Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need assist with Malware removal


  • This topic is locked This topic is locked
28 replies to this topic

#1 Froghammer

Froghammer

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 14 July 2012 - 01:25 PM

I am being redirected to undesired sites when I use search functions. This does not happen all the time, it started with Bing only, now it's happening on yahoo search too. Ran Malwarebytes Anti-Malware, found and removed several threats but the problem is still occurring. I had to reinstall MS security essentials as the virus had locked me out. I am in the process of doing the 'Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help' checklist but I am stuck on the step 5 Enable Firewall. I am locked out of the firewall utility in control panel. I tried to enable the firewall via the run command: 'netsh firewall set opmode enable' but have no way to know if the firewall is on. May proceed with the checklist and move onto step 6. Disable your CD Emulation Software and step 7. Download and Run DDS without knowing where I'm at with the firewall?

Thanks

John G

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:40 PM

Posted 15 July 2012 - 12:32 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


Go ahead and move on to these


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Froghammer

Froghammer
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 15 July 2012 - 09:22 PM

Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 26
Java version out of Date!
Adobe Reader X (10.1.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:40 PM

Posted 15 July 2012 - 09:25 PM

Greetings Froghammer


Let me have the DDS report when it is complete



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Froghammer

Froghammer
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 15 July 2012 - 09:50 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by John at 21:29:03 on 2012-07-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3199.1944 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Contour Shuttle\ShuttleEngine.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C

Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Contour Shuttle\ShuttleHelper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\John\Application Data\Dropbox\bin\Dropbox.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Documents and Settings\John\Local Settings\Application

Data\Google\Chrome\Application\20.0.1132.57\chrome_frame_helper.exe
C:\Program Files\Cobian Backup 8\cbService.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John\Desktop\Defogger.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} -

c:\progra~1\mi1933~1\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common

files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program

files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} -

c:\progra~1\mi1933~1\office14\URLREDIR.DLL
BHO: SoThink Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program

files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program

files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows

live\toolbar\wltcore.dll
TB: SoThink Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program

files\ask.com\GenericAskToolbar.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [Facebook Update] "c:\documents and settings\john\local settings\application

data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Google Update] "c:\documents and settings\john\local settings\application

data\google\update\GoogleUpdate.exe" /c
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ChromeFrameHelper] "c:\documents and settings\john\local settings\application

data\google\chrome\application\20.0.1132.57\chrome_frame_helper.exe" --startup
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Contour Shuttle Device Helper] c:\program files\contour shuttle\ShuttleHelper.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [wbspi] "c:\windows\system32\rundll32.exe" "c:\documents and settings\john\application

data\wbspi.dll",UVAtlasPartition
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Cobian Backup 8 interface] "c:\program files\cobian backup 8\cbInterface.exe" -service
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\john\startm~1\programs\startup\ding!.lnk - c:\program files\southwest

airlines\ding\Ding.exe
StartupFolder: c:\docume~1\john\startm~1\programs\startup\dropbox.lnk - c:\documents and

settings\john\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\john\startm~1\programs\startup\hotsyn~1.lnk - c:\palm\HOTSYNC.EXE
StartupFolder: c:\docume~1\john\startm~1\programs\startup\onenot~1.lnk - c:\program

files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\docume~1\john\startm~1\programs\startup\palmon~1.lnk - d:\mary's palm

backup\register.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program

files\adobe\acrobat 4.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program

files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program

files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program

files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program

files\windows desktop search\WindowsSearch.exe
IE: Append Link Target to Existing PDF - c:\program files\common

files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common

files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common

files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common

files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program

files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program

files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program

files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program

files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1309571

055328
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F4D10716-6F96-48E9-8A08-7E3AD71054AD} - hxxps://qbo.intuit.com/c36/v49.217/qboimax9.cab
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 192.168.1.1
TCP: Interfaces\{10C3C4C5-566A-48E2-8DDC-851204BD7EAC} : DhcpNameServer = 68.105.28.12

68.105.29.12 68.105.28.11 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common

files\microsoft shared\office14\MSOXMLMF.DLL
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\documents and settings\john\local

settings\application data\google\chrome\application\20.0.1132.57\npchrome_frame.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program

files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program

files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} -

c:\progra~1\mi1933~1\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys

[2012-3-20 171064]
R1 MpKslb6d1b6ed;MpKslb6d1b6ed;c:\documents and settings\all users\application

data\microsoft\microsoft antimalware\definition

updates\{09116350-2c3c-4ca7-80ce-4d865994ecdd}\MpKslb6d1b6ed.sys [2012-7-12 29904]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-7-2 54760]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2012-1-3 10384]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application

data\skype\toolbars\skype c2c service\c2c_service.exe [2012-6-19 3048136]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE

ykx32mpcoinst,serviceStartProc [?]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network

Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-6-27 332928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update

Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-10 250056]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family

safety\fsssvc.exe [2010-4-28 704872]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit

Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft

shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache

4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18

753504]
.
=============== Created Last 30 ================
.
2012-07-14 03:46:50 -------- d-----w- c:\program files\Cobian Backup 8
2012-07-14 03:41:07 43904 -c----w- c:\windows\system32\dllcache\sbp2port.sys
2012-07-14 03:41:07 43904 ------w- c:\windows\system32\drivers\sbp2port.sys
2012-07-12 06:15:55 205072 ------w- c:\windows\system32\drivers\tmcomm.sys
2012-07-12 05:26:12 56200 ------w- c:\documents and settings\all users\application

data\microsoft\microsoft antimalware\definition

updates\{09116350-2c3c-4ca7-80ce-4d865994ecdd}\offreg.dll
2012-07-12 05:26:12 29904 ------w- c:\documents and settings\all users\application

data\microsoft\microsoft antimalware\definition

updates\{09116350-2c3c-4ca7-80ce-4d865994ecdd}\MpKslb6d1b6ed.sys
2012-07-12 05:21:46 6762896 ------w- c:\documents and settings\all users\application

data\microsoft\microsoft antimalware\definition

updates\{09116350-2c3c-4ca7-80ce-4d865994ecdd}\mpengine.dll
2012-07-12 05:18:43 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-12 04:40:23 146 ------w- c:\documents and settings\john\application

data\mtcfo.dll
2012-07-12 04:38:07 146 ------w- c:\documents and settings\john\application

data\plpldr.dll
2012-07-12 04:35:50 146 ------w- c:\documents and settings\john\application

data\msatu.dll
2012-07-12 04:33:33 146 ------w- c:\documents and settings\john\application

data\werai.dll
2012-07-12 04:26:14 -------- d-----w- c:\documents and settings\john\local

settings\application data\{550E0780-CBD9-11E1-8270-B8AC6F996F26}
2012-07-12 04:26:03 146 ------w- c:\documents and settings\john\application

data\winsh.dll
2012-07-12 04:23:46 146 ------w- c:\documents and settings\john\application

data\nsdve.dll
2012-07-12 04:23:31 370688 ------w- c:\documents and settings\john\application

data\wbspi.dll
2012-07-12 04:23:08 55808 ---h--w- c:\windows\system32\notead32.dll
2012-07-12 04:22:41 -------- d-----w- c:\documents and settings\all

users\application data\F4D55EDB0000783300002175D151FC4E
2012-06-23 10:51:10 -------- d-----w- c:\program files\Dropbox
.
==================== Find3M ====================
.
2012-07-15 17:06:07 2071 ----a-w- c:\windows\panose.bin
2012-07-12 04:22:44 70344 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 04:22:44 426184 ------w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 18:46:44 22344 ------w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19:59 1866112 ------w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ------w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ------w- c:\windows\system32\schannel.dll
2012-06-02 20:19:44 22040 ------w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ------w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ------w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34 15384 ------w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30 17944 ------w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:18:58 275696 ------w- c:\windows\system32\mucltui.dll
2012-06-02 20:18:58 214256 ------w- c:\windows\system32\muweb.dll
2012-06-02 20:18:58 17136 ------w- c:\windows\system32\mucltui.dll.mui
2012-05-31 17:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-31 13:22:09 599040 ------w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ------w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-08 23:53:29 11881936 ------w- c:\documents and settings\john\gosetup.exe
2012-05-04 13:16:13 2148352 ------w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 21:47:40.53 ===============

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:40 PM

Posted 15 July 2012 - 09:52 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Froghammer

Froghammer
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 15 July 2012 - 09:52 PM

DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/1/2011 3:58:57 PM
System Uptime: 7/11/2012 11:45:35 PM (94 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5W DH Deluxe
Processor: Intel® Core™2 CPU 6300 @ 1.86GHz | LGA 775 | 1869/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 33.989 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 36.583 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 932 GiB total, 0.028 GiB free.
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:
.
==== System Restore Points ===================
.
RP504: 7/15/2012 1:08:01 AM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Acrobat 4.0
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Digital Editions
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe PageMaker 6.5
Adobe Photoshop 5.5
Adobe Reader X (10.1.1)
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AviSynth 2.5
Bonjour
BufferChm
CDDRV_Installer
Cobian Backup 8
Contour Shuttle
Copy
CustomerResearchQFolder
Debugging Tools for Windows (x86)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
Dropbox
Duplicate Commander 2.2
DVD Architect Studio 5.0
erLT
eSupportQFolder
Facebook Video Calling 1.2.0.159
ffdshow [rev 2583] [2009-01-05]
File Type Assistant
FileZilla Client 3.5.3
Flip Album
FlipShare
FoxTab PDF Converter
Free File Converter 2011
Google Chrome Frame
Google Talk Plugin
GoToMyPC
Haali Media Splitter
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
InfraRecorder
iTunes
Java Auto Updater
Java™ 6 Update 26
Junk Mail filter update
KhalInstallWrapper
Logitech SetPoint
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Expression Encoder 4
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft RichCopy 4.0
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Windows SDK for Windows 7 (7.1)
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MSVCRT
MSVCRT Redists
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NewBlue Titler and VideoFX for Sony Vegas MSPPS
NVIDIA Control Panel 275.36
NVIDIA Graphics Driver 275.36
NVIDIA Install Application
NVIDIA nView 135.85
NVIDIA nView Desktop Manager
Octoshape add-in for Adobe Flash Player
office Convert Pdf to Jpg Jpeg Tiff Free 6.4
On2 Technologies Flix Standard
Palm Desktop
PS_AIO_Software
PS_AIO_Software_min
PSSWCORE
QuickTime
Realtek High Definition Audio Driver
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Segoe UI
Skype Click to Call
Skype™ 5.10
SolutionCenter
Sony Noise Reduction Plug-In 2.0h
Sony Vocal Eraser
Sothink FLV Player
Sothink Video Converter
Sound Forge Audio Studio 10.0
Status
TeraCopy 2.12
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vegas Movie Studio HD Platinum 11.0
VideoToolkit01
WebFldrs XP
WebReg
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
.
==== Event Viewer Messages From Past Week ========
.
7/15/2012 2:08:12 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an

error trying to update signatures. New Signature Version: Previous Signature Version:

1.129.1483.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default

URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM

Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error

description: The specified service does not exist as an installed service.
7/15/2012 12:50:14 AM, error: sr [1] - The System Restore filter encountered the unexpected error

'0xC000007F' while processing the file 'ftp.intera .. gazine.org' on the volume 'HarddiskVolume5'.

