 3736 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
11:00:36.0104 3736 EventSystem - ok
11:00:36.0137 3736 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
11:00:36.0182 3736 exfat - ok
11:00:36.0209 3736 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
11:00:36.0244 3736 fastfat - ok
11:00:36.0266 3736 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
11:00:36.0320 3736 fdc - ok
11:00:36.0336 3736 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
11:00:36.0380 3736 fdPHost - ok
11:00:36.0395 3736 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
11:00:36.0455 3736 FDResPub - ok
11:00:36.0478 3736 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
11:00:36.0492 3736 FileInfo - ok
11:00:36.0510 3736 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
11:00:36.0550 3736 Filetrace - ok
11:00:36.0572 3736 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
11:00:36.0625 3736 flpydisk - ok
11:00:36.0652 3736 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
11:00:36.0669 3736 FltMgr - ok
11:00:36.0730 3736 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:00:36.0743 3736 FontCache3.0.0.0 - ok
11:00:36.0822 3736 fssfltr (491e9d9a26a745f6ae7d570849f4bd87) C:\Windows\system32\DRIVERS\fssfltr.sys
11:00:36.0834 3736 fssfltr - ok
11:00:37.0081 3736 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
11:00:37.0117 3736 fsssvc - ok
11:00:37.0141 3736 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
11:00:37.0176 3736 Fs_Rec - ok
11:00:37.0199 3736 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
11:00:37.0213 3736 gagp30kx - ok
11:00:37.0269 3736 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:00:37.0281 3736 GEARAspiWDM - ok
11:00:37.0300 3736 getPlus® Helper (35a1f815962f3552066c6be4c969d297) C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
11:00:37.0312 3736 getPlus® Helper - ok
11:00:37.0352 3736 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
11:00:37.0435 3736 gpsvc - ok
11:00:37.0535 3736 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
11:00:37.0571 3736 gupdate - ok
11:00:37.0603 3736 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
11:00:37.0615 3736 gupdatem - ok
11:00:37.0643 3736 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:00:37.0676 3736 HDAudBus - ok
11:00:37.0698 3736 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
11:00:37.0762 3736 HidBth - ok
11:00:37.0782 3736 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
11:00:37.0845 3736 HidIr - ok
11:00:37.0869 3736 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\System32\hidserv.dll
11:00:37.0931 3736 hidserv - ok
11:00:37.0981 3736 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
11:00:38.0070 3736 HidUsb - ok
11:00:38.0132 3736 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
11:00:38.0165 3736 hkmsvc - ok
11:00:38.0189 3736 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
11:00:38.0202 3736 HpCISSs - ok
11:00:38.0299 3736 hpqcxs08 (682358f730b84b63e09c6b4edc1de7ae) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
11:00:38.0321 3736 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
11:00:38.0321 3736 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
11:00:38.0336 3736 hpqddsvc (2e7bee4aa776cf1c37836b26d1d29403) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
11:00:38.0384 3736 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
11:00:38.0384 3736 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
11:00:38.0437 3736 HPSLPSVC (56fc98f1014ea8dc51b92839c32759ec) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
11:00:38.0466 3736 HPSLPSVC - ok
11:00:38.0593 3736 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
11:00:38.0657 3736 HSF_DPV - ok
11:00:38.0681 3736 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
11:00:38.0700 3736 HSXHWBS2 - ok
11:00:38.0731 3736 HTTP (33b02459e86d0a2b86a6b9fe19139390) C:\Windows\system32\drivers\HTTP.sys
11:00:38.0785 3736 HTTP - ok
11:00:38.0809 3736 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
11:00:38.0821 3736 i2omp - ok
11:00:38.0857 3736 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
11:00:38.0882 3736 i8042prt - ok
11:00:38.0907 3736 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
11:00:38.0925 3736 iaStorV - ok
11:00:38.0991 3736 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
11:00:39.0018 3736 IDriverT ( UnsignedFile.Multi.Generic ) - warning
11:00:39.0019 3736 IDriverT - detected UnsignedFile.Multi.Generic (1)
11:00:39.0094 3736 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:00:39.0131 3736 idsvc - ok
11:00:39.0201 3736 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
11:00:39.0214 3736 iirsp - ok
11:00:39.0255 3736 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
11:00:39.0297 3736 IKEEXT - ok
11:00:39.0415 3736 IntcAzAudAddService (f8f53c5449f15b23d4c61d51d2701da8) C:\Windows\system32\drivers\RTKVHDA.sys
11:00:39.0483 3736 IntcAzAudAddService - ok
