Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant High CPU usage XP SP3


  • This topic is locked This topic is locked
30 replies to this topic

#1 Jayman007

Jayman007

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 18 December 2012 - 11:57 PM

I find that my CPU usage is high nearly all the time. I'm not sure the root cause but I have tired disabling as many non essentials. I have been through the "slow pc/browser" section and it hasn't seemed to have helped.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by Jay at 11:48:15 on 2012-12-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1187 [GMT 7:00]
.
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: Emsisoft Anti-Malware *Enabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Common Files\Comodo\launcher_service.exe
C:\Program Files\Zentimo\ZentimoService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Input Director\IDWinService.exe
C:\Program Files\Java\jre1.7.0_09\bin\jqs.exe
C:\Program Files\Input Director\InputDirectorSessionHelper.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\AntiLogger\AntiLogger.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\ProcessGuard\pgaccount.exe
C:\Program Files\ProcessGuard\procguard.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\PROGRAM FILES\SIGMATEL\C-MAJOR AUDIO\WDM\STSYSTRA.EXE
C:\PROGRAM FILES\LAUNCHY\LAUNCHY.EXE
C:\PROGRAM FILES\ZENTIMO\ZENTIMO.EXE
C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
C:\PROGRAM FILES\BASTA COMPUTING\HORAS\HORAS.EXE
C:\PROGRAM FILES\GLOBE SOFTWARE\STATBAR\STATBAR.EXE
C:\PROGRAM FILES\NOTE MANIA\NOTEMANIA.EXE
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\XYplorer\XYplorer.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Documents and Settings\Jay\Desktop\Security Tools\serviwin\serviwin.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Jay\Desktop\Security Tools\DTaskManager\DTaskManager.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uProxyOverride = localhost; 127.0.0.1; <local>;192.168.1.1/32
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.7.0_09\bin\ssv.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.7.0_09\bin\jp2ssv.dll
BHO: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: TextAloud: {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - c:\program files\textaloud\TAForIE.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPToolbar.dll
uRun: [StartupMonitor] c:\windows\StartupMonitor.exe
uRun: [pgaccount] c:\program files\processguard\pgaccount.exe
uRun: [!1_ProcessGuard_Startup] "c:\program files\processguard\procguard.exe" -minimize
uRun: [SimpleShare] <no file>
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [TaskTray] <no file>
dRunOnce: [KeyScrambler] c:\program files\keyscrambler\getting_started.html
dRunOnce: [tscuninstall] c:\windows\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\instal~2.lnk - c:\program files\common files\lpuninstall.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\instal~1.lnk - c:\program files\common files\lpuninstall.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoWelcomeScreen = dword:1
mPolicies-System: dontdisplaylastusername = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: &NeoTrace It! - c:\progra~1\neotracepro\NTXcontext.htm
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Power Favorites - c:\program files\desksware\power favorites\copyurl.htm
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download FLV videos with IDM from 10 last requested - c:\program files\internet download manager\IEGetVL2.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: LastPass - c:\documents and settings\jay\local settings\application data\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - c:\documents and settings\jay\local settings\application data\lastpass\context.html?cmd=fillforms
IE: Open using &Advanced JPEG Compressor - c:\program files\advanced jpeg compressor\ajcieex.htm
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: Show RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - {8C85E2EE-9FD6-11D5-B770-504D54C10000} - c:\program files\visualroute\vrie.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC} - c:\program files\java\jre1.7.0_09\bin\jp2iexp.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPToolbar.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1355784148156
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1347349833640
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{97548639-8577-4ED5-8B24-34500B5EA2BB} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{97548639-8577-4ED5-8B24-34500B5EA2BB} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D3E674A5-B19F-440B-B309-579EAB421B0D} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{E6C50908-72A7-4C6C-A37F-3E492BFA656B} : NameServer = 8.26.56.26,156.154.70.22
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: x-wpexpert - {382E05AF-964B-41CE-B2B5-ED0BF48013C0} - c:\program files\common files\wildpackets\peekrexpert.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: AutorunsDisabled - <no file>
Notify: KeyScrambler - KeyScramblerLogon.dll
Notify: spba - c:\program files\common files\spba\homefus2.dll
AppInit_DLLs= c:\windows\system32\guard32.dll
SSODL: EldosMountNotificator-cbfs4 - {572E54EA-AF74-4A20-B30D-1B0254DBC2F1} - c:\windows\system32\cbfsMntNtf4.dll
STS: Virtual Storage Mount Notification - {572E54EA-AF74-4A20-B30D-1B0254DBC2F1} - c:\windows\system32\cbfsMntNtf4.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - <orphaned>
IFEO: TaskMgr.exe - c:\documents and settings\jay\desktop\security tools\dtaskmanager\DTaskManager.exe
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 192.168.1.1 router
Hosts: 192.168.1.8 nmt
Hosts: 192.168.1.7 dbthai
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jay\application data\mozilla\firefox\profiles\ruv5qlwc.original\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=108976&babsrc=HP_ss&mntrId=302ab3c600000000000000ff8c36833d
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=108976&babsrc=adbartrp&mntrId=302ab3c600000000000000ff8c36833d&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\jay\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\jay\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\jay\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\jay\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\jay\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npJoostPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\nitro\pro 8\npdf.dll
FF - plugin: c:\program files\nitro\pro 8\npnitroie.dll
FF - plugin: c:\program files\nitro\pro 8\npnitromozilla.dll
FF - plugin: c:\program files\nitro\pro 8\NPShellExtension.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
//Firefox Tweaks Added By Internet Cell Boost
FF - user.js: network.http.max-connections - 25
FF - user.js: network.http.max-connections-per-server - 10
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 10
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: content.notify.backoffcount - 5
FF - user.js: ui.submenuDelay - 0
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: plugin.expose_full_path - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.notify.ontimer - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000);user_pref(yahoo.homepage.dontask, true
.
============= SERVICES / DRIVERS ===============
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-1-7 21512]
R0 crpf;crpf;c:\windows\system32\drivers\crpf.sys [2012-3-5 36752]
R0 csdf;cdsf;c:\windows\system32\drivers\csdf.sys [2012-3-5 39440]
R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [2007-2-21 30820]
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-9-16 57312]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-10-6 64288]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [2010-6-25 911680]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2012-3-12 17904]
R1 a2injectiondriver;a2injectiondriver;c:\program files\emsisoft anti-malware\a2dix86.sys [2012-3-12 37856]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\emsisoft anti-malware\a2util32.sys [2012-3-12 11776]
R1 AmgHips;AmgHips;c:\windows\system32\drivers\AmgHips.sys [2011-12-1 25248]
R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog32.sys [2012-7-24 81720]
R1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [2006-4-3 14949]
R1 cbfs4;cbfs4;c:\windows\system32\drivers\cbfs4.sys [2012-12-17 314376]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [2012-8-3 36112]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2012-11-7 18096]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-11-7 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-11-7 32640]
R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\drivers\CSN5PDTS82.sys [2012-4-10 28184]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-6-11 29768]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2010-12-24 112480]
R1 ProtectorDriver;ZeroVulnerabilityLabs ExploitShield;c:\program files\zerovulnerabilitylabs\exploitshield\ExploitShield.sys [2012-9-28 44472]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2010-11-22 143184]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2010-11-22 41936]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/08/11 23:01:39];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-3-13 87536]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2012-3-12 3089320]
R2 AKEProtect;AKEProtect;c:\program files\anti keylogger elite\AKEProtect.sys [2007-12-17 13351]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\common files\comodo\launcher_service.exe [2012-8-16 70352]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2012-11-7 1990464]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-8-4 21992]
R2 DCSPGSRV;DiamondCS ProcessGuard Service v3.500;c:\program files\processguard\DCSUserProt.exe [2010-4-30 31744]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2009-7-10 38144]
R2 Ekauio;Ekahau NDIS Usermode I/O Protocol;c:\windows\system32\drivers\ekauio.sys [2009-4-7 12416]
R2 HopperP;WiFi Hopper (XP);c:\windows\system32\drivers\hopperp.sys [2008-11-21 21888]
R2 InputDirector;Input Director Service;c:\program files\input director\IDWinService.exe [2011-12-15 36864]
R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\nitro\pro 8\NitroPDFDriverService8.exe [2012-9-18 197128]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2012-9-18 69640]
R2 PDFSfilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [2012-8-23 69016]
R2 procguard;procguard;c:\windows\system32\drivers\procguard.sys [2010-4-30 26688]
R2 SocketLock;Raw Socket Lock Driver;c:\windows\system32\socketlock.sys [2012-10-1 3712]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2012-12-18 3463080]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2010-8-20 66944]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-11-11 70768]
R2 ZentimoService;Zentimo Assistant;c:\program files\zentimo\ZentimoService.exe [2010-11-3 262800]
R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2012-3-12 54072]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2008-11-25 173880]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-12-19 40776]
R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2012-7-26 6609920]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2010-3-11 25088]
R3 vdiskbus;Virtual Disk Bus;c:\windows\system32\drivers\VDiskBus.sys [2007-2-21 35107]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\drivers\evsbc.sys [2007-10-29 26448]
R3 ZRTP;ZRTP Service;c:\windows\system32\drivers\zrtp.sys [2009-3-22 1052768]
S1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\drivers\csn5pdts82x64.sys --> c:\windows\system32\drivers\CSN5PDTS82x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files\comodo\dragon\dragon_updater.exe [2012-12-17 1868432]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\common files\abbyy\finereader\10.00\licensing\pe\NetworkLicenseServer.exe [2009-12-10 814344]
S3 ADExchange;ArcSoft Exchange Service;c:\program files\common files\arcsoft\esinter\bin\eservutil.exe [2011-10-26 37280]
S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-6-25 160704]
S3 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-6-25 2480048]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2008-9-5 111896]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 25864]
S3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\cyberghost vpn\CGVPNCliService.exe [2011-10-28 2428968]
S3 CommIpw;[CommView] Intel® PRO/Wireless 7100 Adapter Driver;c:\windows\system32\drivers\commipw.sys [2008-10-27 238080]
S3 COMMSYM;CommView/WiFi Driver by TamoSoft;c:\windows\system32\drivers\commsym.sys [2008-10-27 91392]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-1-1 66112]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.SYS [2000-9-19 3584]
S3 DrvSnSht;DrvSnSht;c:\program files\r-drive image\DrvSnSht.sys [2008-11-1 94608]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-1-11 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-1-11 8456]
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\drivers\evserial.sys [2007-10-29 52944]
S3 Ext2Fsd;Linux ext2 file system driver;c:\windows\system32\drivers\ext2fsd.sys [2010-3-24 686360]
S3 Ext2Mgr;Ext2 Volume Manger;c:\program files\ext2fsd\ext2mgr.exe -service -hide --> c:\program files\ext2fsd\Ext2Mgr.exe -service -hide [?]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2008-2-19 106624]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2008-2-9 59648]
S3 GtDetectSc;GtDetectSc;c:\program files\option\globetrotter connect\GtDetectSc.exe [2008-5-1 200704]
S3 gupdate1c9ce7e24e1579e;Google Update Service (gupdate1c9ce7e24e1579e);c:\program files\google\update\GoogleUpdate.exe [2009-10-16 133104]
S3 INFUNLTD;INFUNLTD;c:\windows\system32\drivers\SiUSBXp.sys [2007-6-29 14848]
S3 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-7-2 26248]
S3 kguard;kguard;\??\c:\program files\firelion softwares\anti keyloggers\kguard.sys --> c:\program files\firelion softwares\anti keyloggers\kguard.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-3 22856]
S3 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-17 399432]
S3 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-3 676936]
S3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-7-16 35088]
S3 Omni-NFS Server;Omni-NFS Server;c:\program files\nfserver\nfsd.exe [2007-7-25 237626]
S3 PCANDIS5_WIFISCAN.SYS;PCANDIS5_WIFISCAN.SYS;c:\program files\eeye digital security\retina wireless scanner\PCANDIS5_WIFISCAN.SYS [2009-6-3 22131]
S3 PEEK5;PEEK5 Protocol Driver;c:\docume~1\jay\desktop\winair~1.6\PEEK5.SYS [2012-4-15 13184]
S3 PRISM_USB;D-Link Air Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [2003-10-3 666624]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2011-12-16 15544]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2010-5-15 38976]
S3 R-ImageDisk;R-ImageDisk;c:\program files\r-drive image\R-ImageDisk.sys [2009-12-3 126542]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2007-6-19 25773]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-5-15 27064]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-7-19 335104]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-10-22 599936]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2009-7-10 323328]
S3 SaxNDIS;Ax3soft Packet Driver (SaxNDIS);c:\windows\system32\drivers\SAXNDIS.sys [2008-10-30 35840]
S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-11-23 125824]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-6-27 1326176]
S3 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-6-27 681056]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2007-6-29 14848]
S3 softctrl;Software Flow Control Driver;c:\windows\system32\drivers\softctrl.sys [2005-12-12 9760]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-1-1 180672]
S3 ssudnflt;Remote NDIS Filter Driver;c:\windows\system32\drivers\ssudnflt.sys [2012-1-1 15936]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [2008-8-21 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [2008-8-21 142976]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]
S3 tap0801co;TAP-Win32 Adapter V8 (coLinux);c:\windows\system32\drivers\tap0801co.sys [2004-7-10 24576]
S3 tvnserver;TightVNC Server;c:\program files\common files\comodo\tvnserver.exe [2012-1-27 828944]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-10-8 100560]
S3 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-11-11 539248]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-15 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-10-6 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-10-6 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-10-6 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-10-6 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-10-6 25704]
S3 XLink LPD;XLink LPD;c:\program files\nfserver\Lpd.exe [2007-7-25 118784]
S4 BootlogService;BootlogService;c:\program files\greatis\bootlog xp\BootLogService.exe [2010-6-30 65248]
S4 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo hdd control\DfSdkS.exe [2011-9-7 406016]
S4 Franson GpsGate 2.0;Franson GpsGate 2.0;c:\program files\franson\gpsgate 2.0\GpsGateService.exe [2008-9-12 258048]
S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\futuremark\futuremark systeminfo\FMSISvc.exe [2011-11-23 135584]
S4 gfi_lanss9_attservice;GFI LANguard 9.0 Attendant Service;c:\program files\gfi\languard 9.0\lnssatt.exe [2009-7-9 329072]
S4 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-2-29 12856]
S4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-7-12 47640]
S4 MyConnectionServer-24cecd90;Visualware MyConnection Server (#24cecd90);c:\program files\myconnection server\msserver.exe [2010-6-8 639708]
.
=============== File Associations ===============
.
FileExt: .txt: TextPad.txt="c:\program files\textpad 6\TextPad.exe" -s
FileExt: .ini: TextPad.ini=notepad.exe %1
ShellExec: DAZZLE.EXE: open=c:\program files\envelope manager\dazzle\DAZZLE.EXE
ShellExec: DAZZLE.EXE: print=c:\program files\envelope manager\dazzle\DAZZLE.EXE
.
=============== Created Last 30 ================
.
2012-12-19 04:15:47 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-12-18 01:59:34 -------- d--h--w- C:\VritualRoot
2012-12-18 01:57:38 40496 ----a-w- c:\windows\system32\drivers\sfi.dat
2012-12-18 01:49:14 -------- d-----w- c:\documents and settings\all users\application data\Comodo
2012-12-17 19:07:45 -------- d-----w- c:\program files\PipStrider™
2012-12-17 15:15:05 -------- d-----w- c:\documents and settings\jay\local settings\application data\Secomba_GmbH
2012-12-17 15:06:24 170344 ----a-w- c:\windows\system32\cbfsMntNtf4.dll
2012-12-17 15:06:18 235880 ----a-w- c:\windows\system32\cbfsNetRdr4.dll
2012-12-17 15:05:29 9064 ----a-w- c:\windows\system32\elevtmsg.dll
2012-12-17 15:05:29 314376 ----a-w- c:\windows\system32\drivers\cbfs4.sys
2012-12-17 15:05:21 -------- d-----w- c:\program files\BoxCryptor
2012-12-17 14:41:21 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-12-17 14:41:21 -------- d-----w- c:\windows\system32\wbem\Repository
2012-12-17 14:11:39 -------- d-----w- c:\documents and settings\jay\application data\Uninstaller Tool(Comodo Forums)
2012-12-17 10:10:42 -------- d--h--w- c:\program files\WindowsUpdate
2012-12-17 09:15:08 -------- d-----w- c:\documents and settings\jay\YamicsoftDisabled
2012-12-16 21:47:06 -------- d-----w- c:\documents and settings\jay\application data\osphone
2012-12-16 21:46:01 -------- d-----w- c:\program files\OneSuite
2012-12-14 02:04:38 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-12 16:12:24 -------- dc-h--w- c:\documents and settings\all users\application data\{A62AB9D5-FDCF-49B1-9F0A-F80A3E614529}
2012-12-07 14:35:06 54784 ------w- c:\windows\system32\Forex Trader Console.exe
2012-12-07 14:35:05 1626624 ------w- c:\windows\system32\OU_Loader.dll
2012-12-07 14:35:04 -------- d-----w- c:\program files\Fly Right Software
2012-12-06 12:01:19 -------- d-----w- c:\program files\Dropbox
2012-11-26 10:36:58 -------- d-----w- c:\documents and settings\jay\application data\JAM Software
.
==================== Find3M ====================
.
2012-12-14 02:39:58 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-14 02:04:13 859072 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-14 02:04:13 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-12 16:12:28 81720 ----a-w- c:\windows\system32\drivers\AntiLog32.sys
2012-12-12 02:30:35 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 02:30:35 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-28 17:49:00 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
2012-11-22 00:43:14 112480 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2012-11-16 12:08:02 11004488 ----a-w- c:\program files\common files\lpuninstall.exe
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-07 23:37:35 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-07 23:37:34 301264 ----a-w- c:\windows\system32\guard32.dll
2012-11-07 16:38:18 32640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-07 16:38:16 497952 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-07 16:38:14 18096 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-06 00:41:17 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
2012-10-24 20:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-24 20:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-04 10:28:40 241016 ----a-w- c:\windows\system32\PDBoot.exe
2012-10-03 19:01:58 20240 ----a-w- c:\windows\system32\plkmon32.dll
2012-10-02 20:49:32 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
2012-10-01 23:43:19 30601 ----a-w- c:\windows\java\x.exe
2012-09-30 20:18:08 3712 ----a-w- c:\windows\system32\socketlock.sys
2012-09-29 12:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2006-05-03 09:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
.
============= FINISH: 11:50:45.34 ===============