It has stopped monitoring the volume.
7/15/2012 12:29:22 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered

an error trying to update signatures. New Signature Version: Previous Signature Version:

1.129.1483.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default

URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM

Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error

description: The specified service does not exist as an installed service.
7/15/2012 12:29:16 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered

an error trying to update signatures. New Signature Version: Previous Signature Version:

1.129.1483.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default

URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM

Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error

description: The specified service does not exist as an installed service.
7/14/2012 12:29:21 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered

an error trying to update signatures. New Signature Version: Previous Signature Version:

1.129.1483.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default

URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM

Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error

description: The specified service does not exist as an installed service.
7/14/2012 12:29:17 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered

an error trying to update signatures. New Signature Version: Previous Signature Version:

1.129.1483.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default

URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM

Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error

description: The specified service does not exist as an installed service.
7/13/2012 12:29:14 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered

an error trying to update signatures. New Signature Version: Previous Signature Version:

1.129.1483.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default

URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM

Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error

description: The specified service does not exist as an installed service.
7/13/2012 12:29:13 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered

an error trying to update signatures. New Signature Version: Previous Signature Version:

1.129.1483.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default

URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM

Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error

description: The specified service does not exist as an installed service.
7/12/2012 12:20:09 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered

an error trying to update signatures. New Signature Version: Previous Signature Version:

0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default

URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM

Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error

description: The specified service does not exist as an installed service.
7/12/2012 12:19:25 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered

an error trying to update signatures. New Signature Version: Previous Signature Version:

0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default

URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM

Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error

description: The specified service does not exist as an installed service.
7/12/2012 1:32:20 AM, error: PlugPlayManager [11] - The device Root\LEGACY_TMCOMM\0000 disappeared

from the system without first being prepared for removal.
7/11/2012 9:39:46 AM, error: DCOM [10000] - Unable to start a DCOM Server:

{E8188F4B-3769-4A7C-8A59-9C41504C0A8B}. The error: "%2" Happened while starting this command:

C:\Program Files\Adobe\Adobe Photoshop CS5.1\Photoshop.exe /Automation -Embedding
7/11/2012 11:32:24 PM, error: Service Control Manager [7023] - The Computer Browser service

terminated with the following error: The specified service does not exist as an installed service.
7/11/2012 11:26:14 PM, error: Service Control Manager [7034] - The GoToMyPC service terminated

unexpectedly. It has done this 1 time(s).
7/11/2012 10:57:10 AM, error: Print [6161] - The document Intuit owned by John failed to print on

printer GoToMyPC Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 728700. Number of

bytes printed: 524288. Total number of pages in the document: 1. Number of pages printed: 0. Client

machine: \\GIBS. Win32 error code returned by the print processor: 2 (0x2).
7/10/2012 11:37:29 AM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
.
==== End Of File ===========================

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:40 PM

Posted 15 July 2012 - 10:09 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Froghammer

Froghammer
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 16 July 2012 - 12:48 AM

The ComboFix ran fine. It did need to reload MS Recoverery Console and rebooted 3 times.

I now have access to the firewall settings that were totally inaccessable before.

Bing Yahoo and Google work fine. But I do get a this warning "Security Alert You are about to leave a secure Internet connection. It will be possible for others to view information you send. Do you want to continue? And the opposite, "You are about to view a secure site....." Not sure what that is. I'm not familiar with this feature.


ComboFix 12-07-14.01 - John 07/16/2012 0:01.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3199.2680 [GMT -5:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\documents and settings\John\Application Data\msatu.dll
c:\documents and settings\John\Application Data\mtcfo.dll
c:\documents and settings\John\Application Data\nsdve.dll
c:\documents and settings\John\Application Data\plpldr.dll
c:\documents and settings\John\Application Data\wbspi.dll
c:\documents and settings\John\Application Data\werai.dll
c:\documents and settings\John\Application Data\winsh.dll
c:\documents and settings\John\Favorites\Thumbs.db
c:\documents and settings\John\Local Settings\Application Data\{43c06d04-ecde-ea11-a1f5-1f0c9a03537b}
c:\documents and settings\John\Local Settings\Application Data\{43c06d04-ecde-ea11-a1f5-1f0c9a03537b}\@
c:\documents and settings\John\Local Settings\Application Data\{43c06d04-ecde-ea11-a1f5-1f0c9a03537b}\n
c:\documents and settings\John\Start Menu\Programs\Live Security Platinum
c:\documents and settings\John\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk
c:\documents and settings\John\WINDOWS
c:\windows\$NtUninstallKB43388$
c:\windows\$NtUninstallKB43388$\776704200
c:\windows\EventSystem.log
c:\windows\Installer\{43c06d04-ecde-ea11-a1f5-1f0c9a03537b}
c:\windows\Installer\{43c06d04-ecde-ea11-a1f5-1f0c9a03537b}\@
c:\windows\system32\AutoRun.inf
c:\windows\system32\office.exe
c:\windows\system32\SET8D.tmp
c:\windows\system32\SET91.tmp
c:\windows\system32\SET99.tmp
c:\windows\system32\tempdir
c:\windows\system32\tempdir\tinypdf.chm
c:\windows\system32\tempdir\tinypdf.dll
c:\windows\system32\tempdir\tinypdf1.dll
c:\windows\system32\tempdir\tinypdf2.dll
F:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-06-16 to 2012-07-16 )))))))))))))))))))))))))))))))
.
.
2012-07-16 04:31 . 2012-06-18 08:14 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E68DE46C-B533-42CA-BC03-6503F3660EAD}\mpengine.dll
2012-07-14 03:46 . 2012-07-14 03:47 -------- d-----w- c:\program files\Cobian Backup 8
2012-07-14 03:41 . 2008-04-14 05:10 43904 -c----w- c:\windows\system32\dllcache\sbp2port.sys
2012-07-14 03:41 . 2008-04-14 05:10 43904 ------w- c:\windows\system32\drivers\sbp2port.sys
2012-07-12 06:15 . 2012-07-12 06:15 205072 ------w- c:\windows\system32\drivers\tmcomm.sys
2012-07-12 05:18 . 2012-07-12 05:19 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-12 04:26 . 2012-07-12 04:26 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\{550E0780-CBD9-11E1-8270-B8AC6F996F26}
2012-07-12 04:23 . 2012-07-12 04:23 55808 ---h--w- c:\windows\system32\notead32.dll
2012-07-12 04:22 . 2012-07-12 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D55EDB0000783300002175D151FC4E
2012-06-27 02:32 . 2012-06-27 02:32 -------- d-----w- c:\program files\Common Files\Skype
2012-06-23 10:51 . 2012-06-23 10:51 -------- d-----w- c:\program files\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 04:22 . 2012-04-10 13:28 426184 ------w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 04:22 . 2011-07-06 03:59 70344 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 18:46 . 2011-12-22 05:11 22344 ------w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19 . 2008-09-15 12:12 1866112 ------w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-09-04 17:15 1172480 ------w- c:\windows\system32\msxml3.dll
2012-06-05 15:50 . 2008-04-14 12:00 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-04 04:32 . 2008-04-14 12:00 152576 ------w- c:\windows\system32\schannel.dll
2012-06-02 20:19 . 2009-08-07 00:24 22040 ------w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2011-07-01 20:52 329240 ------w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2011-07-01 20:52 210968 ------w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2011-07-01 20:52 219160 ------w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2009-08-07 00:24 15384 ------w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2011-07-01 20:52 53784 ------w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2011-07-01 20:52 35864 ------w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2009-08-07 00:24 45080 ------w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2009-08-07 00:24 15384 ------w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2008-04-14 12:00 97304 ------w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2009-08-07 00:24 17944 ------w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2011-07-01 20:52 577048 ------w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2011-07-01 20:52 1933848 ------w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2011-07-02 19:17 275696 ------w- c:\windows\system32\mucltui.dll
2012-06-02 20:18 . 2011-07-02 19:17 17136 ------w- c:\windows\system32\mucltui.dll.mui
2012-06-02 20:18 . 2009-08-07 00:23 214256 ------w- c:\windows\system32\muweb.dll
2012-05-31 17:25 . 2011-07-02 15:06 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-31 13:22 . 2008-04-14 12:00 599040 ------w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2008-10-16 01:00 916992 ------w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-05-08 23:53 . 2012-05-08 23:51 11881936 ------w- c:\documents and settings\John\gosetup.exe
2012-05-04 13:16 . 2008-08-14 10:09 2148352 ------w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2008-08-14 09:33 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2011-07-01 20:50 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 04:44 1400712 ------w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ------w- c:\documents and settings\John\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ------w- c:\documents and settings\John\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ------w- c:\documents and settings\John\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ------w- c:\documents and settings\John\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
"Facebook Update"="c:\documents and settings\John\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"ChromeFrameHelper"="c:\documents and settings\John\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\chrome_frame_helper.exe" [2012-07-10 96792]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-26 13895272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-05-26 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"Contour Shuttle Device Helper"="c:\program files\Contour Shuttle\ShuttleHelper.exe" [2011-02-14 118784]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"Cobian Backup 8 interface"="c:\program files\Cobian Backup 8\cbInterface.exe" [2007-09-27 2425856]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]
.
c:\documents and settings\John\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [N/A]
Dropbox.lnk - c:\documents and settings\John\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
HotSync Manager.lnk - c:\palm\HOTSYNC.EXE [2004-4-13 299008]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
palmOne Registration.lnk - d:\mary's palm backup\register.exe [2005-9-19 2367488]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe [2011-10-18 43520]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-1-3 813584]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
2011-11-13 12:53 15216 ------w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 18:28 72208 ------w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [1/3/2012 8:00 PM 10384]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [6/19/2012 5:32 PM 3048136]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [6/27/2008 1:39 AM 332928]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/7/2012 7:12 PM 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/10/2012 8:28 AM 250056]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 04:22]
.
2012-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-507921405-1275210071-1177238915-1003Core.job
- c:\documents and settings\John\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-10-06 22:27]
.
2012-07-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-507921405-1275210071-1177238915-1003UA.job
- c:\documents and settings\John\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-10-06 22:27]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1275210071-1177238915-1003Core.job
- c:\documents and settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 11:53]
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1275210071-1177238915-1003UA.job
- c:\documents and settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 11:53]
.
2012-07-16 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
.
2012-07-16 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-29 04:44]
.
2012-07-16 c:\windows\Tasks\User_Feed_Synchronization-{D9DD9A77-C5A2-4398-A8D2-F35609907D7B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 192.168.1.1
DPF: {F4D10716-6F96-48E9-8A08-7E3AD71054AD} - hxxps://qbo.intuit.com/c36/v49.217/qboimax9.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-wbspi - c:\documents and settings\John\Application Data\wbspi.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-16 00:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1052)
c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(2040)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\documents and settings\John\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\chrome_frame_helper.dll
c:\documents and settings\John\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MI1933~1\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cobian Backup 8\cbService.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Citrix\GoToMyPC\g2svc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Citrix\GoToMyPC\g2comm.exe
c:\program files\Citrix\GoToMyPC\g2pre.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Contour Shuttle\ShuttleEngine.exe
c:\program files\Citrix\GoToMyPC\g2tray.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Logitech\SetPoint\LU\LULnchr.exe
c:\program files\Logitech\SetPoint\LU\LogitechUpdate.exe
.
**************************************************************************
.
Completion time: 2012-07-16 00:21:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-16 05:20
.
Pre-Run: 38,784,036,864 bytes free
Post-Run: 46,580,133,888 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 2D6410D7285CCA428A327DE166728B4C