11:00:39.0598 3736 intelide (1b16626beae3a52e611fc681cd796f86) C:\Windows\system32\drivers\intelide.sys
11:00:39.0610 3736 intelide - ok
11:00:39.0631 3736 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
11:00:39.0697 3736 intelppm - ok
11:00:39.0902 3736 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
11:00:39.0913 3736 IntuitUpdateServiceV4 - ok
11:00:39.0944 3736 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
11:00:39.0993 3736 IPBusEnum - ok
11:00:40.0039 3736 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:00:40.0071 3736 IpFilterDriver - ok
11:00:40.0098 3736 iphlpsvc (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll
11:00:40.0138 3736 iphlpsvc - ok
11:00:40.0143 3736 IpInIp - ok
11:00:40.0169 3736 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
11:00:40.0228 3736 IPMIDRV - ok
11:00:40.0248 3736 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
11:00:40.0281 3736 IPNAT - ok
11:00:40.0388 3736 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
11:00:40.0420 3736 iPod Service - ok
11:00:40.0469 3736 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
11:00:40.0507 3736 IRENUM - ok
11:00:40.0532 3736 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
11:00:40.0546 3736 isapnp - ok
11:00:40.0600 3736 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
11:00:40.0617 3736 iScsiPrt - ok
11:00:40.0633 3736 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
11:00:40.0646 3736 iteatapi - ok
11:00:40.0656 3736 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
11:00:40.0669 3736 iteraid - ok
11:00:40.0688 3736 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:00:40.0701 3736 kbdclass - ok
11:00:40.0771 3736 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
11:00:40.0809 3736 kbdhid - ok
11:00:40.0832 3736 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
11:00:40.0875 3736 KeyIso - ok
11:00:40.0900 3736 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
11:00:40.0927 3736 KSecDD - ok
11:00:40.0968 3736 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
11:00:41.0021 3736 KtmRm - ok
11:00:41.0079 3736 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\System32\srvsvc.dll
11:00:41.0152 3736 LanmanServer - ok
11:00:41.0187 3736 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
11:00:41.0216 3736 LanmanWorkstation - ok
11:00:41.0242 3736 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
11:00:41.0286 3736 lltdio - ok
11:00:41.0314 3736 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
11:00:41.0360 3736 lltdsvc - ok
11:00:41.0375 3736 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
11:00:41.0441 3736 lmhosts - ok
11:00:41.0474 3736 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
11:00:41.0487 3736 LSI_FC - ok
11:00:41.0502 3736 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
11:00:41.0516 3736 LSI_SAS - ok
11:00:41.0537 3736 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
11:00:41.0552 3736 LSI_SCSI - ok
11:00:41.0575 3736 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
11:00:41.0608 3736 luafv - ok
11:00:41.0668 3736 mbamchameleon (5dc35c6ecff38c91db3511c63d0000d9) C:\Windows\system32\drivers\mbamchameleon.sys
11:00:41.0680 3736 mbamchameleon - ok
11:00:41.0716 3736 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
11:00:41.0729 3736 MBAMProtector - ok
11:00:41.0855 3736 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:00:41.0884 3736 MBAMService - ok
11:00:41.0911 3736 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
11:00:41.0932 3736 mdmxsdk - ok
11:00:41.0953 3736 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
11:00:41.0966 3736 megasas - ok
11:00:41.0989 3736 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
11:00:42.0043 3736 MMCSS - ok
11:00:42.0062 3736 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
11:00:42.0093 3736 Modem - ok
11:00:42.0129 3736 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
11:00:42.0172 3736 monitor - ok
11:00:42.0227 3736 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
11:00:42.0240 3736 mouclass - ok
11:00:42.0250 3736 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
11:00:42.0290 3736 mouhid - ok
11:00:42.0316 3736 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
11:00:42.0330 3736 MountMgr - ok
11:00:42.0358 3736 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
11:00:42.0372 3736 mpio - ok
11:00:42.0392 3736 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
11:00:42.0428 3736 mpsdrv - ok
11:00:42.0464 3736 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
11:00:42.0523 3736 MpsSvc - ok
11:00:42.0548 3736 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
11:00:42.0561 3736 Mraid35x - ok
11:00:42.0592 3736 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
11:00:42.0634 3736 MRxDAV - ok
11:00:42.0655 3736 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:00:42.0706 3736 mrxsmb - ok
11:00:42.0742 3736 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:00:42.0769 3736 mrxsmb10 - ok