Attached Files


Edited by Jayman007, 19 December 2012 - 12:04 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:09 PM

Posted 23 December 2012 - 08:58 AM

Greetings Jayman007 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:


===================================================


Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================


Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided. I will post back as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#3 Jayman007

Jayman007
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 23 December 2012 - 09:04 AM

Thank you Gary.. I think perhaps my high CPU usage was related to my CPU cooling. I was noticing very high temperatures of the CPU. I opened the laptop and cleaned the cooling system. Cleaned off all the old heat sink compound and replaces it with new. The cpu is now running much cooler nd I don't seem to have the high cpu issues anymore.

Of course, if you notice anything in my logs that needs attention I am more than willing to follow the instructions your provide.

Thank you.

Jason

#4 Jayman007

Jayman007
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 23 December 2012 - 09:07 AM

oh yeah, since posting the original logs I ran an anti malware app that found bablyon and I removed it. If you would like me to post fresh log files so that you are seeing a more accurate state on my current config them just let me know and I'll do that straight away.

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:09 PM

Posted 23 December 2012 - 09:13 AM

Hi Jason,

Yes, it would help if you posted a more recent log. I probably won't be able to review it for a few hours but I will certainly look at it today. Thanks for the updated information.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#6 Jayman007

Jayman007
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 23 December 2012 - 09:51 AM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by Jay at 21:47:27 on 2012-12-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1283 [GMT 7:00]
.
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: Emsisoft Anti-Malware *Enabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Common Files\Comodo\launcher_service.exe
C:\Program Files\Zentimo\ZentimoService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Input Director\IDWinService.exe
C:\Program Files\Java\jre1.7.0_09\bin\jqs.exe
C:\Program Files\Input Director\InputDirectorSessionHelper.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\AntiLogger\AntiLogger.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\ProcessGuard\pgaccount.exe
C:\Program Files\ProcessGuard\procguard.exe
C:\PROGRAM FILES\GLOBE SOFTWARE\StatBar\StatBar.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ZeroVulnerabilityLabs\ExploitShield\ExploitShield.exe
C:\PROGRAM FILES\SIGMATEL\C-MAJOR AUDIO\WDM\STSYSTRA.EXE
C:\PROGRAM FILES\ARSCLIP\ARSCLIP.EXE
C:\PROGRAM FILES\LAUNCHY\LAUNCHY.EXE
C:\PROGRAM FILES\ZENTIMO\ZENTIMO.EXE
C:\PROGRAM FILES\AD MUNCHER\ADMUNCH.EXE
C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
C:\PROGRAM FILES\BASTA COMPUTING\HORAS\HORAS.EXE
C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE
C:\PROGRAM FILES\EVERNOTE\EVERNOTE\EVERNOTECLIPPER.EXE
C:\PROGRAM FILES\DESKSWARE\POWER FAVORITES\BOOKMARK.EXE
C:\PROGRAM FILES\NOTE MANIA\NOTEMANIA.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\XYplorer\XYplorer.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Documents and Settings\Jay\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uProxyOverride = localhost; 127.0.0.1; <local>;192.168.1.1/32
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.7.0_09\bin\ssv.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.7.0_09\bin\jp2ssv.dll
BHO: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: TextAloud: {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - c:\program files\textaloud\TAForIE.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPToolbar.dll
uRun: [StartupMonitor] c:\windows\StartupMonitor.exe
uRun: [pgaccount] c:\program files\processguard\pgaccount.exe
uRun: [!1_ProcessGuard_Startup] "c:\program files\processguard\procguard.exe" -minimize
uRun: [StatBar] c:\program files\globe software\statbar\StatBar.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [KeyScrambler] c:\program files\keyscrambler\keyscrambler.exe /a
mRun: [AntiLogger] "c:\program files\antilogger\AntiLogger.exe" /minimized
mRun: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
dRunOnce: [KeyScrambler] c:\program files\keyscrambler\getting_started.html
dRunOnce: [tscuninstall] c:\windows\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\instal~2.lnk - c:\program files\common files\lpuninstall.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\instal~1.lnk - c:\program files\common files\lpuninstall.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoWelcomeScreen = dword:1
mPolicies-System: dontdisplaylastusername = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: &NeoTrace It! - c:\progra~1\neotracepro\NTXcontext.htm
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Power Favorites - c:\program files\desksware\power favorites\copyurl.htm
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download FLV videos with IDM from 10 last requested - c:\program files\internet download manager\IEGetVL2.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: LastPass - c:\documents and settings\jay\local settings\application data\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - c:\documents and settings\jay\local settings\application data\lastpass\context.html?cmd=fillforms
IE: Open using &Advanced JPEG Compressor - c:\program files\advanced jpeg compressor\ajcieex.htm
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: Show RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - {8C85E2EE-9FD6-11D5-B770-504D54C10000} - c:\program files\visualroute\vrie.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC} - c:\program files\java\jre1.7.0_09\bin\jp2iexp.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPToolbar.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1355784148156
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1347349833640
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{97548639-8577-4ED5-8B24-34500B5EA2BB} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D3E674A5-B19F-440B-B309-579EAB421B0D} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{E6C50908-72A7-4C6C-A37F-3E492BFA656B} : NameServer = 8.26.56.26,156.154.70.22
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: x-wpexpert - {382E05AF-964B-41CE-B2B5-ED0BF48013C0} - c:\program files\common files\wildpackets\peekrexpert.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: AutorunsDisabled - <no file>
Notify: KeyScrambler - KeyScramblerLogon.dll
Notify: SDWinLogon - <no file>
Notify: spba - c:\program files\common files\spba\homefus2.dll
AppInit_DLLs= c:\windows\system32\guard32.dll
SSODL: EldosMountNotificator-cbfs4 - {572E54EA-AF74-4A20-B30D-1B0254DBC2F1} - c:\windows\system32\cbfsMntNtf4.dll
STS: Virtual Storage Mount Notification - {572E54EA-AF74-4A20-B30D-1B0254DBC2F1} - c:\windows\system32\cbfsMntNtf4.dll
IFEO: TaskMgr.exe - c:\documents and settings\jay\desktop\security tools\dtaskmanager\DTaskManager.exe
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 192.168.1.8 NMT
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jay\application data\mozilla\firefox\profiles\ruv5qlwc.original\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-12-22 06:44; ascsurfingprotection@iobit.com; c:\documents and settings\jay\application data\mozilla\firefox\profiles\ruv5qlwc.original\extensions\ascsurfingprotection@iobit.com
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-1-7 21512]
R0 crpf;crpf;c:\windows\system32\drivers\crpf.sys [2012-3-5 36752]
R0 csdf;cdsf;c:\windows\system32\drivers\csdf.sys [2012-3-5 39440]
R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [2007-2-21 30820]
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-9-16 57312]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-10-6 64288]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [2010-6-25 911680]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2012-3-12 17904]
R1 a2injectiondriver;a2injectiondriver;c:\program files\emsisoft anti-malware\a2dix86.sys [2012-3-12 37856]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\emsisoft anti-malware\a2util32.sys [2012-3-12 11776]
R1 AmgHips;AmgHips;c:\windows\system32\drivers\AmgHips.sys [2011-12-1 25248]
R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog32.sys [2012-7-24 81720]
R1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [2006-4-3 14949]
R1 cbfs4;cbfs4;c:\windows\system32\drivers\cbfs4.sys [2012-12-17 314376]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [2012-8-3 36112]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2012-11-7 18096]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-11-7 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-11-7 32640]
R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\drivers\CSN5PDTS82.sys [2012-4-10 28184]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-6-11 29768]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2010-12-24 112480]
R1 ProtectorDriver;ZeroVulnerabilityLabs ExploitShield;c:\program files\zerovulnerabilitylabs\exploitshield\ExploitShield.sys [2012-9-28 44472]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2010-11-22 143184]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2010-11-22 41936]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/08/11 23:01:39];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-3-13 87536]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2012-3-12 3089320]
R2 AKEProtect;AKEProtect;c:\program files\anti keylogger elite\AKEProtect.sys [2007-12-17 13351]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\common files\comodo\launcher_service.exe [2012-8-16 70352]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2012-11-7 1990464]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-8-4 21992]
R2 DCSPGSRV;DiamondCS ProcessGuard Service v3.500;c:\program files\processguard\DCSUserProt.exe [2010-4-30 31744]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\comodo\dragon\dragon_updater.exe [2012-12-19 1868432]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2009-7-10 38144]
R2 Ekauio;Ekahau NDIS Usermode I/O Protocol;c:\windows\system32\drivers\ekauio.sys [2009-4-7 12416]
R2 HopperP;WiFi Hopper (XP);c:\windows\system32\drivers\hopperp.sys [2008-11-21 21888]
R2 InputDirector;Input Director Service;c:\program files\input director\IDWinService.exe [2011-12-15 36864]
R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\nitro\pro 8\NitroPDFDriverService8.exe [2012-9-18 197128]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2012-9-18 69640]
R2 PDFSfilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [2012-8-23 69016]
R2 procguard;procguard;c:\windows\system32\drivers\procguard.sys [2010-4-30 26688]
R2 SocketLock;Raw Socket Lock Driver;c:\windows\system32\socketlock.sys [2012-10-1 3712]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2012-12-18 3463080]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2010-8-20 66944]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-11-11 70768]
R2 ZentimoService;Zentimo Assistant;c:\program files\zentimo\ZentimoService.exe [2010-11-3 262800]
R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2012-3-12 54072]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2008-11-25 173880]
R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2012-7-26 6609920]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2010-3-11 25088]