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:40 PM

Posted 16 July 2012 - 12:50 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Froghammer

Froghammer
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 16 July 2012 - 01:06 AM

00:59:03.0421 3908 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
00:59:03.0921 3908 ============================================================
00:59:03.0921 3908 Current date / time: 2012/07/16 00:59:03.0921
00:59:03.0921 3908 SystemInfo:
00:59:03.0921 3908
00:59:03.0921 3908 OS Version: 5.1.2600 ServicePack: 3.0
00:59:03.0921 3908 Product type: Workstation
00:59:03.0921 3908 ComputerName: GIBS
00:59:03.0921 3908 UserName: John
00:59:03.0921 3908 Windows directory: C:\WINDOWS
00:59:03.0921 3908 System windows directory: C:\WINDOWS
00:59:03.0921 3908 Processor architecture: Intel x86
00:59:03.0921 3908 Number of processors: 2
00:59:03.0921 3908 Page size: 0x1000
00:59:03.0921 3908 Boot type: Normal boot
00:59:03.0921 3908 ============================================================
00:59:07.0078 3908 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:59:07.0093 3908 Drive \Device\Harddisk1\DR1 - Size: 0x747165C000 (465.77 Gb), SectorSize: 0x200, Cylinders: 0xED82, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:59:17.0796 3908 Drive \Device\Harddisk2\DR4 - Size: 0xE8E1000000 (931.52 Gb), SectorSize: 0x200, Cylinders: 0x7649A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x40, Type 'W'
00:59:17.0796 3908 Drive \Device\Harddisk3\DR6 - Size: 0x75400000 (1.83 Gb), SectorSize: 0x200, Cylinders: 0xEF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:59:17.0812 3908 ============================================================
00:59:17.0812 3908 \Device\Harddisk0\DR0:
00:59:17.0812 3908 MBR partitions:
00:59:17.0812 3908 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
00:59:17.0812 3908 \Device\Harddisk1\DR1:
00:59:17.0812 3908 MBR partitions:
00:59:17.0812 3908 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A388AC3
00:59:17.0812 3908 \Device\Harddisk2\DR4:
00:59:17.0812 3908 MBR partitions:
00:59:17.0812 3908 \Device\Harddisk2\DR4\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
00:59:17.0812 3908 \Device\Harddisk3\DR6:
00:59:17.0828 3908 MBR partitions:
00:59:17.0828 3908 \Device\Harddisk3\DR6\Partition0: MBR, Type 0x6, StartLBA 0x89, BlocksNum 0x3A9F77
00:59:17.0828 3908 ============================================================
00:59:17.0859 3908 D: <-> \Device\Harddisk1\DR1\Partition0
00:59:17.0859 3908 C: <-> \Device\Harddisk0\DR0\Partition0
00:59:17.0890 3908 F: <-> \Device\Harddisk2\DR4\Partition0
00:59:17.0890 3908 ============================================================
00:59:17.0890 3908 Initialize success
00:59:17.0890 3908 ============================================================
00:59:48.0656 1624 ============================================================
00:59:48.0656 1624 Scan started
00:59:48.0656 1624 Mode: Manual;
00:59:48.0656 1624 ============================================================
00:59:49.0187 1624 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
00:59:49.0203 1624 61883 - ok
00:59:49.0203 1624 Abiosdsk - ok
00:59:49.0203 1624 abp480n5 - ok
00:59:49.0234 1624 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:59:49.0234 1624 ACPI - ok
00:59:49.0265 1624 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:59:49.0265 1624 ACPIEC - ok
00:59:49.0343 1624 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:59:49.0375 1624 AdobeFlashPlayerUpdateSvc - ok
00:59:49.0375 1624 adpu160m - ok
00:59:49.0421 1624 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:59:49.0421 1624 aec - ok
00:59:49.0453 1624 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:59:49.0453 1624 AFD - ok
00:59:49.0453 1624 Aha154x - ok
00:59:49.0453 1624 aic78u2 - ok
00:59:49.0468 1624 aic78xx - ok
00:59:49.0500 1624 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
00:59:49.0500 1624 Alerter - ok
00:59:49.0515 1624 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
00:59:49.0515 1624 ALG - ok
00:59:49.0515 1624 AliIde - ok
00:59:49.0515 1624 amsint - ok
00:59:49.0609 1624 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:59:49.0609 1624 Apple Mobile Device - ok
00:59:49.0640 1624 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
00:59:49.0640 1624 AppMgmt - ok
00:59:49.0656 1624 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
00:59:49.0656 1624 Arp1394 - ok
00:59:49.0656 1624 asc - ok
00:59:49.0656 1624 asc3350p - ok
00:59:49.0656 1624 asc3550 - ok
00:59:49.0750 1624 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
00:59:49.0750 1624 aspnet_state - ok
00:59:49.0765 1624 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:59:49.0765 1624 AsyncMac - ok
00:59:49.0781 1624 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:59:49.0796 1624 atapi - ok
00:59:49.0796 1624 Atdisk - ok
00:59:49.0812 1624 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:59:49.0812 1624 Atmarpc - ok
00:59:49.0843 1624 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
00:59:49.0843 1624 AudioSrv - ok
00:59:49.0875 1624 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:59:49.0875 1624 audstub - ok
00:59:49.0890 1624 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
00:59:49.0890 1624 Avc - ok
00:59:49.0906 1624 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:59:49.0906 1624 Beep - ok
00:59:49.0953 1624 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
00:59:49.0953 1624 BITS - ok
00:59:50.0000 1624 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
00:59:50.0046 1624 Bonjour Service - ok
00:59:50.0062 1624 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
00:59:50.0062 1624 Browser - ok
00:59:50.0062 1624 catchme - ok
00:59:50.0093 1624 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:59:50.0093 1624 cbidf2k - ok
00:59:50.0109 1624 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:59:50.0109 1624 CCDECODE - ok
00:59:50.0109 1624 cd20xrnt - ok
00:59:50.0140 1624 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:59:50.0140 1624 Cdaudio - ok
00:59:50.0140 1624 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:59:50.0140 1624 Cdfs - ok
00:59:50.0156 1624 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:59:50.0156 1624 Cdrom - ok
00:59:50.0156 1624 Changer - ok
00:59:50.0171 1624 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
00:59:50.0171 1624 CiSvc - ok
00:59:50.0187 1624 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
00:59:50.0187 1624 ClipSrv - ok
00:59:50.0250 1624 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:59:50.0250 1624 clr_optimization_v2.0.50727_32 - ok
00:59:50.0312 1624 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:59:50.0312 1624 clr_optimization_v4.0.30319_32 - ok
00:59:50.0312 1624 CmdIde - ok
00:59:50.0390 1624 CobBMService (c75fb47dd2857b6d8a994f7f993069af) C:\Program Files\Cobian Backup 8\cbService.exe
00:59:50.0437 1624 CobBMService - ok
00:59:50.0437 1624 COMSysApp - ok
00:59:50.0453 1624 Cpqarray - ok
00:59:50.0468 1624 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
00:59:50.0468 1624 CryptSvc - ok
00:59:50.0468 1624 dac2w2k - ok
00:59:50.0468 1624 dac960nt - ok
00:59:50.0515 1624 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
00:59:50.0515 1624 DcomLaunch - ok
00:59:50.0531 1624 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
00:59:50.0531 1624 Dhcp - ok
00:59:50.0546 1624 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:59:50.0546 1624 Disk - ok
00:59:50.0546 1624 dmadmin - ok
00:59:50.0593 1624 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:59:50.0625 1624 dmboot - ok
00:59:50.0640 1624 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:59:50.0640 1624 dmio - ok
00:59:50.0640 1624 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:59:50.0640 1624 dmload - ok
00:59:50.0656 1624 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
00:59:50.0656 1624 dmserver - ok
00:59:50.0671 1624 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:59:50.0671 1624 DMusic - ok
00:59:50.0703 1624 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
00:59:50.0703 1624 Dnscache - ok
00:59:50.0734 1624 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
00:59:50.0734 1624 Dot3svc - ok
00:59:50.0734 1624 dpti2o - ok
00:59:50.0765 1624 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:59:50.0765 1624 drmkaud - ok
00:59:50.0796 1624 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
00:59:50.0796 1624 EapHost - ok
00:59:50.0812 1624 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
00:59:50.0812 1624 ERSvc - ok
00:59:50.0843 1624 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:59:50.0843 1624 Eventlog - ok
00:59:50.0859 1624 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
00:59:50.0859 1624 EventSystem - ok
00:59:50.0875 1624 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:59:50.0875 1624 Fastfat - ok
00:59:50.0906 1624 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:59:50.0906 1624 FastUserSwitchingCompatibility - ok
00:59:50.0937 1624 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
00:59:50.0937 1624 Fdc - ok
00:59:50.0968 1624 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:59:50.0968 1624 Fips - ok
00:59:51.0046 1624 FlipShare Service (53f6c0dd5f36141385668d9341e1acaa) C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
00:59:51.0062 1624 FlipShare Service - ok
00:59:51.0093 1624 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
00:59:51.0093 1624 Flpydisk - ok
00:59:51.0109 1624 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
00:59:51.0109 1624 FltMgr - ok
00:59:51.0187 1624 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:59:51.0187 1624 FontCache3.0.0.0 - ok
00:59:51.0218 1624 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
00:59:51.0218 1624 fssfltr - ok
00:59:51.0296 1624 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
00:59:51.0312 1624 fsssvc - ok
00:59:51.0343 1624 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:59:51.0343 1624 Fs_Rec - ok
00:59:51.0343 1624 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:59:51.0343 1624 Ftdisk - ok
00:59:51.0375 1624 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:59:51.0375 1624 GEARAspiWDM - ok
00:59:51.0468 1624 GoToMyPC (0b53f4306e17025e7685d18c3a77127e) C:\Program Files\Citrix\GoToMyPC\g2svc.exe
00:59:51.0515 1624 GoToMyPC - ok
00:59:51.0515 1624 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:59:51.0515 1624 Gpc - ok
00:59:51.0546 1624 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:59:51.0546 1624 HDAudBus - ok
00:59:51.0578 1624 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:59:51.0578 1624 helpsvc - ok
00:59:51.0593 1624 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
00:59:51.0593 1624 HidServ - ok
00:59:51.0609 1624 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:59:51.0609 1624 HidUsb - ok
00:59:51.0625 1624 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
00:59:51.0625 1624 hkmsvc - ok
00:59:51.0640 1624 hpn - ok
00:59:51.0687 1624 hpqcxs08 (38d6b51f04def7fb248fa56e4c47407e) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
00:59:51.0734 1624 hpqcxs08 - ok
00:59:51.0750 1624 hpqddsvc (3ee4a63539ec04ee2d4bd293985087ab) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
00:59:51.0750 1624 hpqddsvc - ok
00:59:51.0765 1624 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
00:59:51.0765 1624 HPZid412 - ok
00:59:51.0781 1624 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
00:59:51.0781 1624 HPZipr12 - ok
00:59:51.0781 1624 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
00:59:51.0781 1624 HPZius12 - ok
00:59:51.0812 1624 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:59:51.0859 1624 HTTP - ok
00:59:51.0890 1624 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
00:59:51.0890 1624 HTTPFilter - ok
00:59:51.0890 1624 i2omgmt - ok
00:59:51.0890 1624 i2omp - ok
00:59:51.0921 1624 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:59:51.0921 1624 i8042prt - ok
00:59:52.0000 1624 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:59:52.0062 1624 idsvc - ok
00:59:52.0078 1624 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:59:52.0078 1624 Imapi - ok
00:59:52.0109 1624 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
00:59:52.0109 1624 ImapiService - ok
00:59:52.0109 1624 ini910u - ok
00:59:52.0296 1624 IntcAzAudAddService (71ae838a88b07268d732f596fc17ced5) C:\WINDOWS\system32\drivers\RtkHDAud.sys
00:59:52.0328 1624 IntcAzAudAddService - ok
00:59:52.0390 1624 IntelIde - ok
00:59:52.0421 1624 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:59:52.0421 1624 intelppm - ok
00:59:52.0437 1624 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
00:59:52.0437 1624 Ip6Fw - ok
00:59:52.0453 1624 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:59:52.0453 1624 IpFilterDriver - ok
00:59:52.0453 1624 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:59:52.0453 1624 IpInIp - ok
00:59:52.0484 1624 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:59:52.0484 1624 IpNat - ok