11:00:42.0786 3736 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:00:42.0812 3736 mrxsmb20 - ok
11:00:42.0835 3736 msahci (0d1c042188ffe61a702a9df5944de5ba) C:\Windows\system32\drivers\msahci.sys
11:00:42.0848 3736 msahci - ok
11:00:42.0866 3736 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
11:00:42.0879 3736 msdsm - ok
11:00:42.0901 3736 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
11:00:42.0948 3736 MSDTC - ok
11:00:42.0986 3736 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
11:00:43.0067 3736 Msfs - ok
11:00:43.0098 3736 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
11:00:43.0111 3736 msisadrv - ok
11:00:43.0142 3736 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
11:00:43.0177 3736 MSiSCSI - ok
11:00:43.0182 3736 msiserver - ok
11:00:43.0202 3736 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
11:00:43.0254 3736 MSKSSRV - ok
11:00:43.0276 3736 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
11:00:43.0315 3736 MSPCLOCK - ok
11:00:43.0327 3736 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
11:00:43.0359 3736 MSPQM - ok
11:00:43.0391 3736 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
11:00:43.0407 3736 MsRPC - ok
11:00:43.0435 3736 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
11:00:43.0448 3736 mssmbios - ok
11:00:43.0479 3736 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
11:00:43.0510 3736 MSTEE - ok
11:00:43.0536 3736 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
11:00:43.0549 3736 Mup - ok
11:00:43.0582 3736 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
11:00:43.0623 3736 napagent - ok
11:00:43.0639 3736 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
11:00:43.0659 3736 NativeWifiP - ok
11:00:43.0697 3736 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
11:00:43.0724 3736 NDIS - ok
11:00:43.0763 3736 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
11:00:43.0801 3736 NdisTapi - ok
11:00:43.0826 3736 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
11:00:43.0869 3736 Ndisuio - ok
11:00:43.0894 3736 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
11:00:43.0937 3736 NdisWan - ok
11:00:43.0965 3736 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
11:00:43.0991 3736 NDProxy - ok
11:00:44.0021 3736 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
11:00:44.0038 3736 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:00:44.0039 3736 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:00:44.0065 3736 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
11:00:44.0097 3736 NetBIOS - ok
11:00:44.0113 3736 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
11:00:44.0161 3736 netbt - ok
11:00:44.0199 3736 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
11:00:44.0216 3736 Netlogon - ok
11:00:44.0247 3736 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
11:00:44.0286 3736 Netman - ok
11:00:44.0325 3736 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
11:00:44.0372 3736 netprofm - ok
11:00:44.0444 3736 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:00:44.0459 3736 NetTcpPortSharing - ok
11:00:44.0492 3736 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
11:00:44.0505 3736 nfrd960 - ok
11:00:44.0521 3736 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
11:00:44.0567 3736 NlaSvc - ok
11:00:44.0584 3736 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
11:00:44.0627 3736 Npfs - ok
11:00:44.0654 3736 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
11:00:44.0696 3736 nsi - ok
11:00:44.0718 3736 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
11:00:44.0760 3736 nsiproxy - ok
11:00:44.0829 3736 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
11:00:44.0872 3736 Ntfs - ok
11:00:44.0925 3736 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
11:00:44.0978 3736 ntrigdigi - ok
11:00:44.0994 3736 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
11:00:45.0024 3736 Null - ok
11:00:45.0148 3736 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
11:00:45.0188 3736 NVENETFD - ok
11:00:45.0582 3736 nvlddmkm (e572ebf0a86a76e7cfcaab00648f0f83) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:00:45.0934 3736 nvlddmkm - ok
11:00:46.0041 3736 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
11:00:46.0056 3736 nvraid - ok
11:00:46.0080 3736 nvrd32 (dcdecb11b5a8ad813fee68fd98c60e0a) C:\Windows\system32\drivers\nvrd32.sys
11:00:46.0095 3736 nvrd32 - ok
11:00:46.0107 3736 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
11:00:46.0120 3736 nvstor - ok
11:00:46.0150 3736 nvstor32 (fa7b8eca6e845b244b7e30a9dcd82c6c) C:\Windows\system32\drivers\nvstor32.sys
11:00:46.0164 3736 nvstor32 - ok
11:00:46.0200 3736 nvsvc (f397a6fa4b83d243ad25a1dc401237a0) C:\Windows\system32\nvvsvc.exe
11:00:46.0275 3736 nvsvc - ok
11:00:46.0309 3736 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
11:00:46.0324 3736 nv_agp - ok
11:00:46.0373 3736 NWADI (aa62ba29ef342d805555196f46fcaa4e) C:\Windows\system32\DRIVERS\NWADIenum.sys