R3 vdiskbus;Virtual Disk Bus;c:\windows\system32\drivers\VDiskBus.sys [2007-2-21 35107]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\drivers\evsbc.sys [2007-10-29 26448]
R3 ZRTP;ZRTP Service;c:\windows\system32\drivers\zrtp.sys [2009-3-22 1052768]
S1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\drivers\csn5pdts82x64.sys --> c:\windows\system32\drivers\CSN5PDTS82x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2012-12-20 168384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\common files\abbyy\finereader\10.00\licensing\pe\NetworkLicenseServer.exe [2009-12-10 814344]
S3 ADExchange;ArcSoft Exchange Service;c:\program files\common files\arcsoft\esinter\bin\eservutil.exe [2011-10-26 37280]
S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-6-25 160704]
S3 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-6-25 2480048]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2008-9-5 111896]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 25864]
S3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\cyberghost vpn\CGVPNCliService.exe [2011-10-28 2428968]
S3 CommIpw;[CommView] Intel® PRO/Wireless 7100 Adapter Driver;c:\windows\system32\drivers\commipw.sys [2008-10-27 238080]
S3 COMMSYM;CommView/WiFi Driver by TamoSoft;c:\windows\system32\drivers\commsym.sys [2008-10-27 91392]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-1-1 66112]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.SYS [2000-9-19 3584]
S3 DrvSnSht;DrvSnSht;c:\program files\r-drive image\DrvSnSht.sys [2008-11-1 94608]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-1-11 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-1-11 8456]
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\drivers\evserial.sys [2007-10-29 52944]
S3 Ext2Fsd;Linux ext2 file system driver;c:\windows\system32\drivers\ext2fsd.sys [2010-3-24 686360]
S3 Ext2Mgr;Ext2 Volume Manger;c:\program files\ext2fsd\ext2mgr.exe -service -hide --> c:\program files\ext2fsd\Ext2Mgr.exe -service -hide [?]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2008-2-19 106624]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2008-2-9 59648]
S3 GtDetectSc;GtDetectSc;c:\program files\option\globetrotter connect\GtDetectSc.exe [2008-5-1 200704]
S3 gupdate1c9ce7e24e1579e;Google Update Service (gupdate1c9ce7e24e1579e);c:\program files\google\update\GoogleUpdate.exe [2009-10-16 133104]
S3 HNMQL;HNMQL;c:\docume~1\jay\locals~1\temp\HNMQL.exe [2012-12-20 379776]
S3 INFUNLTD;INFUNLTD;c:\windows\system32\drivers\SiUSBXp.sys [2007-6-29 14848]
S3 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-7-2 26248]
S3 kguard;kguard;\??\c:\program files\firelion softwares\anti keyloggers\kguard.sys --> c:\program files\firelion softwares\anti keyloggers\kguard.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-3 22856]
S3 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-17 399432]
S3 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-3 676936]
S3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-7-16 35088]
S3 Omni-NFS Server;Omni-NFS Server;c:\program files\nfserver\nfsd.exe [2007-7-25 237626]
S3 PCANDIS5_WIFISCAN.SYS;PCANDIS5_WIFISCAN.SYS;c:\program files\eeye digital security\retina wireless scanner\PCANDIS5_WIFISCAN.SYS [2009-6-3 22131]
S3 PEEK5;PEEK5 Protocol Driver;c:\docume~1\jay\desktop\winair~1.6\PEEK5.SYS [2012-4-15 13184]
S3 PRISM_USB;D-Link Air Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [2003-10-3 666624]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2011-12-16 15544]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2010-5-15 38976]
S3 R-ImageDisk;R-ImageDisk;c:\program files\r-drive image\R-ImageDisk.sys [2009-12-3 126542]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2007-6-19 25773]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-5-15 27064]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-7-19 335104]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-10-22 599936]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2009-7-10 323328]
S3 SaxNDIS;Ax3soft Packet Driver (SaxNDIS);c:\windows\system32\drivers\SAXNDIS.sys [2008-10-30 35840]
S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-11-23 125824]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-12-20 1103392]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-12-20 1369624]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-6-27 1326176]
S3 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-6-27 681056]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2007-6-29 14848]
S3 softctrl;Software Flow Control Driver;c:\windows\system32\drivers\softctrl.sys [2005-12-12 9760]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-1-1 180672]
S3 ssudnflt;Remote NDIS Filter Driver;c:\windows\system32\drivers\ssudnflt.sys [2012-1-1 15936]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [2008-8-21 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [2008-8-21 142976]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]
S3 tap0801co;TAP-Win32 Adapter V8 (coLinux);c:\windows\system32\drivers\tap0801co.sys [2004-7-10 24576]
S3 tvnserver;TightVNC Server;c:\program files\common files\comodo\tvnserver.exe [2012-1-27 828944]
S3 UTEWP;UTEWP;c:\docume~1\jay\locals~1\temp\UTEWP.exe [2012-12-20 449408]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-10-8 100560]
S3 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-11-11 539248]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-15 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-10-6 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-10-6 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-10-6 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-10-6 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-10-6 25704]
S3 XLink LPD;XLink LPD;c:\program files\nfserver\Lpd.exe [2007-7-25 118784]
S3 YZHDED;YZHDED;c:\docume~1\jay\locals~1\temp\YZHDED.exe [2012-12-20 592768]
S4 BootlogService;BootlogService;c:\program files\greatis\bootlog xp\BootLogService.exe [2010-6-30 65248]
S4 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo hdd control\DfSdkS.exe [2011-9-7 406016]
S4 Franson GpsGate 2.0;Franson GpsGate 2.0;c:\program files\franson\gpsgate 2.0\GpsGateService.exe [2008-9-12 258048]
S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\futuremark\futuremark systeminfo\FMSISvc.exe [2011-11-23 135584]
S4 gfi_lanss9_attservice;GFI LANguard 9.0 Attendant Service;c:\program files\gfi\languard 9.0\lnssatt.exe [2009-7-9 329072]
S4 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-2-29 12856]
S4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-7-12 47640]
S4 MyConnectionServer-24cecd90;Visualware MyConnection Server (#24cecd90);c:\program files\myconnection server\msserver.exe [2010-6-8 639708]
.
=============== File Associations ===============
.
FileExt: .txt: TextPad.txt="c:\program files\textpad 6\TextPad.exe" -s
FileExt: .ini: TextPad.ini=notepad.exe %1
ShellExec: DAZZLE.EXE: open=c:\program files\envelope manager\dazzle\DAZZLE.EXE
ShellExec: DAZZLE.EXE: print=c:\program files\envelope manager\dazzle\DAZZLE.EXE
.
=============== Created Last 30 ================
.
2012-12-21 16:44:35 -------- d-----w- c:\documents and settings\all users\application data\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2012-12-21 16:43:47 -------- d-----w- c:\program files\IObit
2012-12-21 07:30:08 -------- d-----w- c:\program files\Elcomsoft Password Recovery
2012-12-21 07:30:08 -------- d-----w- c:\documents and settings\all users\application data\Elcomsoft Password Recovery
2012-12-19 17:54:36 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-12-19 17:54:21 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-12-19 17:37:05 -------- d-----w- C:\Emsisoft
2012-12-18 01:59:34 -------- d-----w- C:\VritualRoot
2012-12-18 01:57:38 40496 ----a-w- c:\windows\system32\drivers\sfi.dat
2012-12-18 01:49:14 -------- d-----w- c:\documents and settings\all users\application data\Comodo
2012-12-17 19:07:45 -------- d-----w- c:\program files\PipStrider™
2012-12-17 15:15:05 -------- d-----w- c:\documents and settings\jay\local settings\application data\Secomba_GmbH
2012-12-17 15:06:24 170344 ----a-w- c:\windows\system32\cbfsMntNtf4.dll
2012-12-17 15:06:18 235880 ----a-w- c:\windows\system32\cbfsNetRdr4.dll
2012-12-17 15:05:29 9064 ----a-w- c:\windows\system32\elevtmsg.dll
2012-12-17 15:05:29 314376 ----a-w- c:\windows\system32\drivers\cbfs4.sys
2012-12-17 15:05:21 -------- d-----w- c:\program files\BoxCryptor
2012-12-17 14:41:21 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-12-17 14:41:21 -------- d-----w- c:\windows\system32\wbem\Repository
2012-12-17 14:11:39 -------- d-----w- c:\documents and settings\jay\application data\Uninstaller Tool(Comodo Forums)
2012-12-17 10:10:42 -------- d--h--w- c:\program files\WindowsUpdate
2012-12-17 09:15:08 -------- d-----w- c:\documents and settings\jay\YamicsoftDisabled
2012-12-16 21:47:06 -------- d-----w- c:\documents and settings\jay\application data\osphone
2012-12-16 21:46:01 -------- d-----w- c:\program files\OneSuite
2012-12-14 02:04:38 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-12 16:12:24 -------- dc-h--w- c:\documents and settings\all users\application data\{A62AB9D5-FDCF-49B1-9F0A-F80A3E614529}
2012-12-07 14:35:06 54784 ------w- c:\windows\system32\Forex Trader Console.exe
2012-12-07 14:35:05 1626624 ------w- c:\windows\system32\OU_Loader.dll
2012-12-07 14:35:04 -------- d-----w- c:\program files\Fly Right Software
2012-12-06 12:01:19 -------- d-----w- c:\program files\Dropbox
2012-11-26 10:36:58 -------- d-----w- c:\documents and settings\jay\application data\JAM Software
.
==================== Find3M ====================
.
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 02:39:58 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-14 02:04:13 859072 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-14 02:04:13 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-12 16:12:28 81720 ----a-w- c:\windows\system32\drivers\AntiLog32.sys
2012-12-12 02:30:35 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 02:30:35 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-28 17:49:00 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
2012-11-22 00:43:14 112480 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2012-11-16 12:08:02 11004488 ----a-w- c:\program files\common files\lpuninstall.exe
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-07 23:37:35 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-07 23:37:34 301264 ----a-w- c:\windows\system32\guard32.dll
2012-11-07 16:38:18 32640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-07 16:38:16 497952 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-07 16:38:14 18096 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
2012-10-24 20:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-24 20:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-04 10:28:40 241016 ----a-w- c:\windows\system32\PDBoot.exe
2012-10-03 19:01:58 20240 ----a-w- c:\windows\system32\plkmon32.dll
2012-10-02 20:49:32 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
2012-10-01 23:43:19 30601 ----a-w- c:\windows\java\x.exe
2012-09-30 20:18:08 3712 ----a-w- c:\windows\system32\socketlock.sys
2012-09-29 12:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2006-05-03 09:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
.
============= FINISH: 21:48:18.26 ===============

Attached Files



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:09 PM

Posted 23 December 2012 - 02:33 PM

Hi Jason,

Thank you for patiently waiting. I am afraid your computer is infected.