00:59:52.0546 1624 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
00:59:52.0578 1624 iPod Service - ok
00:59:52.0593 1624 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:59:52.0593 1624 IPSec - ok
00:59:52.0609 1624 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:59:52.0609 1624 IRENUM - ok
00:59:52.0640 1624 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:59:52.0640 1624 isapnp - ok
00:59:52.0687 1624 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
00:59:52.0703 1624 JavaQuickStarterService - ok
00:59:52.0718 1624 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:59:52.0718 1624 Kbdclass - ok
00:59:52.0750 1624 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:59:52.0750 1624 kbdhid - ok
00:59:52.0781 1624 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:59:52.0796 1624 kmixer - ok
00:59:52.0812 1624 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:59:52.0812 1624 KSecDD - ok
00:59:52.0843 1624 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
00:59:52.0843 1624 L8042Kbd - ok
00:59:52.0859 1624 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
00:59:52.0859 1624 LanmanServer - ok
00:59:52.0906 1624 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
00:59:52.0906 1624 lanmanworkstation - ok
00:59:52.0937 1624 LBeepKE (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys
00:59:52.0937 1624 LBeepKE - ok
00:59:52.0937 1624 lbrtfdc - ok
00:59:53.0000 1624 LBTServ (3af6b73a3ad1fc37c5933441f66ceb91) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
00:59:53.0000 1624 LBTServ - ok
00:59:53.0015 1624 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
00:59:53.0015 1624 LHidFilt - ok
00:59:53.0046 1624 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
00:59:53.0046 1624 LmHosts - ok
00:59:53.0062 1624 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
00:59:53.0062 1624 Messenger - ok
00:59:53.0109 1624 Microsoft SharePoint Workspace Audit Service - ok
00:59:53.0125 1624 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:59:53.0125 1624 mnmdd - ok
00:59:53.0156 1624 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
00:59:53.0156 1624 mnmsrvc - ok
00:59:53.0171 1624 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:59:53.0171 1624 Modem - ok
00:59:53.0203 1624 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:59:53.0203 1624 Mouclass - ok
00:59:53.0203 1624 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:59:53.0203 1624 mouhid - ok
00:59:53.0218 1624 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:59:53.0218 1624 MountMgr - ok
00:59:53.0250 1624 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
00:59:53.0250 1624 MpFilter - ok
00:59:53.0343 1624 MpKsl4bf027ad (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1331F873-C0F1-40AB-AF6F-A7D7FC8C3B8C}\MpKsl4bf027ad.sys
00:59:53.0343 1624 MpKsl4bf027ad - ok
00:59:53.0343 1624 mraid35x - ok
00:59:53.0375 1624 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:59:53.0390 1624 MRxDAV - ok
00:59:53.0421 1624 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:59:53.0437 1624 MRxSmb - ok
00:59:53.0453 1624 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
00:59:53.0453 1624 MSDTC - ok
00:59:53.0500 1624 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
00:59:53.0500 1624 MSDV - ok
00:59:53.0500 1624 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:59:53.0500 1624 Msfs - ok
00:59:53.0500 1624 MSIServer - ok
00:59:53.0546 1624 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:59:53.0546 1624 MSKSSRV - ok
00:59:53.0578 1624 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
00:59:53.0578 1624 MsMpSvc - ok
00:59:53.0609 1624 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:59:53.0609 1624 MSPCLOCK - ok
00:59:53.0625 1624 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:59:53.0625 1624 MSPQM - ok
00:59:53.0656 1624 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:59:53.0671 1624 mssmbios - ok
00:59:53.0687 1624 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
00:59:53.0687 1624 MSTEE - ok
00:59:53.0703 1624 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:59:53.0703 1624 Mup - ok
00:59:53.0718 1624 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:59:53.0718 1624 NABTSFEC - ok
00:59:53.0750 1624 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
00:59:53.0781 1624 napagent - ok
00:59:53.0796 1624 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:59:53.0796 1624 NDIS - ok
00:59:53.0812 1624 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:59:53.0812 1624 NdisIP - ok
00:59:53.0828 1624 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:59:53.0828 1624 NdisTapi - ok
00:59:53.0843 1624 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:59:53.0843 1624 Ndisuio - ok
00:59:53.0859 1624 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:59:53.0859 1624 NdisWan - ok
00:59:53.0875 1624 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:59:53.0875 1624 NDProxy - ok
00:59:53.0906 1624 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll
00:59:53.0906 1624 Net Driver HPZ12 - ok
00:59:53.0906 1624 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:59:53.0906 1624 NetBIOS - ok
00:59:53.0953 1624 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:59:53.0968 1624 NetBT - ok
00:59:53.0984 1624 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:59:53.0984 1624 NetDDE - ok
00:59:53.0984 1624 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:59:53.0984 1624 NetDDEdsdm - ok
00:59:54.0000 1624 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:59:54.0000 1624 Netlogon - ok
00:59:54.0046 1624 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
00:59:54.0046 1624 Netman - ok
00:59:54.0140 1624 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:59:54.0140 1624 NetTcpPortSharing - ok
00:59:54.0156 1624 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
00:59:54.0156 1624 NIC1394 - ok
00:59:54.0187 1624 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
00:59:54.0187 1624 Nla - ok
00:59:54.0187 1624 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:59:54.0187 1624 Npfs - ok
00:59:54.0218 1624 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:59:54.0234 1624 Ntfs - ok
00:59:54.0234 1624 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:59:54.0234 1624 NtLmSsp - ok
00:59:54.0265 1624 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
00:59:54.0281 1624 NtmsSvc - ok
00:59:54.0296 1624 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:59:54.0296 1624 Null - ok
00:59:54.0781 1624 nv (8a88deebf20eb28e21b0081b7604da8f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:59:55.0078 1624 nv - ok
00:59:55.0140 1624 NVSvc (d0d6e4231eed476ecd4f57c02ca71979) C:\WINDOWS\system32\nvsvc32.exe
00:59:55.0156 1624 NVSvc - ok
00:59:55.0171 1624 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:59:55.0171 1624 NwlnkFlt - ok
00:59:55.0187 1624 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:59:55.0187 1624 NwlnkFwd - ok
00:59:55.0203 1624 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
00:59:55.0203 1624 ohci1394 - ok
00:59:55.0250 1624 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:59:55.0250 1624 ose - ok
00:59:55.0484 1624 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:59:55.0578 1624 osppsvc - ok
00:59:55.0640 1624 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
00:59:55.0640 1624 Parport - ok
00:59:55.0671 1624 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:59:55.0671 1624 PartMgr - ok
00:59:55.0687 1624 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:59:55.0687 1624 ParVdm - ok
00:59:55.0718 1624 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:59:55.0718 1624 PCI - ok
00:59:55.0718 1624 PCIDump - ok
00:59:55.0718 1624 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:59:55.0718 1624 PCIIde - ok
00:59:55.0734 1624 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:59:55.0734 1624 Pcmcia - ok
00:59:55.0750 1624 PDCOMP - ok
00:59:55.0750 1624 PDFRAME - ok
00:59:55.0750 1624 PDRELI - ok
00:59:55.0750 1624 PDRFRAME - ok
00:59:55.0765 1624 perc2 - ok
00:59:55.0765 1624 perc2hib - ok
00:59:55.0781 1624 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:59:55.0796 1624 PlugPlay - ok
00:59:55.0796 1624 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll
00:59:55.0796 1624 Pml Driver HPZ12 - ok
00:59:55.0812 1624 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:59:55.0812 1624 PolicyAgent - ok
00:59:55.0828 1624 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:59:55.0828 1624 PptpMiniport - ok
00:59:55.0843 1624 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:59:55.0843 1624 ProtectedStorage - ok
00:59:55.0843 1624 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:59:55.0843 1624 PSched - ok
00:59:55.0875 1624 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:59:55.0875 1624 Ptilink - ok
00:59:55.0875 1624 ql1080 - ok
00:59:55.0875 1624 Ql10wnt - ok
00:59:55.0875 1624 ql12160 - ok
00:59:55.0890 1624 ql1240 - ok
00:59:55.0890 1624 ql1280 - ok
00:59:55.0906 1624 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:59:55.0906 1624 RasAcd - ok
00:59:55.0921 1624 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
00:59:55.0921 1624 RasAuto - ok
00:59:55.0937 1624 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:59:55.0937 1624 Rasl2tp - ok
00:59:55.0953 1624 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
00:59:55.0953 1624 RasMan - ok
00:59:55.0968 1624 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:59:55.0968 1624 RasPppoe - ok
00:59:55.0968 1624 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:59:55.0968 1624 Raspti - ok
00:59:56.0000 1624 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:59:56.0000 1624 Rdbss - ok
00:59:56.0015 1624 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:59:56.0015 1624 RDPCDD - ok
00:59:56.0046 1624 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:59:56.0062 1624 rdpdr - ok
00:59:56.0093 1624 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
00:59:56.0093 1624 RDPWD - ok
00:59:56.0125 1624 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
00:59:56.0140 1624 RDSessMgr - ok
00:59:56.0140 1624 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:59:56.0140 1624 redbook - ok
00:59:56.0171 1624 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
00:59:56.0171 1624 RemoteAccess - ok
00:59:56.0187 1624 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
00:59:56.0187 1624 RemoteRegistry - ok
00:59:56.0203 1624 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
00:59:56.0203 1624 RpcLocator - ok
00:59:56.0234 1624 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
00:59:56.0234 1624 RpcSs - ok
00:59:56.0265 1624 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
00:59:56.0281 1624 RSVP - ok
00:59:56.0312 1624 RTLWUSB (5a850259b849a899990379a75460a4eb) C:\WINDOWS\system32\DRIVERS\RTL8187.sys
00:59:56.0343 1624 RTLWUSB - ok
00:59:56.0375 1624 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:59:56.0375 1624 SamSs - ok
00:59:56.0406 1624 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
00:59:56.0406 1624 sbp2port - ok
00:59:56.0421 1624 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
00:59:56.0421 1624 SCardSvr - ok
00:59:56.0453 1624 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
00:59:56.0453 1624 Schedule - ok
00:59:56.0453 1624 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:59:56.0453 1624 Secdrv - ok
00:59:56.0468 1624 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
00:59:56.0468 1624 seclogon - ok
00:59:56.0484 1624 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
00:59:56.0484 1624 SENS - ok
00:59:56.0500 1624 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:59:56.0500 1624 serenum - ok
00:59:56.0515 1624 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
00:59:56.0515 1624 Serial - ok
00:59:56.0531 1624 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:59:56.0531 1624 Sfloppy - ok
00:59:56.0562 1624 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
00:59:56.0562 1624 SharedAccess - ok
00:59:56.0593 1624 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:59:56.0593 1624 ShellHWDetection - ok
00:59:56.0640 1624 ShuttleEngine (a61e919f62ee4ff74195422d208abc15) C:\Program Files\Contour Shuttle\ShuttleEngine.exe
00:59:56.0640 1624 ShuttleEngine - ok
00:59:56.0640 1624 Simbad - ok
00:59:56.0843 1624 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
00:59:56.0921 1624 Skype C2C Service - ok
00:59:56.0984 1624 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files\Skype\Updater\Updater.exe
00:59:57.0000 1624 SkypeUpdate - ok
00:59:57.0078 1624 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:59:57.0078 1624 SLIP - ok
00:59:57.0078 1624 Sparrow - ok
00:59:57.0109 1624 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:59:57.0109 1624 splitter - ok
00:59:57.0140 1624 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
00:59:57.0140 1624 Spooler - ok