11:00:46.0413 3736 NWADI - ok
11:00:46.0418 3736 NwlnkFlt - ok
11:00:46.0426 3736 NwlnkFwd - ok
11:00:46.0457 3736 NWUSBModem (d03072d7a3e4bf86e530f7abe18309fc) C:\Windows\system32\DRIVERS\nwusbmdm.sys
11:00:46.0494 3736 NWUSBModem - ok
11:00:46.0518 3736 NWUSBPort (d03072d7a3e4bf86e530f7abe18309fc) C:\Windows\system32\DRIVERS\nwusbser.sys
11:00:46.0537 3736 NWUSBPort - ok
11:00:46.0557 3736 NWUSBPort2 (d03072d7a3e4bf86e530f7abe18309fc) C:\Windows\system32\DRIVERS\nwusbser2.sys
11:00:46.0575 3736 NWUSBPort2 - ok
11:00:46.0607 3736 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
11:00:46.0687 3736 ohci1394 - ok
11:00:46.0720 3736 OSCM Utility Service - ok
11:00:46.0769 3736 P0630VID (68cb569ede9cfb3b0bf17966428df025) C:\Windows\system32\DRIVERS\P0630Vid.sys
11:00:46.0831 3736 P0630VID - ok
11:00:46.0872 3736 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
11:00:46.0966 3736 p2pimsvc - ok
11:00:46.0976 3736 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
11:00:47.0006 3736 p2psvc - ok
11:00:47.0047 3736 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
11:00:47.0112 3736 Parport - ok
11:00:47.0142 3736 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
11:00:47.0158 3736 partmgr - ok
11:00:47.0186 3736 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
11:00:47.0261 3736 Parvdm - ok
11:00:47.0284 3736 PCASp50 - ok
11:00:47.0316 3736 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
11:00:47.0339 3736 PcaSvc - ok
11:00:47.0370 3736 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
11:00:47.0404 3736 pci - ok
11:00:47.0451 3736 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
11:00:47.0465 3736 pciide - ok
11:00:47.0495 3736 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
11:00:47.0511 3736 pcmcia - ok
11:00:47.0561 3736 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
11:00:47.0633 3736 PEAUTH - ok
11:00:47.0766 3736 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
11:00:47.0854 3736 pla - ok
11:00:47.0947 3736 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
11:00:47.0999 3736 PlugPlay - ok
11:00:48.0021 3736 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
11:00:48.0078 3736 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:00:48.0079 3736 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:00:48.0122 3736 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
11:00:48.0151 3736 PNRPAutoReg - ok
11:00:48.0162 3736 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
11:00:48.0203 3736 PNRPsvc - ok
11:00:48.0256 3736 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
11:00:48.0346 3736 PolicyAgent - ok
11:00:48.0394 3736 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
11:00:48.0438 3736 PptpMiniport - ok
11:00:48.0474 3736 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
11:00:48.0526 3736 Processor - ok
11:00:48.0570 3736 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
11:00:48.0615 3736 ProfSvc - ok
11:00:48.0640 3736 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
11:00:48.0667 3736 ProtectedStorage - ok
11:00:48.0697 3736 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
11:00:48.0718 3736 PSched - ok
11:00:48.0753 3736 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
11:00:48.0772 3736 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
11:00:48.0772 3736 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
11:00:48.0830 3736 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
11:00:48.0868 3736 ql2300 - ok
11:00:48.0905 3736 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
11:00:48.0919 3736 ql40xx - ok
11:00:48.0965 3736 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
11:00:49.0000 3736 QWAVE - ok
11:00:49.0019 3736 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
11:00:49.0049 3736 QWAVEdrv - ok
11:00:49.0161 3736 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
11:00:49.0289 3736 R300 - ok
11:00:49.0385 3736 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
11:00:49.0425 3736 RasAcd - ok
11:00:49.0447 3736 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
11:00:49.0497 3736 RasAuto - ok
11:00:49.0556 3736 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:00:49.0594 3736 Rasl2tp - ok
11:00:49.0617 3736 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
11:00:49.0669 3736 RasMan - ok
11:00:49.0694 3736 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
11:00:49.0733 3736 RasPppoe - ok
11:00:49.0752 3736 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
11:00:49.0794 3736 RasSstp - ok
11:00:49.0831 3736 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
11:00:49.0909 3736 rdbss - ok
11:00:49.0932 3736 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:00:49.0981 3736 RDPCDD - ok
11:00:50.0032 3736 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
11:00:50.0070 3736 rdpdr - ok
11:00:50.0075 3736 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