Here are a few things to consider and do for me please.


===================================================


P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.


===================================================


Multiple Antivirus Programs

-------------------

There is evidence in your log about multiple antivirus programs which either are, or have been installed on your computer.

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove all but one of your antivirus programs.


===================================================


Spybot S&D No Longer Recommended

--------------------

MVPS.org is no longer recommending Spybot S&D due to poor testing results. (scroll down on the web site and read under Freeware Antispyware Products)

Further, most people don't understand Spybot's TeaTimer or how to use it and that feature can cause more problems than it's worth. TeaTimer monitors changes to certain critical keys in Windows registry but does not indicate if the change is normal or a modification made by a malware infection. The user must have an understanding of the registry and how TeaTimer works in order to make informed decisions to allow or deny the detected changes. Additionally, TeaTimer may conflict with other security tools which do a much better job of protecting your computer and even prevent disinfection of malware by those tools.

I strongly recommend uninstalling Spybot Search & Destroy. The presence of this program can make cleaning your computer more difficult.

Please go to Start > Control Panel > Add/Remove Programs (or Programs and Features) and delete the program.


===================================================


ComboFix

--------------------

For a more detailed explanation on running Combofix and the prompts you will be following please see here.

Please download ComboFix from one of these locations and save it to your desktop:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

  • Note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista/Windows 7, ComboFix will skip the below Recovery Console pop ups and continue its malware removal procedure.

Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Posted Image



Click on Yes, to continue scanning for malware.

Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.

  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue[/list]

If Combofix fails to run properly using the above instructions please attempt the following:

  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it

===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.


    Posted Image
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


    Posted Image
  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Combofix log
  • aswMBR log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#8 Jayman007

Jayman007
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 25 December 2012 - 01:39 AM