00:59:57.0171 1624 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:59:57.0171 1624 sr - ok
00:59:57.0187 1624 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
00:59:57.0187 1624 srservice - ok
00:59:57.0218 1624 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:59:57.0234 1624 Srv - ok
00:59:57.0265 1624 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
00:59:57.0265 1624 SSDPSRV - ok
00:59:57.0312 1624 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
00:59:57.0312 1624 stisvc - ok
00:59:57.0328 1624 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:59:57.0328 1624 streamip - ok
00:59:57.0343 1624 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:59:57.0343 1624 swenum - ok
00:59:57.0359 1624 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:59:57.0359 1624 swmidi - ok
00:59:57.0359 1624 SwPrv - ok
00:59:57.0359 1624 symc810 - ok
00:59:57.0359 1624 symc8xx - ok
00:59:57.0375 1624 sym_hi - ok
00:59:57.0375 1624 sym_u3 - ok
00:59:57.0375 1624 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:59:57.0375 1624 sysaudio - ok
00:59:57.0406 1624 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
00:59:57.0406 1624 SysmonLog - ok
00:59:57.0437 1624 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
00:59:57.0437 1624 TapiSrv - ok
00:59:57.0500 1624 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:59:57.0500 1624 Tcpip - ok
00:59:57.0531 1624 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:59:57.0531 1624 TDPIPE - ok
00:59:57.0531 1624 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:59:57.0531 1624 TDTCP - ok
00:59:57.0562 1624 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:59:57.0562 1624 TermDD - ok
00:59:57.0593 1624 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
00:59:57.0609 1624 TermService - ok
00:59:57.0640 1624 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:59:57.0640 1624 Themes - ok
00:59:57.0656 1624 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
00:59:57.0671 1624 TlntSvr - ok
00:59:57.0671 1624 TosIde - ok
00:59:57.0718 1624 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
00:59:57.0718 1624 TrkWks - ok
00:59:57.0765 1624 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:59:57.0765 1624 Udfs - ok
00:59:57.0765 1624 ultra - ok
00:59:57.0812 1624 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:59:57.0828 1624 Update - ok
00:59:57.0828 1624 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
00:59:57.0843 1624 upnphost - ok
00:59:57.0859 1624 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
00:59:57.0859 1624 UPS - ok
00:59:57.0875 1624 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
00:59:57.0875 1624 USBAAPL - ok
00:59:57.0906 1624 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
00:59:57.0906 1624 usbaudio - ok
00:59:57.0937 1624 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:59:57.0937 1624 usbccgp - ok
00:59:57.0968 1624 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:59:57.0968 1624 usbehci - ok
00:59:57.0984 1624 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:59:57.0984 1624 usbhub - ok
00:59:57.0984 1624 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:59:58.0000 1624 usbprint - ok
00:59:58.0015 1624 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:59:58.0015 1624 usbscan - ok
00:59:58.0015 1624 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:59:58.0015 1624 USBSTOR - ok
00:59:58.0031 1624 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:59:58.0031 1624 usbuhci - ok
00:59:58.0046 1624 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
00:59:58.0046 1624 usbvideo - ok
00:59:58.0062 1624 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:59:58.0062 1624 VgaSave - ok
00:59:58.0062 1624 ViaIde - ok
00:59:58.0078 1624 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:59:58.0078 1624 VolSnap - ok
00:59:58.0109 1624 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
00:59:58.0156 1624 VSS - ok
00:59:58.0171 1624 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
00:59:58.0171 1624 W32Time - ok
00:59:58.0187 1624 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:59:58.0187 1624 Wanarp - ok
00:59:58.0218 1624 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
00:59:58.0218 1624 Wdf01000 - ok
00:59:58.0218 1624 WDICA - ok
00:59:58.0234 1624 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:59:58.0234 1624 wdmaud - ok
00:59:58.0250 1624 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
00:59:58.0250 1624 WebClient - ok
00:59:58.0328 1624 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
00:59:58.0328 1624 winmgmt - ok
00:59:58.0359 1624 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
00:59:58.0359 1624 WmdmPmSN - ok
00:59:58.0406 1624 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
00:59:58.0406 1624 Wmi - ok
00:59:58.0453 1624 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:59:58.0453 1624 WmiApSrv - ok
00:59:58.0562 1624 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
00:59:58.0593 1624 WMPNetworkSvc - ok
00:59:58.0718 1624 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:59:58.0750 1624 WPFFontCache_v0400 - ok
00:59:58.0812 1624 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:59:58.0812 1624 WS2IFSL - ok
00:59:58.0828 1624 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
00:59:58.0828 1624 wscsvc - ok
00:59:58.0843 1624 WSearch - ok
00:59:58.0859 1624 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:59:58.0859 1624 WSTCODEC - ok
00:59:58.0890 1624 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
00:59:58.0890 1624 wuauserv - ok
00:59:58.0921 1624 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:59:58.0921 1624 WudfPf - ok
00:59:58.0937 1624 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:59:58.0937 1624 WudfRd - ok
00:59:58.0984 1624 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
00:59:59.0000 1624 WudfSvc - ok
00:59:59.0031 1624 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
00:59:59.0093 1624 WZCSVC - ok
00:59:59.0125 1624 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
00:59:59.0125 1624 xmlprov - ok
00:59:59.0125 1624 yksvc - ok
00:59:59.0156 1624 yukonwxp (f364e873c0f30e874aa4b1c919016af6) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
00:59:59.0171 1624 yukonwxp - ok
00:59:59.0203 1624 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
00:59:59.0531 1624 \Device\Harddisk0\DR0 - ok
00:59:59.0531 1624 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
00:59:59.0531 1624 \Device\Harddisk1\DR1 - ok
00:59:59.0546 1624 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR4
00:59:59.0546 1624 \Device\Harddisk2\DR4 - ok
00:59:59.0593 1624 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR6
00:59:59.0640 1624 \Device\Harddisk3\DR6 - ok
00:59:59.0640 1624 Boot (0x1200) (ec34ef85aec97e095ddbd50468bb2879) \Device\Harddisk0\DR0\Partition0
00:59:59.0640 1624 \Device\Harddisk0\DR0\Partition0 - ok
00:59:59.0640 1624 Boot (0x1200) (0424c09fd818e18a52f7f0db5cc63286) \Device\Harddisk1\DR1\Partition0
00:59:59.0640 1624 \Device\Harddisk1\DR1\Partition0 - ok
00:59:59.0640 1624 Boot (0x1200) (5b539bacac0c41655f3b9c4b157383f1) \Device\Harddisk2\DR4\Partition0
00:59:59.0640 1624 \Device\Harddisk2\DR4\Partition0 - ok
00:59:59.0656 1624 Boot (0x1200) (7214a3f7055c2ff351363fa454585b7f) \Device\Harddisk3\DR6\Partition0
00:59:59.0656 1624 \Device\Harddisk3\DR6\Partition0 - ok
00:59:59.0656 1624 ============================================================
00:59:59.0656 1624 Scan finished
00:59:59.0656 1624 ============================================================
00:59:59.0671 1476 Detected object count: 0
00:59:59.0671 1476 Actual detected object count: 0
01:04:09.0031 4936 ============================================================
01:04:09.0031 4936 Scan started
01:04:09.0031 4936 Mode: Manual; TDLFS;
01:04:09.0031 4936 ============================================================
01:04:09.0296 4936 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
01:04:09.0296 4936 61883 - ok
01:04:09.0296 4936 Abiosdsk - ok
01:04:09.0312 4936 abp480n5 - ok
01:04:09.0343 4936 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
01:04:09.0343 4936 ACPI - ok
01:04:09.0375 4936 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
01:04:09.0375 4936 ACPIEC - ok
01:04:09.0437 4936 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
01:04:09.0437 4936 AdobeFlashPlayerUpdateSvc - ok
01:04:09.0453 4936 adpu160m - ok
01:04:09.0484 4936 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
01:04:09.0484 4936 aec - ok
01:04:09.0515 4936 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
01:04:09.0515 4936 AFD - ok
01:04:09.0515 4936 Aha154x - ok
01:04:09.0515 4936 aic78u2 - ok
01:04:09.0531 4936 aic78xx - ok
01:04:09.0562 4936 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
01:04:09.0562 4936 Alerter - ok
01:04:09.0578 4936 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
01:04:09.0578 4936 ALG - ok
01:04:09.0578 4936 AliIde - ok
01:04:09.0578 4936 amsint - ok
01:04:09.0671 4936 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:04:09.0671 4936 Apple Mobile Device - ok
01:04:09.0703 4936 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
01:04:09.0703 4936 AppMgmt - ok
01:04:09.0718 4936 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
01:04:09.0718 4936 Arp1394 - ok
01:04:09.0718 4936 asc - ok
01:04:09.0718 4936 asc3350p - ok
01:04:09.0718 4936 asc3550 - ok
01:04:09.0812 4936 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
01:04:09.0812 4936 aspnet_state - ok
01:04:09.0828 4936 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:04:09.0843 4936 AsyncMac - ok
01:04:09.0859 4936 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
01:04:09.0859 4936 atapi - ok
01:04:09.0859 4936 Atdisk - ok
01:04:09.0875 4936 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:04:09.0875 4936 Atmarpc - ok
01:04:09.0906 4936 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
01:04:09.0906 4936 AudioSrv - ok
01:04:09.0937 4936 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
01:04:09.0937 4936 audstub - ok
01:04:09.0937 4936 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
01:04:09.0937 4936 Avc - ok
01:04:09.0968 4936 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
01:04:09.0968 4936 Beep - ok
01:04:10.0000 4936 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
01:04:10.0015 4936 BITS - ok
01:04:10.0062 4936 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
01:04:10.0062 4936 Bonjour Service - ok
01:04:10.0109 4936 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
01:04:10.0109 4936 Browser - ok
01:04:10.0109 4936 catchme - ok
01:04:10.0125 4936 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
01:04:10.0125 4936 cbidf2k - ok
01:04:10.0140 4936 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
01:04:10.0140 4936 CCDECODE - ok
01:04:10.0140 4936 cd20xrnt - ok
01:04:10.0171 4936 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
01:04:10.0171 4936 Cdaudio - ok
01:04:10.0171 4936 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
01:04:10.0171 4936 Cdfs - ok
01:04:10.0187 4936 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
01:04:10.0187 4936 Cdrom - ok
01:04:10.0187 4936 Changer - ok
01:04:10.0203 4936 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
01:04:10.0203 4936 CiSvc - ok
01:04:10.0203 4936 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
01:04:10.0203 4936 ClipSrv - ok
01:04:10.0265 4936 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:04:10.0265 4936 clr_optimization_v2.0.50727_32 - ok
01:04:10.0312 4936 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:04:10.0312 4936 clr_optimization_v4.0.30319_32 - ok
01:04:10.0312 4936 CmdIde - ok
01:04:10.0375 4936 CobBMService (c75fb47dd2857b6d8a994f7f993069af) C:\Program Files\Cobian Backup 8\cbService.exe
01:04:10.0375 4936 CobBMService - ok
01:04:10.0375 4936 COMSysApp - ok
01:04:10.0390 4936 Cpqarray - ok
01:04:10.0406 4936 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
01:04:10.0406 4936 CryptSvc - ok
01:04:10.0406 4936 dac2w2k - ok
01:04:10.0406 4936 dac960nt - ok
01:04:10.0453 4936 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
01:04:10.0453 4936 DcomLaunch - ok
01:04:10.0484 4936 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
01:04:10.0484 4936 Dhcp - ok
01:04:10.0484 4936 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
01:04:10.0484 4936 Disk - ok
01:04:10.0500 4936 dmadmin - ok
01:04:10.0546 4936 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
01:04:10.0546 4936 dmboot - ok
01:04:10.0562 4936 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
01:04:10.0578 4936 dmio - ok
01:04:10.0578 4936 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
01:04:10.0578 4936 dmload - ok
01:04:10.0578 4936 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
01:04:10.0578 4936 dmserver - ok
01:04:10.0593 4936 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
01:04:10.0593 4936 DMusic - ok
01:04:10.0625 4936 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
01:04:10.0625 4936 Dnscache - ok