11:00:50.0153 3736 RDPENCDD - ok
11:00:50.0197 3736 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
11:00:50.0231 3736 RDPWD - ok
11:00:50.0293 3736 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
11:00:50.0327 3736 RemoteAccess - ok
11:00:50.0355 3736 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
11:00:50.0391 3736 RemoteRegistry - ok
11:00:50.0513 3736 RoxMediaDB9 (ebcde8b48fadc6479d96a56d0a432160) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
11:00:50.0558 3736 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - warning
11:00:50.0558 3736 RoxMediaDB9 - detected UnsignedFile.Multi.Generic (1)
11:00:50.0588 3736 RoxWatch9 (ab2b1de1c8f31efce2384b14b3dc4260) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
11:00:50.0597 3736 RoxWatch9 ( UnsignedFile.Multi.Generic ) - warning
11:00:50.0597 3736 RoxWatch9 - detected UnsignedFile.Multi.Generic (1)
11:00:50.0618 3736 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
11:00:50.0660 3736 RpcLocator - ok
11:00:50.0704 3736 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\System32\rpcss.dll
11:00:50.0774 3736 RpcSs - ok
11:00:50.0809 3736 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
11:00:50.0849 3736 rspndr - ok
11:00:50.0854 3736 RT73 - ok
11:00:50.0881 3736 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
11:00:50.0900 3736 SamSs - ok
11:00:50.0938 3736 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
11:00:50.0952 3736 sbp2port - ok
11:00:50.0985 3736 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
11:00:51.0035 3736 SCardSvr - ok
11:00:51.0104 3736 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
11:00:51.0199 3736 Schedule - ok
11:00:51.0226 3736 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
11:00:51.0258 3736 SCPolicySvc - ok
11:00:51.0297 3736 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
11:00:51.0374 3736 SDRSVC - ok
11:00:51.0392 3736 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:00:51.0446 3736 secdrv - ok
11:00:51.0459 3736 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
11:00:51.0504 3736 seclogon - ok
11:00:51.0527 3736 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
11:00:51.0570 3736 SENS - ok
11:00:51.0596 3736 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
11:00:51.0667 3736 Serenum - ok
11:00:51.0693 3736 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
11:00:51.0747 3736 Serial - ok
11:00:51.0782 3736 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
11:00:51.0813 3736 sermouse - ok
11:00:51.0865 3736 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
11:00:51.0901 3736 SessionEnv - ok
11:00:51.0927 3736 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
11:00:52.0005 3736 sffdisk - ok
11:00:52.0021 3736 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
11:00:52.0037 3736 sffp_mmc - ok
11:00:52.0047 3736 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
11:00:52.0062 3736 sffp_sd - ok
11:00:52.0074 3736 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
11:00:52.0139 3736 sfloppy - ok
11:00:52.0161 3736 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
11:00:52.0210 3736 SharedAccess - ok
11:00:52.0266 3736 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
11:00:52.0311 3736 ShellHWDetection - ok
11:00:52.0331 3736 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
11:00:52.0344 3736 sisagp - ok
11:00:52.0371 3736 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
11:00:52.0385 3736 SiSRaid2 - ok
11:00:52.0410 3736 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
11:00:52.0424 3736 SiSRaid4 - ok
11:00:52.0543 3736 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
11:00:52.0687 3736 slsvc - ok
11:00:52.0774 3736 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
11:00:52.0809 3736 SLUINotify - ok
11:00:52.0828 3736 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
11:00:52.0861 3736 Smb - ok
11:00:52.0896 3736 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
11:00:52.0923 3736 SNMPTRAP - ok
11:00:52.0936 3736 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
11:00:52.0949 3736 spldr - ok
11:00:53.0011 3736 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
11:00:53.0084 3736 Spooler - ok
11:00:53.0195 3736 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
11:00:53.0275 3736 srv - ok
11:00:53.0313 3736 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
11:00:53.0360 3736 srv2 - ok
11:00:53.0371 3736 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
11:00:53.0399 3736 srvnet - ok
11:00:53.0425 3736 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
11:00:53.0477 3736 SSDPSRV - ok
11:00:53.0529 3736 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
11:00:53.0571 3736 SstpSvc - ok
11:00:53.0601 3736 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
11:00:53.0625 3736 StillCam - ok
11:00:53.0662 3736 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
11:00:53.0710 3736 stisvc - ok