ComboFix 12-12-23.01 - Jay 12/25/2012 1:03.15.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2511 [GMT 7:00]
Running from: c:\documents and settings\Jay\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: Emsisoft Anti-Malware *Disabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Jay\Application Data\Otto
c:\documents and settings\Jay\Application Data\Otto\config.set
c:\documents and settings\Jay\WINDOWS
c:\documents and settings\Jay\WINDOWS\win.ini
c:\program files\Emsisoft Anti-Malware\a2hooks32.dll
c:\windows\system32\default_user_class.dat.LOG
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2012-11-24 to 2012-12-24 )))))))))))))))))))))))))))))))
.
.
2012-12-21 17:30 . 2012-12-21 17:30 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\IObit
2012-12-21 16:44 . 2012-12-21 16:44 -------- d-----w- c:\documents and settings\All Users\Application Data\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2012-12-21 16:43 . 2012-12-21 16:43 -------- d-----w- c:\program files\IObit
2012-12-21 07:30 . 2012-12-21 07:30 -------- d-----w- c:\program files\Elcomsoft Password Recovery
2012-12-21 07:30 . 2012-12-21 07:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Elcomsoft Password Recovery
2012-12-19 17:54 . 2009-01-25 05:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-12-19 17:54 . 2012-12-19 17:54 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-12-19 17:37 . 2012-12-19 17:37 -------- d-----w- C:\Emsisoft
2012-12-18 01:59 . 2012-12-18 01:59 -------- d-----w- C:\VritualRoot
2012-12-18 01:57 . 2012-12-18 10:13 40496 ----a-w- c:\windows\system32\drivers\sfi.dat
2012-12-18 01:49 . 2012-12-18 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2012-12-17 19:07 . 2012-12-17 19:07 -------- d-----w- c:\program files\PipStrider™
2012-12-17 15:15 . 2012-12-17 15:15 -------- d-----w- c:\documents and settings\Jay\Local Settings\Application Data\Secomba_GmbH
2012-12-17 15:06 . 2012-12-04 11:44 170344 ----a-w- c:\windows\system32\cbfsMntNtf4.dll
2012-12-17 15:06 . 2012-12-04 11:45 235880 ----a-w- c:\windows\system32\cbfsNetRdr4.dll
2012-12-17 15:05 . 2012-12-04 11:45 9064 ----a-w- c:\windows\system32\elevtmsg.dll
2012-12-17 15:05 . 2012-12-04 11:37 314376 ----a-w- c:\windows\system32\drivers\cbfs4.sys
2012-12-17 15:05 . 2012-12-17 15:06 -------- d-----w- c:\program files\BoxCryptor
2012-12-17 14:41 . 2012-12-17 14:41 -------- d-----w- c:\windows\system32\wbem\Repository
2012-12-17 14:11 . 2012-12-17 14:11 -------- d-----w- c:\documents and settings\Jay\Application Data\Uninstaller Tool(Comodo Forums)
2012-12-17 09:15 . 2012-12-17 09:15 -------- d-----w- c:\documents and settings\Jay\YamicsoftDisabled
2012-12-16 21:47 . 2012-12-16 21:47 -------- d-----w- c:\documents and settings\Jay\Application Data\osphone
2012-12-16 21:46 . 2012-12-16 21:46 -------- d-----w- c:\program files\OneSuite
2012-12-14 02:26 . 2012-12-14 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2012-12-14 02:04 . 2012-12-14 02:04 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-12 16:12 . 2012-12-12 16:12 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{A62AB9D5-FDCF-49B1-9F0A-F80A3E614529}
2012-12-07 14:35 . 2012-08-14 21:52 54784 ------w- c:\windows\system32\Forex Trader Console.exe
2012-12-07 14:35 . 2012-08-08 15:02 1626624 ------w- c:\windows\system32\OU_Loader.dll
2012-12-07 14:35 . 2012-12-07 14:35 -------- d-----w- c:\program files\Fly Right Software
2012-12-06 12:01 . 2012-12-06 12:01 -------- d-----w- c:\program files\Dropbox
2012-11-26 10:36 . 2012-11-26 10:36 -------- d-----w- c:\documents and settings\Jay\Application Data\JAM Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2008-04-15 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 02:39 . 2012-06-18 12:38 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-14 02:04 . 2012-01-15 13:52 859072 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-14 02:04 . 2010-04-29 08:42 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-12 16:12 . 2012-07-24 11:46 81720 ----a-w- c:\windows\system32\drivers\AntiLog32.sys
2012-12-12 02:30 . 2012-09-11 09:09 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 02:30 . 2012-09-11 09:09 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-28 17:49 . 2010-03-11 09:17 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
2012-11-22 00:43 . 2010-12-23 19:00 112480 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2012-11-16 12:08 . 2012-08-25 11:18 11004488 ----a-w- c:\program files\Common Files\lpuninstall.exe
2012-11-13 01:25 . 2008-04-15 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-07 23:37 . 2011-10-21 09:02 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-07 23:37 . 2011-12-19 11:58 301264 ----a-w- c:\windows\system32\guard32.dll
2012-11-07 16:38 . 2012-11-07 16:38 99080 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-11-07 16:38 . 2012-11-07 16:38 32640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-07 16:38 . 2012-11-07 16:38 497952 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-07 16:38 . 2012-11-07 16:38 18096 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-02 02:02 . 2008-04-15 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2008-04-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2008-04-15 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2008-04-15 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2008-04-15 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-10-26 23:36 . 2012-10-26 23:36 98304 ----a-r- c:\documents and settings\Jay\Application Data\Microsoft\Installer\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}\icons.exe
2012-10-24 20:12 . 2012-10-24 20:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-24 20:12 . 2012-10-24 20:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-04 10:28 . 2012-10-04 10:28 241016 ----a-w- c:\windows\system32\PDBoot.exe
2012-10-03 19:01 . 2012-10-03 19:01 20240 ----a-w- c:\windows\system32\plkmon32.dll
2012-10-02 20:49 . 2012-10-02 20:49 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-10-02 18:04 . 2008-04-15 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-10-01 23:43 . 2010-10-13 18:25 30601 ----a-w- c:\windows\java\x.exe
2012-09-30 20:18 . 2012-09-30 20:18 3712 ----a-w- c:\windows\system32\socketlock.sys
2012-09-29 12:54 . 2012-01-02 21:29 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-27 10:52 . 2012-09-27 10:51 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sha-r- c:\windows\system32\nbDX.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-12-18 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2010-05-17 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Jay\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Jay\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Jay\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Jay\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay-cbfs4]
@="{A55BFE96-9CB8-4A86-90D1-2EC7AB9AC251}"
[HKEY_CLASSES_ROOT\CLSID\{A55BFE96-9CB8-4A86-90D1-2EC7AB9AC251}]
2012-12-04 11:44 170344 ----a-w- c:\windows\system32\cbfsMntNtf4.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartupMonitor"="c:\windows\StartupMonitor.exe" [2000-05-20 86016]
"pgaccount"="c:\program files\ProcessGuard\pgaccount.exe" [2008-07-25 120832]
"!1_ProcessGuard_Startup"="c:\program files\ProcessGuard\procguard.exe" [2008-07-25 267287]
"StatBar"="c:\program files\GLOBE SOFTWARE\StatBar\StatBar.exe" [2010-08-19 335872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2012-03-28 1407248]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-03-28 1210640]
"KeyScrambler"="c:\program files\KeyScrambler\keyscrambler.exe" [2012-06-08 431760]
"AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2012-12-04 14597616]
"emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe" [2012-11-26 3365288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KeyScrambler"="c:\program files\KeyScrambler\getting_started.html" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-10 44544]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-29 576104]
Install LastPass FF RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2012-8-25 11004488]
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2012-8-25 11004488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 00000000
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{572E54EA-AF74-4A20-B30D-1B0254DBC2F1}"= "c:\windows\system32\cbfsMntNtf4.dll" [2012-12-04 170344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"EldosMountNotificator-cbfs4"= {572E54EA-AF74-4A20-B30D-1B0254DBC2F1} - c:\windows\system32\cbfsMntNtf4.dll [2012-12-04 170344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
2008-11-02 13:48 87352 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\KeyScrambler]
2012-03-08 05:05 113464 ----a-w- c:\windows\system32\KeyScramblerLogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-12-14 18:43 788744 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk /r \??\c:\0autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2012-11-08 00:06 109336 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Gizmo Project\\mDNSResponder.exe"=
"c:\\Program Files\\Gizmo Project\\Gizmo.exe"=
"c:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"d:\\Downloads\\utorrent.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\ElcomSoft\\Distributed Password Recovery\\esdprs.exe"=
"c:\\Program Files\\ElcomSoft\\Distributed Password Recovery\\esdpr.exe"=
"c:\\Program Files\\ElcomSoft\\Distributed Password Recovery\\esda.exe"=
"c:\\Documents and Settings\\Jay\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Jay\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\AWUS036H Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Airlink101\\Airlink101 WLAN Monitor\\RtWLan.exe"=
"d:\\Downloads\\utorrent_4.exe"=
"d:\\Downloads\\utorrent_5.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Program Files\\IDA\\idag.exe"=
"c:\\Program Files\\IDA\\idag64.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Documents and Settings\\Jay\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\Jay\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Input Director\\InputDirector.exe"=
"c:\\Program Files\\Input Director\\InputDirectorSessionHelper.exe"=
"c:\\Program Files\\Input Director\\InputDirectorClipboardHelper.exe"=
"c:\\Program Files\\Common Files\\Comodo\\tvnserver.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1542:TCP"= 1542:TCP:WPS TCP Prot
"1542:UDP"= 1542:UDP:WPS UDP Prot
"53:UDP"= 53:UDP:AP UDP Prot
"12121:TCP"= 12121:TCP:ElcomSoft Distributed Agents TCP Port
"12122:TCP"= 12122:TCP:ElcomSoft Distributed Password Recovery Console TCP Port
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [1/7/2009 23:39 21512]
R0 crpf;crpf;c:\windows\system32\drivers\crpf.sys [3/5/2012 23:31 36752]
R0 csdf;cdsf;c:\windows\system32\drivers\csdf.sys [3/5/2012 23:31 39440]
R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [2/21/2007 03:53 30820]
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [9/16/2010 17:29 57312]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/6/2010 01:35 64288]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [6/25/2010 04:20 911680]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [3/12/2012 03:44 17904]
R1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [3/12/2012 03:44 37856]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [3/12/2012 03:44 11776]
R1 AmgHips;AmgHips;c:\windows\system32\drivers\AmgHips.sys [12/1/2011 22:33 25248]
R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog32.sys [7/24/2012 18:46 81720]
R1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [4/3/2006 22:00 14949]
R1 cbfs4;cbfs4;c:\windows\system32\drivers\cbfs4.sys [12/17/2012 22:05 314376]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [8/3/2012 10:23 36112]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [11/7/2012 23:38 18096]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [11/7/2012 23:38 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [11/7/2012 23:38 32640]
R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\drivers\CSN5PDTS82.sys [4/10/2012 16:25 28184]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [6/11/2008 19:05 29768]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [12/24/2010 02:00 112480]
R1 ProtectorDriver;ZeroVulnerabilityLabs ExploitShield;c:\program files\ZeroVulnerabilityLabs\ExploitShield\ExploitShield.sys [9/28/2012 21:56 44472]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [11/22/2010 06:06 143184]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [11/22/2010 06:06 41936]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/08/11 23:01];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [3/13/2010 12:58 87536]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [3/12/2012 03:44 3089320]
R2 AKEProtect;AKEProtect;c:\program files\Anti Keylogger Elite\AKEProtect.sys [12/17/2007 00:26 13351]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common Files\Comodo\launcher_service.exe [8/16/2012 09:14 70352]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [8/4/2011 21:19 21992]
R2 DCSPGSRV;DiamondCS ProcessGuard Service v3.500;c:\program files\ProcessGuard\DCSUserProt.exe [4/30/2010 23:30 31744]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [12/19/2012 21:03 1868432]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [7/10/2009 19:56 38144]
R2 Ekauio;Ekahau NDIS Usermode I/O Protocol;c:\windows\system32\drivers\ekauio.sys [4/7/2009 19:45 12416]
R2 HopperP;WiFi Hopper (XP);c:\windows\system32\drivers\hopperp.sys [11/21/2008 13:38 21888]
R2 InputDirector;Input Director Service;c:\program files\Input Director\IDWinService.exe [12/15/2011 08:01 36864]
R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Nitro\Pro 8\NitroPDFDriverService8.exe [9/18/2012 14:28 197128]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [9/18/2012 14:28 69640]
R2 PDFSFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [8/23/2012 17:56 69016]
R2 procguard;procguard;c:\windows\system32\drivers\procguard.sys [4/30/2010 23:30 26688]
R2 SocketLock;Raw Socket Lock Driver;c:\windows\system32\socketlock.sys [10/1/2012 03:18 3712]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [12/18/2012 09:25 3463080]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [8/20/2010 16:19 66944]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [8/19/2011 09:26 450848]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [11/11/2010 13:48 70768]
R2 ZentimoService;Zentimo Assistant;c:\program files\Zentimo\ZentimoService.exe [11/3/2010 19:55 262800]
R3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [3/12/2012 03:44 54072]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [11/25/2008 17:55 173880]
R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [7/26/2012 22:26 6609920]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [5/21/2007 18:22 47360]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [3/11/2010 16:17 25088]