01:04:10.0656 4936 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
01:04:10.0656 4936 Dot3svc - ok
01:04:10.0656 4936 dpti2o - ok
01:04:10.0671 4936 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
01:04:10.0671 4936 drmkaud - ok
01:04:10.0703 4936 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
01:04:10.0703 4936 EapHost - ok
01:04:10.0718 4936 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
01:04:10.0718 4936 ERSvc - ok
01:04:10.0734 4936 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
01:04:10.0734 4936 Eventlog - ok
01:04:10.0750 4936 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
01:04:10.0750 4936 EventSystem - ok
01:04:10.0765 4936 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
01:04:10.0765 4936 Fastfat - ok
01:04:10.0781 4936 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
01:04:10.0796 4936 FastUserSwitchingCompatibility - ok
01:04:10.0812 4936 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
01:04:10.0812 4936 Fdc - ok
01:04:10.0843 4936 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
01:04:10.0843 4936 Fips - ok
01:04:10.0906 4936 FlipShare Service (53f6c0dd5f36141385668d9341e1acaa) C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
01:04:10.0906 4936 FlipShare Service - ok
01:04:10.0937 4936 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
01:04:10.0937 4936 Flpydisk - ok
01:04:10.0953 4936 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
01:04:10.0953 4936 FltMgr - ok
01:04:11.0000 4936 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
01:04:11.0000 4936 FontCache3.0.0.0 - ok
01:04:11.0031 4936 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
01:04:11.0031 4936 fssfltr - ok
01:04:11.0109 4936 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
01:04:11.0109 4936 fsssvc - ok
01:04:11.0125 4936 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:04:11.0125 4936 Fs_Rec - ok
01:04:11.0125 4936 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:04:11.0125 4936 Ftdisk - ok
01:04:11.0156 4936 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
01:04:11.0156 4936 GEARAspiWDM - ok
01:04:11.0250 4936 GoToMyPC (0b53f4306e17025e7685d18c3a77127e) C:\Program Files\Citrix\GoToMyPC\g2svc.exe
01:04:11.0250 4936 GoToMyPC - ok
01:04:11.0281 4936 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
01:04:11.0281 4936 Gpc - ok
01:04:11.0296 4936 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
01:04:11.0296 4936 HDAudBus - ok
01:04:11.0312 4936 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
01:04:11.0312 4936 helpsvc - ok
01:04:11.0343 4936 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
01:04:11.0343 4936 HidServ - ok
01:04:11.0359 4936 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
01:04:11.0359 4936 HidUsb - ok
01:04:11.0375 4936 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
01:04:11.0375 4936 hkmsvc - ok
01:04:11.0375 4936 hpn - ok
01:04:11.0437 4936 hpqcxs08 (38d6b51f04def7fb248fa56e4c47407e) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
01:04:11.0437 4936 hpqcxs08 - ok
01:04:11.0468 4936 hpqddsvc (3ee4a63539ec04ee2d4bd293985087ab) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
01:04:11.0468 4936 hpqddsvc - ok
01:04:11.0515 4936 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
01:04:11.0515 4936 HPZid412 - ok
01:04:11.0515 4936 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
01:04:11.0515 4936 HPZipr12 - ok
01:04:11.0531 4936 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
01:04:11.0531 4936 HPZius12 - ok
01:04:11.0562 4936 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
01:04:11.0562 4936 HTTP - ok
01:04:11.0593 4936 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
01:04:11.0593 4936 HTTPFilter - ok
01:04:11.0593 4936 i2omgmt - ok
01:04:11.0593 4936 i2omp - ok
01:04:11.0625 4936 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
01:04:11.0625 4936 i8042prt - ok
01:04:11.0718 4936 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:04:11.0734 4936 idsvc - ok
01:04:11.0750 4936 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
01:04:11.0750 4936 Imapi - ok
01:04:11.0765 4936 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
01:04:11.0765 4936 ImapiService - ok
01:04:11.0781 4936 ini910u - ok
01:04:11.0968 4936 IntcAzAudAddService (71ae838a88b07268d732f596fc17ced5) C:\WINDOWS\system32\drivers\RtkHDAud.sys
01:04:12.0000 4936 IntcAzAudAddService - ok
01:04:12.0062 4936 IntelIde - ok
01:04:12.0078 4936 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
01:04:12.0078 4936 intelppm - ok
01:04:12.0093 4936 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
01:04:12.0093 4936 Ip6Fw - ok
01:04:12.0109 4936 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:04:12.0109 4936 IpFilterDriver - ok
01:04:12.0109 4936 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
01:04:12.0109 4936 IpInIp - ok
01:04:12.0140 4936 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
01:04:12.0140 4936 IpNat - ok
01:04:12.0218 4936 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
01:04:12.0218 4936 iPod Service - ok
01:04:12.0234 4936 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
01:04:12.0234 4936 IPSec - ok
01:04:12.0250 4936 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
01:04:12.0250 4936 IRENUM - ok
01:04:12.0281 4936 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
01:04:12.0281 4936 isapnp - ok
01:04:12.0328 4936 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
01:04:12.0328 4936 JavaQuickStarterService - ok
01:04:12.0359 4936 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:04:12.0359 4936 Kbdclass - ok
01:04:12.0390 4936 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
01:04:12.0390 4936 kbdhid - ok
01:04:12.0421 4936 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
01:04:12.0421 4936 kmixer - ok
01:04:12.0437 4936 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
01:04:12.0437 4936 KSecDD - ok
01:04:12.0468 4936 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
01:04:12.0468 4936 L8042Kbd - ok
01:04:12.0500 4936 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
01:04:12.0500 4936 LanmanServer - ok
01:04:12.0531 4936 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
01:04:12.0531 4936 lanmanworkstation - ok
01:04:12.0562 4936 LBeepKE (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys
01:04:12.0562 4936 LBeepKE - ok
01:04:12.0562 4936 lbrtfdc - ok
01:04:12.0625 4936 LBTServ (3af6b73a3ad1fc37c5933441f66ceb91) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
01:04:12.0625 4936 LBTServ - ok
01:04:12.0640 4936 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
01:04:12.0640 4936 LHidFilt - ok
01:04:12.0656 4936 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
01:04:12.0671 4936 LmHosts - ok
01:04:12.0687 4936 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
01:04:12.0687 4936 Messenger - ok
01:04:12.0718 4936 Microsoft SharePoint Workspace Audit Service - ok
01:04:12.0750 4936 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
01:04:12.0750 4936 mnmdd - ok
01:04:12.0781 4936 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
01:04:12.0781 4936 mnmsrvc - ok
01:04:12.0796 4936 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
01:04:12.0796 4936 Modem - ok
01:04:12.0812 4936 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
01:04:12.0828 4936 Mouclass - ok
01:04:12.0828 4936 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
01:04:12.0828 4936 mouhid - ok
01:04:12.0843 4936 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
01:04:12.0843 4936 MountMgr - ok
01:04:12.0890 4936 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
01:04:12.0890 4936 MpFilter - ok
01:04:13.0000 4936 MpKsl4bf027ad (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1331F873-C0F1-40AB-AF6F-A7D7FC8C3B8C}\MpKsl4bf027ad.sys
01:04:13.0000 4936 MpKsl4bf027ad - ok
01:04:13.0000 4936 mraid35x - ok
01:04:13.0031 4936 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:04:13.0031 4936 MRxDAV - ok
01:04:13.0062 4936 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:04:13.0062 4936 MRxSmb - ok
01:04:13.0093 4936 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
01:04:13.0093 4936 MSDTC - ok
01:04:13.0125 4936 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
01:04:13.0125 4936 MSDV - ok
01:04:13.0140 4936 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
01:04:13.0140 4936 Msfs - ok
01:04:13.0140 4936 MSIServer - ok
01:04:13.0187 4936 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:04:13.0187 4936 MSKSSRV - ok
01:04:13.0218 4936 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
01:04:13.0218 4936 MsMpSvc - ok
01:04:13.0234 4936 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:04:13.0234 4936 MSPCLOCK - ok
01:04:13.0250 4936 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
01:04:13.0250 4936 MSPQM - ok
01:04:13.0281 4936 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:04:13.0281 4936 mssmbios - ok
01:04:13.0296 4936 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
01:04:13.0296 4936 MSTEE - ok
01:04:13.0328 4936 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
01:04:13.0328 4936 Mup - ok
01:04:13.0359 4936 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
01:04:13.0359 4936 NABTSFEC - ok
01:04:13.0390 4936 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
01:04:13.0390 4936 napagent - ok
01:04:13.0390 4936 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
01:04:13.0390 4936 NDIS - ok
01:04:13.0437 4936 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
01:04:13.0437 4936 NdisIP - ok
01:04:13.0453 4936 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:04:13.0453 4936 NdisTapi - ok
01:04:13.0468 4936 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:04:13.0468 4936 Ndisuio - ok
01:04:13.0484 4936 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:04:13.0484 4936 NdisWan - ok
01:04:13.0500 4936 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
01:04:13.0500 4936 NDProxy - ok
01:04:13.0531 4936 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll
01:04:13.0531 4936 Net Driver HPZ12 - ok
01:04:13.0531 4936 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
01:04:13.0531 4936 NetBIOS - ok
01:04:13.0578 4936 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
01:04:13.0578 4936 NetBT - ok
01:04:13.0593 4936 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
01:04:13.0593 4936 NetDDE - ok
01:04:13.0593 4936 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
01:04:13.0593 4936 NetDDEdsdm - ok
01:04:13.0609 4936 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:04:13.0609 4936 Netlogon - ok
01:04:13.0640 4936 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
01:04:13.0640 4936 Netman - ok
01:04:13.0750 4936 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
01:04:13.0750 4936 NetTcpPortSharing - ok
01:04:13.0765 4936 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
01:04:13.0765 4936 NIC1394 - ok
01:04:13.0796 4936 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
01:04:13.0796 4936 Nla - ok
01:04:13.0796 4936 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
01:04:13.0812 4936 Npfs - ok
01:04:13.0843 4936 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
01:04:13.0843 4936 Ntfs - ok
01:04:13.0859 4936 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:04:13.0859 4936 NtLmSsp - ok
01:04:13.0890 4936 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
01:04:13.0890 4936 NtmsSvc - ok
01:04:13.0906 4936 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
01:04:13.0906 4936 Null - ok
01:04:14.0375 4936 nv (8a88deebf20eb28e21b0081b7604da8f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
01:04:14.0468 4936 nv - ok
01:04:14.0531 4936 NVSvc (d0d6e4231eed476ecd4f57c02ca71979) C:\WINDOWS\system32\nvsvc32.exe
01:04:14.0531 4936 NVSvc - ok
01:04:14.0562 4936 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:04:14.0562 4936 NwlnkFlt - ok
01:04:14.0578 4936 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:04:14.0578 4936 NwlnkFwd - ok
01:04:14.0593 4936 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
01:04:14.0593 4936 ohci1394 - ok
01:04:14.0640 4936 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:04:14.0640 4936 ose - ok
01:04:14.0890 4936 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:04:14.0921 4936 osppsvc - ok
01:04:14.0968 4936 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
01:04:14.0984 4936 Parport - ok
01:04:14.0984 4936 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
01:04:14.0984 4936 PartMgr - ok
01:04:15.0015 4936 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
01:04:15.0015 4936 ParVdm - ok
01:04:15.0031 4936 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
01:04:15.0031 4936 PCI - ok
01:04:15.0031 4936 PCIDump - ok
01:04:15.0046 4936 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
01:04:15.0046 4936 PCIIde - ok
01:04:15.0046 4936 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
01:04:15.0046 4936 Pcmcia - ok
01:04:15.0046 4936 PDCOMP - ok
01:04:15.0062 4936 PDFRAME - ok