11:00:53.0759 3736 stllssvr (51778fd315c9882f1cbd932743e62a72) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
11:00:53.0773 3736 stllssvr ( UnsignedFile.Multi.Generic ) - warning
11:00:53.0773 3736 stllssvr - detected UnsignedFile.Multi.Generic (1)
11:00:53.0793 3736 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
11:00:53.0805 3736 swenum - ok
11:00:53.0838 3736 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
11:00:53.0891 3736 swprv - ok
11:00:53.0916 3736 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
11:00:53.0929 3736 Symc8xx - ok
11:00:53.0958 3736 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
11:00:53.0971 3736 Sym_hi - ok
11:00:54.0000 3736 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
11:00:54.0013 3736 Sym_u3 - ok
11:00:54.0051 3736 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
11:00:54.0135 3736 SysMain - ok
11:00:54.0163 3736 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
11:00:54.0210 3736 TabletInputService - ok
11:00:54.0244 3736 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
11:00:54.0284 3736 TapiSrv - ok
11:00:54.0306 3736 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
11:00:54.0364 3736 TBS - ok
11:00:54.0444 3736 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
11:00:54.0484 3736 Tcpip - ok
11:00:54.0499 3736 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
11:00:54.0534 3736 Tcpip6 - ok
11:00:54.0552 3736 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
11:00:54.0596 3736 tcpipreg - ok
11:00:54.0627 3736 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
11:00:54.0658 3736 TDPIPE - ok
11:00:54.0694 3736 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
11:00:54.0725 3736 TDTCP - ok
11:00:54.0745 3736 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
11:00:54.0786 3736 tdx - ok
11:00:54.0841 3736 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
11:00:54.0855 3736 TermDD - ok
11:00:54.0896 3736 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
11:00:54.0963 3736 TermService - ok
11:00:55.0024 3736 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
11:00:55.0047 3736 Themes - ok
11:00:55.0070 3736 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
11:00:55.0104 3736 THREADORDER - ok
11:00:55.0122 3736 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
11:00:55.0171 3736 TrkWks - ok
11:00:55.0214 3736 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
11:00:55.0245 3736 TrustedInstaller - ok
11:00:55.0272 3736 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:00:55.0317 3736 tssecsrv - ok
11:00:55.0354 3736 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
11:00:55.0381 3736 tunmp - ok
11:00:55.0409 3736 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
11:00:55.0445 3736 tunnel - ok
11:00:55.0484 3736 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
11:00:55.0498 3736 uagp35 - ok
11:00:55.0541 3736 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
11:00:55.0584 3736 udfs - ok
11:00:55.0617 3736 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
11:00:55.0654 3736 UI0Detect - ok
11:00:55.0678 3736 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
11:00:55.0691 3736 uliagpkx - ok
11:00:55.0719 3736 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
11:00:55.0736 3736 uliahci - ok
11:00:55.0756 3736 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
11:00:55.0771 3736 UlSata - ok
11:00:55.0799 3736 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
11:00:55.0814 3736 ulsata2 - ok
11:00:55.0836 3736 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
11:00:55.0880 3736 umbus - ok
11:00:55.0907 3736 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
11:00:55.0955 3736 upnphost - ok
11:00:56.0026 3736 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
11:00:56.0077 3736 USBAAPL - ok
11:00:56.0099 3736 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
11:00:56.0138 3736 usbccgp - ok
11:00:56.0166 3736 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
11:00:56.0235 3736 usbcir - ok
11:00:56.0297 3736 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
11:00:56.0341 3736 usbehci - ok
11:00:56.0368 3736 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
11:00:56.0414 3736 usbhub - ok
11:00:56.0464 3736 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
11:00:56.0504 3736 usbohci - ok
11:00:56.0523 3736 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
11:00:56.0560 3736 usbprint - ok
11:00:56.0584 3736 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
11:00:56.0621 3736 usbscan - ok
11:00:56.0685 3736 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:00:56.0718 3736 USBSTOR - ok
11:00:56.0734 3736 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
11:00:56.0787 3736 usbuhci - ok
11:00:56.0817 3736 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
11:00:56.0860 3736 UxSms - ok
11:00:56.0899 3736 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
11:00:56.0956 3736 vds - ok