R3 vdiskbus;Virtual Disk Bus;c:\windows\system32\drivers\VDiskBus.sys [2/21/2007 03:47 35107]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\drivers\evsbc.sys [10/29/2007 04:23 26448]
R3 ZRTP;ZRTP Service;c:\windows\system32\drivers\zrtp.sys [3/22/2009 20:43 1052768]
S1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82x64.sys --> c:\windows\system32\Drivers\CSN5PDTS82x64.sys [?]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [12/20/2012 00:54 168384]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [11/9/2012 11:21 160944]
S3 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [12/10/2009 23:04 814344]
S3 ADExchange;ArcSoft Exchange Service;c:\program files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [10/26/2011 09:32 37280]
S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [6/25/2010 04:20 160704]
S3 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [6/25/2010 04:20 2480048]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [9/5/2008 05:09 111896]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [12/7/2008 12:44 25864]
S3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [10/28/2011 17:39 2428968]
S3 CommIpw;[CommView] Intel® PRO/Wireless 7100 Adapter Driver;c:\windows\system32\drivers\commipw.sys [10/27/2008 20:23 238080]
S3 COMMSYM;CommView/WiFi Driver by TamoSoft;c:\windows\system32\drivers\commsym.sys [10/27/2008 20:23 91392]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 11336]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [1/1/2012 20:14 66112]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.SYS [9/19/2000 11:16 3584]
S3 DrvSnSht;DrvSnSht;c:\program files\R-Drive Image\DrvSnSht.sys [11/1/2008 22:46 94608]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [1/11/2012 17:59 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [1/11/2012 17:59 8456]
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\drivers\evserial.sys [10/29/2007 04:23 52944]
S3 Ext2Fsd;Linux ext2 file system driver;c:\windows\system32\drivers\ext2fsd.sys [3/24/2010 11:40 686360]
S3 Ext2Mgr;Ext2 Volume Manger;c:\program files\Ext2Fsd\Ext2Mgr.exe -service -hide --> c:\program files\Ext2Fsd\Ext2Mgr.exe -service -hide [?]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2/19/2008 06:14 106624]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2/9/2008 02:00 59648]
S3 GtDetectSc;GtDetectSc;c:\program files\Option\GlobeTrotter Connect\GtDetectSc.exe [5/1/2008 08:52 200704]
S3 gupdate1c9ce7e24e1579e;Google Update Service (gupdate1c9ce7e24e1579e);c:\program files\Google\Update\GoogleUpdate.exe [10/16/2009 01:49 133104]
S3 HNMQL;HNMQL;c:\docume~1\Jay\LOCALS~1\Temp\HNMQL.exe --> c:\docume~1\Jay\LOCALS~1\Temp\HNMQL.exe [?]
S3 INFUNLTD;INFUNLTD;c:\windows\system32\drivers\SiUSBXp.sys [6/29/2007 15:00 14848]
S3 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 17:53 13672]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [7/2/2008 14:58 26248]
S3 kguard;kguard;\??\c:\program files\FireLion Softwares\Anti Keyloggers\kguard.sys --> c:\program files\FireLion Softwares\Anti Keyloggers\kguard.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/3/2012 04:29 22856]
S3 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/17/2012 20:58 399432]
S3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/3/2012 04:29 676936]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [7/16/2010 07:45 35088]
S3 Omni-NFS Server;Omni-NFS Server;c:\program files\Nfserver\nfsd.exe [7/25/2007 02:10 237626]
S3 PCANDIS5_WIFISCAN.SYS;PCANDIS5_WIFISCAN.SYS;c:\program files\eEye Digital Security\Retina Wireless Scanner\PCANDIS5_WIFISCAN.SYS [6/3/2009 15:25 22131]
S3 PEEK5;PEEK5 Protocol Driver;c:\docume~1\Jay\Desktop\WINAIR~1.6\PEEK5.SYS [4/15/2012 02:41 13184]
S3 PRISM_USB;D-Link Air Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [10/3/2003 05:47 666624]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [12/16/2011 21:19 15544]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [5/15/2010 04:29 38976]
S3 R-ImageDisk;R-ImageDisk;c:\program files\R-Drive Image\R-ImageDisk.sys [12/3/2009 00:06 126542]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [6/19/2007 00:03 25773]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [5/15/2010 15:14 27064]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [7/19/2009 02:00 335104]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [10/22/2010 00:14 599936]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [7/10/2009 17:16 323328]
S3 SaxNDIS;Ax3soft Packet Driver (SaxNDIS);c:\windows\system32\drivers\SAXNDIS.sys [10/30/2008 09:52 35840]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [12/20/2012 00:54 1103392]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [12/20/2012 00:54 1369624]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [6/27/2012 14:25 1326176]
S3 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [6/27/2012 14:25 681056]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [6/29/2007 15:00 14848]
S3 softctrl;Software Flow Control Driver;c:\windows\system32\drivers\softctrl.sys [12/12/2005 08:36 9760]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [1/1/2012 20:14 180672]
S3 ssudnflt;Remote NDIS Filter Driver;c:\windows\system32\drivers\ssudnflt.sys [1/1/2012 20:14 15936]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [8/21/2008 03:35 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [8/21/2008 03:36 142976]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [10/1/2006 19:37 26624]
S3 tap0801co;TAP-Win32 Adapter V8 (coLinux);c:\windows\system32\drivers\tap0801co.sys [7/10/2004 21:54 24576]
S3 tvnserver;TightVNC Server;c:\program files\Common Files\Comodo\tvnserver.exe [1/27/2012 09:47 828944]
S3 UTEWP;UTEWP;c:\docume~1\Jay\LOCALS~1\Temp\UTEWP.exe --> c:\docume~1\Jay\LOCALS~1\Temp\UTEWP.exe [?]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [10/8/2010 15:57 100560]
S3 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [11/11/2010 12:31 539248]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [10/6/2011 19:00 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [10/6/2011 19:07 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [10/6/2011 19:09 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [10/6/2011 19:11 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [10/6/2011 19:12 25704]
S3 XLink LPD;XLink LPD;c:\program files\Nfserver\Lpd.exe [7/25/2007 02:10 118784]
S3 YZHDED;YZHDED;c:\docume~1\Jay\LOCALS~1\Temp\YZHDED.exe --> c:\docume~1\Jay\LOCALS~1\Temp\YZHDED.exe [?]
S4 BootlogService;BootlogService;c:\program files\Greatis\BootLog XP\BootLogService.exe [6/30/2010 23:47 65248]
S4 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo HDD Control\DfSdkS.exe [9/7/2011 19:18 406016]
S4 Franson GpsGate 2.0;Franson GpsGate 2.0;c:\program files\Franson\GpsGate 2.0\GpsGateService.exe [9/12/2008 01:58 258048]
S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [11/23/2011 18:16 135584]
S4 gfi_lanss9_attservice;GFI LANguard 9.0 Attendant Service;c:\program files\GFI\LANguard 9.0\lnssatt.exe [7/9/2009 22:02 329072]
S4 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2/29/2008 05:31 12856]
S4 MyConnectionServer-24cecd90;Visualware MyConnection Server (#24cecd90);c:\program files\MyConnection Server\msserver.exe [6/8/2010 08:31 639708]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PROCEXP152
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
CtServ REG_MULTI_SZ CtServ
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-11 02:30]
.
2012-12-24 c:\windows\Tasks\ExploitShield.job
- c:\program files\ZeroVulnerabilityLabs\ExploitShield\Loader32.exe [2012-12-17 18:12]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>;192.168.1.1/32
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: &NeoTrace It! - c:\progra~1\NeoTracePro\NTXcontext.htm
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Power Favorites - c:\program files\Desksware\Power Favorites\copyurl.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download FLV videos with IDM from 10 last requested - c:\program files\Internet Download Manager\IEGetVL2.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: LastPass - file://c:\documents and settings\Jay\Local Settings\Application Data\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\documents and settings\Jay\Local Settings\Application Data\LastPass\context.html?cmd=fillforms
IE: Open using &Advanced JPEG Compressor - c:\program files\Advanced JPEG Compressor\ajcieex.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
Trusted Zone: bankofamerica.com
Trusted Zone: commerceonline.com
Trusted Zone: ingdirect.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\office
Trusted Zone: turbotax.com
Trusted Zone: wamu.com
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D3E674A5-B19F-440B-B309-579EAB421B0D}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{E6C50908-72A7-4C6C-A37F-3E492BFA656B}: NameServer = 8.26.56.26,156.154.70.22
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-12-22 06:44; ascsurfingprotection@iobit.com; c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\ascsurfingprotection@iobit.com
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 0
.
.
------- File Associations -------
.
.txt=TextPad.txt
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-25 01:48
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\LocalService\Software\AppDataLow\ISWVolatile]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-20\Software\Adobe\Adobe Acrobat]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-20\Software\AppDataLow\ISWVolatile]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3030420016-499448262-1378471451-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3030420016-499448262-1378471451-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{08D2654C-9275-604C-35D2-5C87A2860D2A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abdcijppfopfkfcfaplclbiepocogeeldl"=hex:65,62,64,63,6e,6a,6c,66,6a,63,67,68,
6a,6f,6e,6f,6e,6e,6c,6c,6e,6f,61,6a,6c,62,6b,68,67,6c,68,66,63,65,62,6e,6d,\
"bbdcijppfopfkfcfapcdicohimcancfgdehc"=hex:61,62,69,65,6b,61,6e,65,67,6e,66,6e,
67,62,70,70,6f,6d,65,6e,69,67,66,6c,6e,63,6d,66,6b,6e,63,68,69,61,00,6e
.
[HKEY_USERS\S-1-5-21-3030420016-499448262-1378471451-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{27BB9111-A1FB-2D48-41C8-CD6437B06101}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"fabbhimegjfc"=hex:6f,62,6e,70,69,69,61,6b,6f,66,68,69,6c,69,69,6f,6d,70,62,65,
69,67,6e,64,64,69,6b,62,62,61,69,70,70,61,64,67,67,6d,6c,6d,6c,70,6c,6a,68,\
"gaepabcffepgdl"=hex:6f,61,66,63,61,6e,66,6e,68,67,67,6c,64,6b,67,6b,65,70,62,
6b,67,64,6f,62,6f,68,66,6b,6e,70,00,00
"gabpbblhbdfpnm"=hex:63,62,68,63,6b,6d,63,64,70,67,6c,65,62,6e,68,6f,6c,65,69,
6f,70,6a,6d,61,69,70,6e,6c,64,63,6c,66,6a,68,67,67,6d,6d,00,76
.
[HKEY_USERS\S-1-5-21-3030420016-499448262-1378471451-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2AFEB829-80AF-7B30-ABAE-A8AB6190F1DA}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"ialgpejkgfahfakejo"=hex:6a,61,69,61,6f,6f,6e,69,69,63,68,6e,6a,61,6b,66,67,67,
68,64,00,f5
"hafgbdeoagfkceno"=hex:6a,61,69,61,6f,6f,6e,69,69,63,68,6e,6a,61,6b,66,67,67,
68,64,00,fa
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="BCECE7E716C1175A2F644315D2C45867A3A2F01E8CEFD3F29AABD610EDCD41DA727BB966A00550A46882D14E91FAC71CA9EEF7ADCF4135CF78C05480F459A6CF5CB5AC0920C482C2E780B24502E1DB4E06D26FC2F221684662323CB8A302F9345727416F53E890AB72AC158719B677EE8602DAF9444173E14FBA7FFC421080D022AD7BB198EEA38330ABAE96F1CBFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667C038D530D6EB3452BA7FD869164D679492F7C768EB2F42608545226C0F7421F2EA9E3C53B215F00A5878253A2698231A82F4290B313AEDE30DF9A02DE2DD51D1E817359202E135AC44394D11F9389219062BFA0A69D42E68DC70FE5E31EADF39E1655C3EA275F66841B4F93DAD981653FB1F533BB04B3AE237083E9D46D440F117643CD73197FD7C31E5DC4450AFEF1B0A06AE4A27DEF0DB9FD4C35A73C9065C0E25C4B3D0813BBA3BF80F7F746408DA144A6E35F0455172DC1ED9D70C6D6DE88F6CC5FAA565C18CC84F0B1DB013EC0EC70AD64FB4A602D57D60ABADE954D19E2833F629DA6346EB87FEB09E9F0DCA45121A10BE9E20CA4C4F484C49E888B798AA2573119D94A56869D1C2DA5F1478A4A87EA67FDDC2192FE7BC32686A09C2032A23B7D59E82DE2526C569F99261ECE301F38A5EA6147D6C9ED3349FD2473EA2024228F014AD1459B68A2F7B62A0C2D0D5E69001AF8C2D03105891578AA818CBCCCA89AF39870C51D90704AF76F23CC9A8FAF05B361A808B1DCA6B49FD87E1E96E3808B0C8F732EA1154BA3DFDEBBB443906C7B9F89CF42CE85FC5889F3350FA0A3C30EB0759151AA2408B9DAC124948921496BA3B692BA3DAFA8BF5E0EB3F10093BF527387BE7E6994C921F396311717BE140CFC549E7C2223C0ACA3E69AB5299CC2F01A5A1026AC3AD4DE1DCCEE2F187638F42E27A95EFAA70729231D4B7F8AC3F16E91E82DC5632CD9F5DD639B28B07BDADAAE22DBE23AC9CD9AB3B4B2AD37690C8A573C798EC3B4B52DA6BF81898914C2EF8998515EA9DF73ACCE1DFEA45F0784A4FF912F7057AF60F785EDB4F04829E82EF5E9EEE673AECEF7B2E1988C3D85C01D00CF4E08A4DD566A7FCA1394EF97485258D04C34D039B3D14AAEF35D7AF5BB6EC87F460FC5522CBAD94FD570DD9C6F20506B6AFE73D584746E9524822BAC39A38CD8FA36FF94915A5779854E6C93F694D2B2DF5146E2A9796FEA33953829B3F9AC3B2FC08E46C00FB7D0D7919B43DEF11E5CEF94164CB9C5C0439A732541B9951D442E48303E12AF2016DB8734AD1ED372078C3F530AE254215DBD39942AE05ECED14F5B0873218A0DFBBA4D97C442F7ACBFC824C2474E849D2CBA5F59F76C0D300736E72681B30ED7D70F5C5048E"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1164)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\KeyScramblerLogon.dll
c:\program files\Common Files\SPBA\homefus2.dll
c:\program files\Common Files\SPBA\infql2.dll
c:\program files\Common Files\SPBA\homepass.dll
c:\program files\Common Files\SPBA\bio.dll
c:\program files\Common Files\SPBA\qlbase.dll
c:\program files\Common Files\SPBA\vtapipql.dll
c:\windows\system32\cbfsNetRdr4.dll
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'lsass.exe'(1236)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(2856)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\documents and settings\Jay\Application Data\Dropbox\bin\DropboxExt.17.dll
c:\windows\system32\cbfsMntNtf4.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\windows\system32\btmmhook.dll
c:\windows\system32\cbfsNetRdr4.dll
c:\windows\system32\netprovcredman.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
- - - - - - - > 'csrss.exe'(1128)
c:\windows\system32\cmdcsr.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Intel\WiFi\bin\WLKeeper.exe
c:\program files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre1.7.0_09\bin\jqs.exe
c:\program files\Input Director\InputDirectorSessionHelper.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\SIGMATEL\C-MAJOR AUDIO\WDM\STSYSTRA.EXE
c:\documents and settings\Jay\Desktop\DESKTOP\DESKTOP NOV 09\procexp.exe
.
**************************************************************************
.
Completion time: 2012-12-25 01:56:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-24 18:56
.
Pre-Run: 205,966,512,128 bytes free
Post-Run: 206,389,903,360 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft WinXP" /fastdetect /noexecute=optin
[spybotsd]
timeout.old=0
.
- - End Of File - - B3B05BAEA88653681FCA73BBFD0322F9