01:04:15.0062 4936 PDRELI - ok
01:04:15.0062 4936 PDRFRAME - ok
01:04:15.0062 4936 perc2 - ok
01:04:15.0078 4936 perc2hib - ok
01:04:15.0109 4936 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
01:04:15.0109 4936 PlugPlay - ok
01:04:15.0109 4936 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll
01:04:15.0109 4936 Pml Driver HPZ12 - ok
01:04:15.0125 4936 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:04:15.0125 4936 PolicyAgent - ok
01:04:15.0156 4936 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
01:04:15.0156 4936 PptpMiniport - ok
01:04:15.0156 4936 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:04:15.0156 4936 ProtectedStorage - ok
01:04:15.0156 4936 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
01:04:15.0156 4936 PSched - ok
01:04:15.0203 4936 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
01:04:15.0203 4936 Ptilink - ok
01:04:15.0203 4936 ql1080 - ok
01:04:15.0203 4936 Ql10wnt - ok
01:04:15.0218 4936 ql12160 - ok
01:04:15.0218 4936 ql1240 - ok
01:04:15.0218 4936 ql1280 - ok
01:04:15.0234 4936 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:04:15.0234 4936 RasAcd - ok
01:04:15.0250 4936 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
01:04:15.0265 4936 RasAuto - ok
01:04:15.0281 4936 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:04:15.0281 4936 Rasl2tp - ok
01:04:15.0296 4936 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
01:04:15.0296 4936 RasMan - ok
01:04:15.0312 4936 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:04:15.0312 4936 RasPppoe - ok
01:04:15.0312 4936 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
01:04:15.0312 4936 Raspti - ok
01:04:15.0343 4936 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:04:15.0343 4936 Rdbss - ok
01:04:15.0359 4936 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:04:15.0359 4936 RDPCDD - ok
01:04:15.0390 4936 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
01:04:15.0390 4936 rdpdr - ok
01:04:15.0421 4936 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
01:04:15.0421 4936 RDPWD - ok
01:04:15.0468 4936 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
01:04:15.0468 4936 RDSessMgr - ok
01:04:15.0468 4936 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
01:04:15.0484 4936 redbook - ok
01:04:15.0500 4936 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
01:04:15.0500 4936 RemoteAccess - ok
01:04:15.0515 4936 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
01:04:15.0515 4936 RemoteRegistry - ok
01:04:15.0531 4936 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
01:04:15.0531 4936 RpcLocator - ok
01:04:15.0562 4936 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
01:04:15.0562 4936 RpcSs - ok
01:04:15.0593 4936 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
01:04:15.0593 4936 RSVP - ok
01:04:15.0640 4936 RTLWUSB (5a850259b849a899990379a75460a4eb) C:\WINDOWS\system32\DRIVERS\RTL8187.sys
01:04:15.0640 4936 RTLWUSB - ok
01:04:15.0671 4936 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:04:15.0671 4936 SamSs - ok
01:04:15.0703 4936 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
01:04:15.0703 4936 sbp2port - ok
01:04:15.0718 4936 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
01:04:15.0734 4936 SCardSvr - ok
01:04:15.0750 4936 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
01:04:15.0750 4936 Schedule - ok
01:04:15.0765 4936 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
01:04:15.0765 4936 Secdrv - ok
01:04:15.0781 4936 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
01:04:15.0781 4936 seclogon - ok
01:04:15.0796 4936 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
01:04:15.0796 4936 SENS - ok
01:04:15.0812 4936 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
01:04:15.0812 4936 serenum - ok
01:04:15.0812 4936 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
01:04:15.0812 4936 Serial - ok
01:04:15.0828 4936 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
01:04:15.0828 4936 Sfloppy - ok
01:04:15.0875 4936 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
01:04:15.0875 4936 SharedAccess - ok
01:04:15.0906 4936 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
01:04:15.0906 4936 ShellHWDetection - ok
01:04:15.0953 4936 ShuttleEngine (a61e919f62ee4ff74195422d208abc15) C:\Program Files\Contour Shuttle\ShuttleEngine.exe
01:04:15.0953 4936 ShuttleEngine - ok
01:04:15.0953 4936 Simbad - ok
01:04:16.0140 4936 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
01:04:16.0156 4936 Skype C2C Service - ok
01:04:16.0218 4936 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files\Skype\Updater\Updater.exe
01:04:16.0218 4936 SkypeUpdate - ok
01:04:16.0296 4936 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
01:04:16.0296 4936 SLIP - ok
01:04:16.0312 4936 Sparrow - ok
01:04:16.0343 4936 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
01:04:16.0343 4936 splitter - ok
01:04:16.0375 4936 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
01:04:16.0375 4936 Spooler - ok
01:04:16.0406 4936 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
01:04:16.0406 4936 sr - ok
01:04:16.0421 4936 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
01:04:16.0421 4936 srservice - ok
01:04:16.0437 4936 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
01:04:16.0453 4936 Srv - ok
01:04:16.0468 4936 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
01:04:16.0468 4936 SSDPSRV - ok
01:04:16.0515 4936 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
01:04:16.0515 4936 stisvc - ok
01:04:16.0531 4936 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
01:04:16.0531 4936 streamip - ok
01:04:16.0546 4936 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
01:04:16.0546 4936 swenum - ok
01:04:16.0578 4936 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
01:04:16.0593 4936 swmidi - ok
01:04:16.0593 4936 SwPrv - ok
01:04:16.0593 4936 symc810 - ok
01:04:16.0593 4936 symc8xx - ok
01:04:16.0593 4936 sym_hi - ok
01:04:16.0609 4936 sym_u3 - ok
01:04:16.0625 4936 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
01:04:16.0625 4936 sysaudio - ok
01:04:16.0640 4936 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
01:04:16.0640 4936 SysmonLog - ok
01:04:16.0671 4936 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
01:04:16.0671 4936 TapiSrv - ok
01:04:16.0687 4936 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:04:16.0687 4936 Tcpip - ok
01:04:16.0718 4936 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
01:04:16.0718 4936 TDPIPE - ok
01:04:16.0734 4936 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
01:04:16.0734 4936 TDTCP - ok
01:04:16.0765 4936 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
01:04:16.0765 4936 TermDD - ok
01:04:16.0796 4936 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
01:04:16.0796 4936 TermService - ok
01:04:16.0828 4936 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
01:04:16.0843 4936 Themes - ok
01:04:16.0859 4936 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
01:04:16.0859 4936 TlntSvr - ok
01:04:16.0859 4936 TosIde - ok
01:04:16.0890 4936 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
01:04:16.0890 4936 TrkWks - ok
01:04:16.0906 4936 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
01:04:16.0906 4936 Udfs - ok
01:04:16.0906 4936 ultra - ok
01:04:16.0937 4936 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
01:04:16.0937 4936 Update - ok
01:04:16.0968 4936 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
01:04:16.0984 4936 upnphost - ok
01:04:17.0000 4936 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
01:04:17.0000 4936 UPS - ok
01:04:17.0015 4936 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
01:04:17.0015 4936 USBAAPL - ok
01:04:17.0046 4936 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
01:04:17.0046 4936 usbaudio - ok
01:04:17.0078 4936 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
01:04:17.0078 4936 usbccgp - ok
01:04:17.0109 4936 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
01:04:17.0109 4936 usbehci - ok
01:04:17.0125 4936 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
01:04:17.0125 4936 usbhub - ok
01:04:17.0125 4936 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
01:04:17.0125 4936 usbprint - ok
01:04:17.0156 4936 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
01:04:17.0156 4936 usbscan - ok
01:04:17.0156 4936 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:04:17.0156 4936 USBSTOR - ok
01:04:17.0187 4936 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
01:04:17.0187 4936 usbuhci - ok
01:04:17.0203 4936 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
01:04:17.0203 4936 usbvideo - ok
01:04:17.0203 4936 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
01:04:17.0203 4936 VgaSave - ok
01:04:17.0218 4936 ViaIde - ok
01:04:17.0250 4936 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
01:04:17.0250 4936 VolSnap - ok
01:04:17.0265 4936 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
01:04:17.0265 4936 VSS - ok
01:04:17.0281 4936 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
01:04:17.0296 4936 W32Time - ok
01:04:17.0296 4936 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:04:17.0296 4936 Wanarp - ok
01:04:17.0343 4936 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
01:04:17.0359 4936 Wdf01000 - ok
01:04:17.0359 4936 WDICA - ok
01:04:17.0375 4936 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
01:04:17.0375 4936 wdmaud - ok
01:04:17.0390 4936 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
01:04:17.0390 4936 WebClient - ok
01:04:17.0453 4936 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
01:04:17.0453 4936 winmgmt - ok
01:04:17.0484 4936 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
01:04:17.0484 4936 WmdmPmSN - ok
01:04:17.0531 4936 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
01:04:17.0531 4936 Wmi - ok
01:04:17.0578 4936 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
01:04:17.0578 4936 WmiApSrv - ok
01:04:17.0703 4936 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
01:04:17.0703 4936 WMPNetworkSvc - ok
01:04:17.0828 4936 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
01:04:17.0828 4936 WPFFontCache_v0400 - ok
01:04:17.0906 4936 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
01:04:17.0906 4936 WS2IFSL - ok
01:04:17.0921 4936 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
01:04:17.0921 4936 wscsvc - ok
01:04:17.0921 4936 WSearch - ok
01:04:17.0953 4936 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
01:04:17.0953 4936 WSTCODEC - ok
01:04:17.0984 4936 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
01:04:17.0984 4936 wuauserv - ok
01:04:18.0015 4936 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
01:04:18.0015 4936 WudfPf - ok
01:04:18.0015 4936 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
01:04:18.0031 4936 WudfRd - ok
01:04:18.0031 4936 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
01:04:18.0046 4936 WudfSvc - ok
01:04:18.0078 4936 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
01:04:18.0078 4936 WZCSVC - ok
01:04:18.0109 4936 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
01:04:18.0125 4936 xmlprov - ok
01:04:18.0125 4936 yksvc - ok
01:04:18.0156 4936 yukonwxp (f364e873c0f30e874aa4b1c919016af6) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
01:04:18.0156 4936 yukonwxp - ok
01:04:18.0187 4936 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
01:04:18.0671 4936 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
01:04:18.0671 4936 \Device\Harddisk0\DR0 - detected TDSS File System (1)
01:04:18.0671 4936 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
01:04:18.0734 4936 \Device\Harddisk1\DR1 - ok
01:04:18.0750 4936 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR4
01:04:19.0156 4936 \Device\Harddisk2\DR4 - ok
01:04:19.0187 4936 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR6
01:04:20.0093 4936 \Device\Harddisk3\DR6 - ok
01:04:20.0093 4936 Boot (0x1200) (ec34ef85aec97e095ddbd50468bb2879) \Device\Harddisk0\DR0\Partition0
01:04:20.0093 4936 \Device\Harddisk0\DR0\Partition0 - ok
01:04:20.0093 4936 Boot (0x1200) (0424c09fd818e18a52f7f0db5cc63286) \Device\Harddisk1\DR1\Partition0
01:04:20.0093 4936 \Device\Harddisk1\DR1\Partition0 - ok
01:04:20.0109 4936 Boot (0x1200) (5b539bacac0c41655f3b9c4b157383f1) \Device\Harddisk2\DR4\Partition0
01:04:20.0109 4936 \Device\Harddisk2\DR4\Partition0 - ok
01:04:20.0109 4936 Boot (0x1200) (7214a3f7055c2ff351363fa454585b7f) \Device\Harddisk3\DR6\Partition0
01:04:20.0125 4936 \Device\Harddisk3\DR6\Partition0 - ok
01:04:20.0125 4936 ============================================================
01:04:20.0125 4936 Scan finished
01:04:20.0125 4936 ============================================================
01:04:20.0125 5208 Detected object count: 1
01:04:20.0125 5208 Actual detected object count: 1
01:04:31.0796 5208 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
01:04:31.0796 5208 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:40 PM