11:00:56.0984 3736 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
11:00:57.0056 3736 vga - ok
11:00:57.0079 3736 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
11:00:57.0112 3736 VgaSave - ok
11:00:57.0128 3736 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
11:00:57.0141 3736 viaagp - ok
11:00:57.0162 3736 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
11:00:57.0223 3736 ViaC7 - ok
11:00:57.0240 3736 viaide (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys
11:00:57.0253 3736 viaide - ok
11:00:57.0280 3736 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
11:00:57.0294 3736 volmgr - ok
11:00:57.0333 3736 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
11:00:57.0353 3736 volmgrx - ok
11:00:57.0388 3736 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
11:00:57.0406 3736 volsnap - ok
11:00:57.0433 3736 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
11:00:57.0449 3736 vsmraid - ok
11:00:57.0508 3736 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
11:00:57.0616 3736 VSS - ok
11:00:57.0665 3736 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
11:00:57.0717 3736 W32Time - ok
11:00:57.0763 3736 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
11:00:57.0816 3736 WacomPen - ok
11:00:57.0841 3736 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:00:57.0873 3736 Wanarp - ok
11:00:57.0878 3736 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:00:57.0903 3736 Wanarpv6 - ok
11:00:57.0946 3736 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
11:00:57.0997 3736 wcncsvc - ok
11:00:58.0028 3736 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
11:00:58.0056 3736 WcsPlugInService - ok
11:00:58.0078 3736 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
11:00:58.0091 3736 Wd - ok
11:00:58.0121 3736 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
11:00:58.0169 3736 Wdf01000 - ok
11:00:58.0223 3736 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
11:00:58.0272 3736 WdiServiceHost - ok
11:00:58.0276 3736 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
11:00:58.0312 3736 WdiSystemHost - ok
11:00:58.0342 3736 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
11:00:58.0367 3736 WebClient - ok
11:00:58.0396 3736 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
11:00:58.0464 3736 Wecsvc - ok
11:00:58.0486 3736 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
11:00:58.0525 3736 wercplsupport - ok
11:00:58.0557 3736 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
11:00:58.0585 3736 WerSvc - ok
11:00:58.0633 3736 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
11:00:58.0680 3736 winachsf - ok
11:00:58.0752 3736 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
11:00:58.0771 3736 WinDefend - ok
11:00:58.0781 3736 WinHttpAutoProxySvc - ok
11:00:58.0836 3736 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
11:00:58.0882 3736 Winmgmt - ok
11:00:58.0945 3736 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
11:00:58.0996 3736 WinRM - ok
11:00:59.0055 3736 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
11:00:59.0137 3736 Wlansvc - ok
11:00:59.0257 3736 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:00:59.0339 3736 wlidsvc - ok
11:00:59.0444 3736 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
11:00:59.0508 3736 WmiAcpi - ok
11:00:59.0567 3736 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
11:00:59.0610 3736 wmiApSrv - ok
11:00:59.0782 3736 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
11:00:59.0854 3736 WMPNetworkSvc - ok
11:00:59.0886 3736 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
11:00:59.0930 3736 WPCSvc - ok
11:00:59.0958 3736 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
11:01:00.0007 3736 WPDBusEnum - ok
11:01:00.0091 3736 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
11:01:00.0115 3736 WpdUsb - ok
11:01:00.0335 3736 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:01:00.0368 3736 WPFFontCache_v0400 - ok
11:01:00.0446 3736 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
11:01:00.0477 3736 ws2ifsl - ok
11:01:00.0504 3736 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\system32\wscsvc.dll
11:01:00.0539 3736 wscsvc - ok
11:01:00.0544 3736 WSearch - ok
11:01:00.0650 3736 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
11:01:00.0723 3736 wuauserv - ok
11:01:00.0844 3736 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:01:00.0887 3736 WUDFRd - ok
11:01:00.0912 3736 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
11:01:00.0961 3736 wudfsvc - ok
11:01:00.0990 3736 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
11:01:01.0024 3736 XAudio - ok
11:01:01.0055 3736 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe
11:01:01.0077 3736 XAudioService - ok
11:01:01.0134 3736 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
11:01:01.0169 3736 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
11:01:01.0169 3736 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