#9 Jayman007

Jayman007
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 25 December 2012 - 01:41 AM

The asmMBR scan seemed to have given me errors and crashed.

The first time I left it running overnight I came back to a BSOD.

Also, even though combo fix claims to have installed the cmd console, I am unable to boot to it, get an error when I try. I would very much like to get the command console working from the boot menu.

Thanks.

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:09 PM

Posted 25 December 2012 - 10:12 AM

Hi Jason,

Merry Christmas!

I am unable to boot to it, get an error when I try

What is the error?

Please run this for me.


===================================================


Run TDSSKiller by Kaspersky on XP

--------------------

  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Double-click on TDSSKiller.exe.
  • When the program opens, click the Start Scan button.


    Posted Image

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found, will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.


    Posted Image

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!


    Posted Image

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#11 Jayman007

Jayman007
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 25 December 2012 - 03:44 PM

I will get the error to the console issue and then post that next.


03:45:21.0328 2816 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
03:45:22.0343 2816 ============================================================
03:45:22.0343 2816 Current date / time: 2012/12/26 03:45:22.0343
03:45:22.0343 2816 SystemInfo:
03:45:22.0343 2816
03:45:22.0343 2816 OS Version: 5.1.2600 ServicePack: 3.0
03:45:22.0343 2816 Product type: Workstation
03:45:22.0343 2816 ComputerName: ME
03:45:22.0343 2816 UserName: Jay
03:45:22.0343 2816 Windows directory: C:\WINDOWS
03:45:22.0343 2816 System windows directory: C:\WINDOWS
03:45:22.0343 2816 Processor architecture: Intel x86
03:45:22.0343 2816 Number of processors: 2
03:45:22.0343 2816 Page size: 0x1000
03:45:22.0343 2816 Boot type: Normal boot
03:45:22.0343 2816 ============================================================
03:45:23.0812 2816 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
03:45:23.0828 2816 ============================================================
03:45:23.0828 2816 \Device\Harddisk0\DR0:
03:45:23.0828 2816 MBR partitions:
03:45:23.0828 2816 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1E848000
03:45:23.0828 2816 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E848800, BlocksNum 0x38CFD800
03:45:23.0828 2816 ============================================================
03:45:23.0828 2816 C: <-> \Device\Harddisk0\DR0\Partition1
03:45:23.0843 2816 D: <-> \Device\Harddisk0\DR0\Partition2
03:45:23.0843 2816 ============================================================
03:45:23.0843 2816 Initialize success
03:45:23.0843 2816 ============================================================
03:45:25.0687 3408 ============================================================
03:45:25.0687 3408 Scan started
03:45:25.0687 3408 Mode: Manual;
03:45:25.0687 3408 ============================================================
03:45:26.0750 3408 ================ Scan system memory ========================
03:45:27.0437 3408 System memory - ok
03:45:27.0437 3408 ================ Scan services =============================
03:45:27.0515 3408 [ 914A9709FC3BF419AD2F85547F2A4832 ] 61883 C:\WINDOWS\system32\DRIVERS\61883.sys
03:45:27.0515 3408 61883 - ok
03:45:27.0531 3408 [ A8A4E18857CDFD8D9AB81E2C9EAF89B5 ] a2acc C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
03:45:27.0531 3408 a2acc - ok
03:45:27.0609 3408 [ C4E10EC33D82B3EA2C56199A13706E71 ] a2AntiMalware C:\Program Files\Emsisoft Anti-Malware\a2service.exe
03:45:27.0625 3408 a2AntiMalware - ok
03:45:27.0625 3408 [ F7EABCA8375EA2DC6F35C4BCA4757515 ] A2DDA C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
03:45:27.0625 3408 A2DDA - ok
03:45:27.0640 3408 [ 03BFDFAE9D150D43F4A19B5FBB892591 ] a2injectiondriver C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
03:45:27.0640 3408 a2injectiondriver - ok
03:45:27.0640 3408 [ 2DA26EB05B5495D3B2EE36456C239FB7 ] a2util C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
03:45:27.0640 3408 a2util - ok
03:45:27.0671 3408 [ CC1A408EC55B58531E75E8A3100C1F99 ] ABBYY.Licensing.FineReader.Professional.10.0 C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
03:45:27.0671 3408 ABBYY.Licensing.FineReader.Professional.10.0 - ok
03:45:27.0687 3408 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
03:45:27.0687 3408 abp480n5 - ok
03:45:27.0703 3408 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
03:45:27.0703 3408 ACPI - ok
03:45:27.0703 3408 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
03:45:27.0703 3408 ACPIEC - ok
03:45:27.0734 3408 [ 42C431FFFC4277F4EE98A9F97ADEE886 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
03:45:27.0750 3408 AcrSch2Svc - ok
03:45:27.0765 3408 [ 99721E1DAC2C89E8202F70B773FB14F4 ] ADExchange C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe
03:45:27.0765 3408 ADExchange - ok
03:45:27.0781 3408 [ 4BC381316F422F3A5D5A957D3AA2224E ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
03:45:27.0781 3408 Adobe LM Service - ok
03:45:27.0796 3408 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
03:45:27.0796 3408 AdobeFlashPlayerUpdateSvc - ok
03:45:27.0796 3408 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
03:45:27.0796 3408 adpu160m - ok
03:45:27.0812 3408 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
03:45:27.0812 3408 aec - ok
03:45:27.0812 3408 [ 30BB1BDE595CA65FD5549462080D94E5 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
03:45:27.0812 3408 AegisP - ok
03:45:27.0828 3408 [ 4FA0CA536DAB995BAF48BD41B4E2ED00 ] afcdp C:\WINDOWS\system32\DRIVERS\afcdp.sys
03:45:27.0828 3408 afcdp - ok
03:45:27.0906 3408 [ 8B333E7FF3147A63B15975B512364466 ] afcdpsrv C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
03:45:27.0921 3408 afcdpsrv - ok
03:45:27.0921 3408 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
03:45:27.0921 3408 AFD - ok
03:45:27.0937 3408 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
03:45:27.0937 3408 agp440 - ok
03:45:27.0937 3408 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
03:45:27.0937 3408 agpCPQ - ok
03:45:27.0953 3408 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
03:45:27.0953 3408 Aha154x - ok
03:45:27.0953 3408 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
03:45:27.0968 3408 aic78u2 - ok
03:45:27.0968 3408 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
03:45:27.0968 3408 aic78xx - ok
03:45:27.0984 3408 [ EA22E1470AC5E15FF7B4A5A677F4F5C0 ] AKEProtect C:\Program Files\Anti Keylogger Elite\AKEProtect.sys
03:45:27.0984 3408 AKEProtect - ok
03:45:27.0984 3408 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
03:45:27.0984 3408 Alerter - ok
03:45:28.0000 3408 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
03:45:28.0000 3408 ALG - ok
03:45:28.0000 3408 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
03:45:28.0000 3408 AliIde - ok
03:45:28.0015 3408 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
03:45:28.0015 3408 alim1541 - ok
03:45:28.0015 3408 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
03:45:28.0015 3408 amdagp - ok
03:45:28.0031 3408 [ 81EF334CDA7A222CE88F41B7697B86F4 ] AmgHips C:\WINDOWS\system32\Drivers\AmgHips.sys
03:45:28.0031 3408 AmgHips - ok
03:45:28.0031 3408 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
03:45:28.0031 3408 amsint - ok
03:45:28.0046 3408 [ 3AB70FEF6E7CF289706A6487BCE64FAB ] AntiLog32 C:\WINDOWS\system32\drivers\AntiLog32.sys
03:45:28.0046 3408 AntiLog32 - ok
03:45:28.0046 3408 [ F0B673589B3D371008A1539F9AE13EF4 ] AnyDVD C:\WINDOWS\system32\Drivers\AnyDVD.sys
03:45:28.0062 3408 AnyDVD - ok
03:45:28.0062 3408 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
03:45:28.0062 3408 AppMgmt - ok
03:45:28.0078 3408 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
03:45:28.0078 3408 Arp1394 - ok
03:45:28.0078 3408 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
03:45:28.0078 3408 asc - ok
03:45:28.0093 3408 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
03:45:28.0093 3408 asc3350p - ok
03:45:28.0093 3408 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
03:45:28.0093 3408 asc3550 - ok
03:45:28.0140 3408 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
03:45:28.0140 3408 aspnet_state - ok
03:45:28.0156 3408 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
03:45:28.0156 3408 AsyncMac - ok
03:45:28.0156 3408 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
03:45:28.0156 3408 atapi - ok
03:45:28.0171 3408 [ 3B11BE07AF444314794372AF5D7C9A5A ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
03:45:28.0171 3408 Ati HotKey Poller - ok
03:45:28.0218 3408 [ 2573C08729DD52B7B4F18DF1592E0B37 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
03:45:28.0218 3408 ati2mtag - ok
03:45:28.0234 3408 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
03:45:28.0234 3408 Atmarpc - ok
03:45:28.0250 3408 [ F1FDA4D368F8B0A388F6DE5440483845 ] ATTRcAppSvc C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
03:45:28.0250 3408 ATTRcAppSvc - ok
03:45:28.0250 3408 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
03:45:28.0250 3408 AudioSrv - ok
03:45:28.0265 3408 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
03:45:28.0265 3408 audstub - ok
03:45:28.0265 3408 [ F8E6956A614F15A0860474C5E2A7DE6B ] Avc C:\WINDOWS\system32\DRIVERS\avc.sys
03:45:28.0265 3408 Avc - ok
03:45:28.0281 3408 [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
03:45:28.0281 3408 bcm4sbxp - ok
03:45:28.0296 3408 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
03:45:28.0296 3408 Beep - ok
03:45:28.0312 3408 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
03:45:28.0312 3408 BITS - ok
03:45:28.0312 3408 [ 6B9D1584A86D7451E1AAC3C4F4131514 ] bizVSerial C:\WINDOWS\system32\drivers\bizVSerialNT.sys
03:45:28.0312 3408 bizVSerial - ok
03:45:28.0328 3408 [ EEFC905EA89AE50007583A16BCC7A881 ] Bonjour Service C:\Program Files\Gizmo Project\mDNSResponder.exe
03:45:28.0328 3408 Bonjour Service - ok
03:45:28.0343 3408 [ 2F64EAE8C8864AAA3AE8CE0E58B8CC68 ] BootlogService C:\Program Files\Greatis\BootLog XP\BootLogService.exe
03:45:28.0343 3408 BootlogService - ok
03:45:28.0343 3408 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
03:45:28.0343 3408 Browser - ok
03:45:28.0359 3408 [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
03:45:28.0359 3408 BrScnUsb - ok
03:45:28.0375 3408 [ B6E16DA77EAFE84A8C5BC44784FEEAEA ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
03:45:28.0375 3408 btaudio - ok
03:45:28.0390 3408 [ 58A49BD10E08D3D4333A60DEDCB1CED8 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
03:45:28.0390 3408 BTDriver - ok
03:45:28.0390 3408 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
03:45:28.0390 3408 BthEnum - ok
03:45:28.0406 3408 [ FCF500C9E89E193E038DCFCDBA6AA032 ] BtHidBus C:\WINDOWS\system32\Drivers\BtHidBus.sys
03:45:28.0406 3408 BtHidBus - ok
03:45:28.0406 3408 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
03:45:28.0406 3408 BthPan - ok
03:45:28.0421 3408 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
03:45:28.0421 3408 BTHPORT - ok
03:45:28.0421 3408 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
03:45:28.0437 3408 BthServ - ok
03:45:28.0437 3408 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
03:45:28.0437 3408 BTHUSB - ok
03:45:28.0468 3408 [ EF5E0DE0A7CA2977A9255F36F4D915AB ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
03:45:28.0468 3408 BTKRNL - ok
03:45:28.0484 3408 [ 7BB8AC22BC9E6A1E7707DAECADA95CD9 ] btnetBUs C:\WINDOWS\system32\Drivers\btnetBus.sys
03:45:28.0484 3408 btnetBUs - ok
03:45:28.0500 3408 [ FAC8968CE8EFBC0E418FC978A1F174D9 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
03:45:28.0500 3408 btwdins - ok
03:45:28.0500 3408 [ 80F61DE965C116051614AC2F04222FF7 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
03:45:28.0500 3408 BTWDNDIS - ok
03:45:28.0515 3408 [ E48668B4A6A5CF68B33AECAD18EE8E1E ] btwhid C:\WINDOWS\system32\DRIVERS\btwhid.sys
03:45:28.0515 3408 btwhid - ok
03:45:28.0515 3408 [ 8BCD7BFE9C70A8FF7444263435B18AA1 ] btwmodem C:\WINDOWS\system32\DRIVERS\btwmodem.sys
03:45:28.0515 3408 btwmodem - ok
03:45:28.0531 3408 [ 053DC5BE74621B63BB48C2B86BAFC7B0 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
03:45:28.0531 3408 BTWUSB - ok
03:45:28.0531 3408 [ 647C1626114E789C5B8AB8E9C33C04BC ] bvrp_pci C:\WINDOWS\system32\drivers\bvrp_pci.sys
03:45:28.0531 3408 bvrp_pci - ok
03:45:28.0546 3408 catchme - ok
03:45:28.0546 3408 [ DB8E91CE573640454B18A21A6CC420F6 ] cbfs4 C:\WINDOWS\system32\drivers\cbfs4.sys
03:45:28.0562 3408 cbfs4 - ok
03:45:28.0562 3408 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
03:45:28.0562 3408 cbidf - ok
03:45:28.0578 3408 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
03:45:28.0578 3408 cbidf2k - ok
03:45:28.0578 3408 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
03:45:28.0578 3408 CCDECODE - ok
03:45:28.0625 3408 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
03:45:28.0625 3408 cd20xrnt - ok
03:45:28.0671 3408 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
03:45:28.0671 3408 Cdaudio - ok
03:45:28.0703 3408 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
03:45:28.0703 3408 Cdfs - ok
03:45:28.0718 3408 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
03:45:28.0734 3408 Cdrom - ok