Posted 16 July 2012 - 01:17 AM

greetings


Let me have the aswMBR report when it is ready and that notification is normal and should have a checkmark to not show me this again



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Froghammer

Froghammer
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 16 July 2012 - 01:22 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-16 01:06:58
-----------------------------
01:06:58.062 OS Version: Windows 5.1.2600 Service Pack 3
01:06:58.062 Number of processors: 2 586 0xF02
01:06:58.062 ComputerName: GIBS UserName: John
01:06:58.781 Initialize success
01:16:20.546 AVAST engine defs: 12071501
01:16:54.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-9
01:16:54.500 Disk 0 Vendor: WDC_WD2500KS-00MJB0 02.01C03 Size: 238475MB BusType: 3
01:16:54.500 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-14
01:16:54.500 Disk 1 Vendor: External_Disk_0 RGL10364 Size: 476950MB BusType: 3
01:16:54.515 Disk 2 \Device\Harddisk2\DR4 -> \Device\Sbp2\WD&My Book&1&0090a995_0060fafa_Instance00
01:16:54.515 Disk 2 Vendor: WD______ 104a Size: 953872MB BusType: 4
01:16:54.531 Disk 0 MBR read successfully
01:16:54.531 Disk 0 MBR scan
01:16:54.546 Disk 0 Windows XP default MBR code
01:16:54.546 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
01:16:54.546 Disk 0 scanning sectors +488376000
01:16:54.609 Disk 0 scanning C:\WINDOWS\system32\drivers
01:16:59.375 Service scanning
01:17:06.812 Service MpKsl4bf027ad C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1331F873-C0F1-40AB-AF6F-A7D7FC8C3B8C}\MpKsl4bf027ad.sys **LOCKED** 32
01:17:14.734 Modules scanning
01:17:22.328 Disk 0 trace - called modules:
01:17:22.359 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
01:17:22.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac05ab8]
01:17:22.359 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-9[0x8ac30b00]
01:17:23.140 AVAST engine scan C:\WINDOWS
01:17:36.875 AVAST engine scan C:\WINDOWS\system32
01:20:02.968 AVAST engine scan C:\WINDOWS\system32\drivers
01:20:17.437 AVAST engine scan C:\Documents and Settings\John
01:21:20.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\John\Desktop\Virus removal reports\MBR.dat"
01:21:20.109 The log file has been saved successfully to "C:\Documents and Settings\John\Desktop\Virus removal reports\aswMBR.txt"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:40 PM

Posted 16 July 2012 - 01:40 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files\Ask.com

File::
c:\windows\system32\notead32.dll
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Froghammer

Froghammer
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 16 July 2012 - 01:41 AM

So sorry, the report above is incomplete. I mistakenly thought aswMBR was done scanning. Standby.....




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users