11:01:01.0248 3736 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:01:01.0249 3736 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:01:01.0273 3736 Boot (0x1200) (28b29f6d0b3e49cf85dd7a29d635422f) \Device\Harddisk0\DR0\Partition0
11:01:01.0275 3736 \Device\Harddisk0\DR0\Partition0 - ok
11:01:01.0290 3736 Boot (0x1200) (bcd9b5623aaf8aa07cd8399324f4b8c4) \Device\Harddisk0\DR0\Partition1
11:01:01.0292 3736 \Device\Harddisk0\DR0\Partition1 - ok
11:01:01.0292 3736 ============================================================
11:01:01.0292 3736 Scan finished
11:01:01.0292 3736 ============================================================
11:01:01.0309 5496 Detected object count: 13
11:01:01.0309 5496 Actual detected object count: 13
11:01:10.0585 5496 DSBrokerService ( UnsignedFile.Multi.Generic ) - skipped by user
11:01:10.0585 5496 DSBrokerService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:01:10.0585 5496 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user
11:01:10.0585 5496 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:01:10.0589 5496 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
11:01:10.0589 5496 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:01:10.0593 5496 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:01:10.0593 5496 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:01:10.0596 5496 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
11:01:10.0596 5496 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:01:10.0599 5496 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:01:10.0599 5496 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:01:10.0602 5496 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:01:10.0602 5496 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:01:10.0605 5496 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
11:01:10.0606 5496 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:01:10.0609 5496 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - skipped by user
11:01:10.0609 5496 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:01:10.0612 5496 RoxWatch9 ( UnsignedFile.Multi.Generic ) - skipped by user
11:01:10.0612 5496 RoxWatch9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:01:10.0615 5496 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
11:01:10.0615 5496 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:01:10.0666 5496 \Device\Harddisk0\DR0\# - copied to quarantine
11:01:10.0667 5496 \Device\Harddisk0\DR0 - copied to quarantine
11:01:10.0683 5496 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
11:01:10.0689 5496 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
11:01:23.0107 5496 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
11:01:23.0325 5496 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
11:01:23.0765 5496 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
11:01:24.0063 5496 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
11:01:24.0065 5496 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
11:01:24.0067 5496 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
11:01:24.0070 5496 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
11:01:24.0312 5496 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
11:01:24.0525 5496 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
11:01:24.0527 5496 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
11:01:24.0566 5496 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
11:01:24.0567 5496 \Device\Harddisk0\DR0 - ok
11:01:24.0628 5496 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
11:01:24.0629 5496 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:01:24.0629 5496 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
11:02:31.0317 5924 Deinitialize success

#14 Brewsky

Brewsky
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 13 May 2012 - 11:57 AM

The PC is operating better now. Avast seems to have stopped the pop-ups warning me that Malware was trying to call out.

But the Add On's box pops up each time I launch a new session of IE8. It seems to be telling me the search provider has a problem. It was default Google, but it shows Bing as the default and will not let me change it, delete it, etc.

Oveall it may be a little slower, but it's not that robust of a machine and needs more memory.

Thanks.

Brewsky

#15 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:52 AM

Posted 13 May 2012 - 12:33 PM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
    IE - HKU\S-1-5-21-4122650406-24239967-75659528-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-4122650406-24239967-75659528-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-4122650406-24239967-75659528-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:sour
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Does that fix the IE8 problem?

unite_blue.png

Please post the final results, good or bad. We like to know!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users