03:45:28.0765 3408 [ 61305C679E5766A03A09C0E966939206 ] CFRMD C:\WINDOWS\system32\DRIVERS\CFRMD.sys
03:45:28.0765 3408 CFRMD - ok
03:45:28.0843 3408 [ 56A3EB5472D27B2224358A5CECEFE410 ] CGVPNCliSrvc C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
03:45:28.0859 3408 CGVPNCliSrvc - ok
03:45:28.0875 3408 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
03:45:28.0875 3408 CiSvc - ok
03:45:28.0875 3408 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
03:45:28.0890 3408 ClipSrv - ok
03:45:28.0890 3408 [ BEDDE57D8AF6509AF32E74A87583E89C ] CLPSLauncher C:\Program Files\Common Files\Comodo\launcher_service.exe
03:45:28.0890 3408 CLPSLauncher - ok
03:45:28.0906 3408 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:45:28.0906 3408 clr_optimization_v2.0.50727_32 - ok
03:45:28.0921 3408 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:45:28.0921 3408 clr_optimization_v4.0.30319_32 - ok
03:45:28.0937 3408 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
03:45:28.0937 3408 CmBatt - ok
03:45:28.0984 3408 [ 2A2D72271844C52F004901A60312B96A ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
03:45:29.0000 3408 cmdAgent - ok
03:45:29.0015 3408 [ 26F9E72754B2DBC53977E92B647A6ABA ] cmderd C:\WINDOWS\system32\DRIVERS\cmderd.sys
03:45:29.0015 3408 cmderd - ok
03:45:29.0031 3408 [ 9181CC4D007ADBE21DB9A11BFECAFEF5 ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
03:45:29.0031 3408 cmdGuard - ok
03:45:29.0031 3408 [ C5A9FB50E8CA7FD99F256255FEE71580 ] cmdHlp C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
03:45:29.0031 3408 cmdHlp - ok
03:45:29.0046 3408 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
03:45:29.0046 3408 CmdIde - ok
03:45:29.0062 3408 [ FE9AE698DC0772D43B8CEE78725BC7E6 ] CommIpw C:\WINDOWS\system32\DRIVERS\commipw.sys
03:45:29.0062 3408 CommIpw - ok
03:45:29.0062 3408 [ 0B4960731BF6A8C72056EFAED755B783 ] COMMSYM C:\WINDOWS\system32\DRIVERS\commsym.sys
03:45:29.0078 3408 COMMSYM - ok
03:45:29.0078 3408 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
03:45:29.0078 3408 Compbatt - ok
03:45:29.0093 3408 COMSysApp - ok
03:45:29.0109 3408 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
03:45:29.0109 3408 Cpqarray - ok
03:45:29.0125 3408 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys
03:45:29.0125 3408 cpudrv - ok
03:45:29.0140 3408 [ C2EB4539A4F6AB6EDD01BDC191619975 ] cpuz135 C:\WINDOWS\system32\drivers\cpuz135_x32.sys
03:45:29.0140 3408 cpuz135 - ok
03:45:29.0140 3408 [ 6074F74E60B18EEC03ADDDC45A46CC5E ] crpf C:\WINDOWS\system32\drivers\crpf.sys
03:45:29.0140 3408 crpf - ok
03:45:29.0156 3408 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
03:45:29.0156 3408 CryptSvc - ok
03:45:29.0156 3408 [ 70CAFAE4F44118991912FC8888AE9A92 ] csdf C:\WINDOWS\system32\drivers\csdf.sys
03:45:29.0156 3408 csdf - ok
03:45:29.0171 3408 [ 89CA27ED0EBD13FB0FF00DDCD5B48C39 ] CSN5PDTS82 C:\WINDOWS\system32\Drivers\CSN5PDTS82.sys
03:45:29.0171 3408 CSN5PDTS82 - ok
03:45:29.0171 3408 CSN5PDTS82x64 - ok
03:45:29.0187 3408 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
03:45:29.0187 3408 dac2w2k - ok
03:45:29.0203 3408 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
03:45:29.0203 3408 dac960nt - ok
03:45:29.0218 3408 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
03:45:29.0218 3408 DcomLaunch - ok
03:45:29.0218 3408 [ 8D8BC91B40CB413BF54B5154CB1F52DA ] DCSPGSRV C:\Program Files\ProcessGuard\dcsuserprot.exe
03:45:29.0234 3408 DCSPGSRV - ok
03:45:29.0234 3408 [ 13E9D581F1D3E769D3F359A7BAB89976 ] DefragFS C:\WINDOWS\system32\drivers\DefragFS.sys
03:45:29.0234 3408 DefragFS - ok
03:45:29.0250 3408 [ 92AE26F2CAF4A67E24A0BA6DDF32CC3C ] DfSdkS C:\Program Files\Ashampoo\Ashampoo HDD Control\Dfsdks.exe
03:45:29.0265 3408 DfSdkS - ok
03:45:29.0265 3408 dgderdrv - ok
03:45:29.0281 3408 [ 8D949255EDC6F4AA87730B8472106591 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
03:45:29.0281 3408 dg_ssudbus - ok
03:45:29.0281 3408 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
03:45:29.0281 3408 Dhcp - ok
03:45:29.0296 3408 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
03:45:29.0296 3408 Disk - ok
03:45:29.0296 3408 [ 1D95D36DB805787D54EB50E45ED4AF40 ] DLPortIO C:\WINDOWS\system32\DRIVERS\DLPortIO.SYS
03:45:29.0296 3408 DLPortIO - ok
03:45:29.0312 3408 dmadmin - ok
03:45:29.0328 3408 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
03:45:29.0343 3408 dmboot - ok
03:45:29.0343 3408 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
03:45:29.0343 3408 dmio - ok
03:45:29.0359 3408 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
03:45:29.0359 3408 dmload - ok
03:45:29.0359 3408 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
03:45:29.0359 3408 dmserver - ok
03:45:29.0375 3408 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
03:45:29.0375 3408 DMusic - ok
03:45:29.0390 3408 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
03:45:29.0390 3408 Dnscache - ok
03:45:29.0421 3408 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
03:45:29.0421 3408 Dot3svc - ok
03:45:29.0468 3408 [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] Dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
03:45:29.0468 3408 Dot4 - ok
03:45:29.0468 3408 [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
03:45:29.0468 3408 Dot4Print - ok
03:45:29.0484 3408 [ 6EC3AF6BB5B30E488A0C559921F012E1 ] dot4usb C:\WINDOWS\system32\DRIVERS\dot4usb.sys
03:45:29.0484 3408 dot4usb - ok
03:45:29.0484 3408 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
03:45:29.0484 3408 dpti2o - ok
03:45:29.0531 3408 [ 02F0870C07872CC506C33E79883082B3 ] DragonUpdater C:\Program Files\Comodo\Dragon\dragon_updater.exe
03:45:29.0546 3408 DragonUpdater - ok
03:45:29.0546 3408 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
03:45:29.0546 3408 drmkaud - ok
03:45:29.0578 3408 [ D61C44038A58FC8A9396432545B3CA2D ] DrvSnSht C:\Program Files\R-Drive Image\DrvSnSht.sys
03:45:29.0578 3408 DrvSnSht - ok
03:45:29.0578 3408 [ 2AC2372FFAD9ADC85672CC8E8AE14BE9 ] DSproct C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
03:45:29.0578 3408 DSproct - ok
03:45:29.0593 3408 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
03:45:29.0593 3408 E100B - ok
03:45:29.0609 3408 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
03:45:29.0609 3408 EapHost - ok
03:45:29.0609 3408 [ D82414EC520453EFE2EBA936F6A9115A ] EAPPkt C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
03:45:29.0609 3408 EAPPkt - ok
03:45:29.0625 3408 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
03:45:29.0625 3408 ehRecvr - ok
03:45:29.0625 3408 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
03:45:29.0640 3408 ehSched - ok
03:45:29.0640 3408 [ 676404927734CD79D1C20A22B8E76CCA ] Ekauio C:\WINDOWS\system32\DRIVERS\ekauio.sys
03:45:29.0640 3408 Ekauio - ok
03:45:29.0640 3408 [ 76CAD4F1291990FC47824B845032E997 ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
03:45:29.0640 3408 ElbyCDIO - ok
03:45:29.0656 3408 [ 9913EA82A935940D5DFEC4A04FF54CE4 ] ElRawDisk C:\WINDOWS\system32\drivers\elrawdsk.sys
03:45:29.0656 3408 ElRawDisk - ok
03:45:29.0656 3408 [ F07BA56B0235F15EFF8F10DC6389C42E ] epmntdrv C:\WINDOWS\system32\epmntdrv.sys
03:45:29.0656 3408 epmntdrv - ok
03:45:29.0671 3408 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
03:45:29.0671 3408 ERSvc - ok
03:45:29.0671 3408 [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv C:\WINDOWS\system32\EuGdiDrv.sys
03:45:29.0671 3408 EuGdiDrv - ok
03:45:29.0687 3408 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
03:45:29.0687 3408 Eventlog - ok
03:45:29.0703 3408 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
03:45:29.0703 3408 EventSystem - ok
03:45:29.0703 3408 [ D92AFAE1AF76AB9CC31B479DE74A1D4D ] evserial C:\WINDOWS\system32\DRIVERS\evserial.sys
03:45:29.0703 3408 evserial - ok
03:45:29.0734 3408 [ 7635B73FEC87F78E3A2D7ABAA5AC89B0 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
03:45:29.0750 3408 EvtEng - ok
03:45:29.0765 3408 [ 81A65244D3FFBEDA568576BB72B510F2 ] Ext2Fsd C:\WINDOWS\system32\drivers\Ext2Fsd.sys
03:45:29.0781 3408 Ext2Fsd - ok
03:45:29.0781 3408 Ext2Mgr - ok
03:45:29.0796 3408 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
03:45:29.0796 3408 Fastfat - ok
03:45:29.0796 3408 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
03:45:29.0796 3408 FastUserSwitchingCompatibility - ok
03:45:29.0812 3408 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
03:45:29.0812 3408 Fax - ok
03:45:29.0828 3408 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
03:45:29.0828 3408 Fdc - ok
03:45:29.0828 3408 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
03:45:29.0828 3408 Fips - ok
03:45:29.0843 3408 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
03:45:29.0843 3408 Flpydisk - ok
03:45:29.0843 3408 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
03:45:29.0843 3408 FltMgr - ok
03:45:29.0859 3408 [ 5043F0D9A22AABF550508B3165C5B0FD ] FolderSize C:\Program Files\FolderSize\FolderSizeSvc.exe
03:45:29.0859 3408 FolderSize - ok
03:45:29.0859 3408 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
03:45:29.0859 3408 FontCache3.0.0.0 - ok
03:45:29.0875 3408 [ 455332715ACFE0F378A5C0DC5E96ED5A ] Franson GpsGate 2.0 C:\Program Files\Franson\GpsGate 2.0\GpsGateService.exe
03:45:29.0875 3408 Franson GpsGate 2.0 - ok
03:45:29.0875 3408 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
03:45:29.0890 3408 Fs_Rec - ok
03:45:29.0890 3408 [ A36E8BEEDB3AACA09BF55A1D17904BC8 ] FTDIBUS C:\WINDOWS\system32\drivers\ftdibus.sys
03:45:29.0890 3408 FTDIBUS - ok
03:45:29.0906 3408 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
03:45:29.0906 3408 Ftdisk - ok
03:45:29.0906 3408 [ A14A1F4BB391DF9C233CB5DBD05FEB70 ] FTSER2K C:\WINDOWS\system32\drivers\ftser2k.sys
03:45:29.0906 3408 FTSER2K - ok
03:45:29.0921 3408 [ 0D015D3584704EC814A58276232F143B ] Futuremark SystemInfo Service C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe
03:45:29.0921 3408 Futuremark SystemInfo Service - ok
03:45:29.0937 3408 [ EED162761C2727EEC78D29A48239B49A ] gfi_lanss9_attservice C:\Program Files\GFI\LANguard 9.0\lnssatt.exe
03:45:29.0937 3408 gfi_lanss9_attservice - ok
03:45:29.0937 3408 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS\system32\giveio.sys
03:45:29.0937 3408 giveio - ok
03:45:29.0953 3408 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
03:45:29.0953 3408 Gpc - ok
03:45:29.0953 3408 [ 6003BC70F1A8307262BD3C941BDA0B7E ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
03:45:29.0953 3408 grmnusb - ok
03:45:29.0968 3408 [ 20A940D96E69BE65F9B6E4695BAAC6DC ] GT72NDISIPXP C:\WINDOWS\system32\DRIVERS\Gt51Ip.sys
03:45:29.0968 3408 GT72NDISIPXP - ok
03:45:29.0968 3408 [ 1678D49EA3E76CCABDE89D7B26D5061C ] GT72UBUS C:\WINDOWS\system32\DRIVERS\gt72ubus.sys
03:45:29.0968 3408 GT72UBUS - ok
03:45:29.0984 3408 [ 7BB49662D16E8528399668A95F4BBC28 ] GtDetectSc C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
03:45:29.0984 3408 GtDetectSc - ok
03:45:29.0984 3408 [ 346DDAEFA04E49AD804EE12D4BAA0ED3 ] GTPTSER C:\WINDOWS\system32\DRIVERS\gtptser.sys
03:45:29.0984 3408 GTPTSER - ok
03:45:30.0000 3408 [ 85F49734496C896EA0F357F40F7C4E13 ] GTSCSER C:\WINDOWS\system32\DRIVERS\gtscser.sys
03:45:30.0000 3408 GTSCSER - ok
03:45:30.0000 3408 gupdate1c9ce7e24e1579e - ok
03:45:30.0015 3408 gupdatem - ok
03:45:30.0015 3408 [ 5467F1FF0AF264566740F67E8B810735 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
03:45:30.0015 3408 gusvc - ok
03:45:30.0031 3408 [ 9F40FC2A562DC9F4D9E10943586D9ED1 ] hcmon C:\WINDOWS\system32\drivers\hcmon.sys
03:45:30.0031 3408 hcmon - ok
03:45:30.0031 3408 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
03:45:30.0046 3408 HDAudBus - ok
03:45:30.0046 3408 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
03:45:30.0046 3408 helpsvc - ok
03:45:30.0046 3408 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
03:45:30.0062 3408 HidServ - ok
03:45:30.0062 3408 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
03:45:30.0062 3408 HidUsb - ok
03:45:30.0078 3408 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
03:45:30.0078 3408 hkmsvc - ok
03:45:30.0078 3408 HNMQL - ok
03:45:30.0093 3408 [ D93B68682A379A076A2C60BEFBDF9818 ] HopperP C:\WINDOWS\system32\DRIVERS\hopperp.sys
03:45:30.0093 3408 HopperP - ok
03:45:30.0093 3408 [ 798E35F48EB94E749FA34B620B801E3F ] hotcore C:\WINDOWS\system32\drivers\hotcore.sys
03:45:30.0093 3408 hotcore - ok
03:45:30.0109 3408 [ 1BDAA8BAF47F4CD68F4EE65F49302DB8 ] hotcore3 C:\WINDOWS\system32\DRIVERS\hotcore3.sys
03:45:30.0109 3408 hotcore3 - ok
03:45:30.0109 3408 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
03:45:30.0109 3408 hpn - ok
03:45:30.0125 3408 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
03:45:30.0125 3408 HPZid412 - ok
03:45:30.0125 3408 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
03:45:30.0125 3408 HPZipr12 - ok
03:45:30.0140 3408 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
03:45:30.0140 3408 HPZius12 - ok
03:45:30.0140 3408 [ 1C8CAA80E91FB71864E9426F9EED048D ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
03:45:30.0140 3408 HSFHWAZL - ok
03:45:30.0171 3408 [ 698204D9C2832E53633E53A30A53FC3D ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
03:45:30.0171 3408 HSF_DPV - ok
03:45:30.0187 3408 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
03:45:30.0187 3408 HTTP - ok
03:45:30.0187 3408 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
03:45:30.0203 3408 HTTPFilter - ok
03:45:30.0203 3408 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
03:45:30.0203 3408 i2omgmt - ok
03:45:30.0218 3408 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
03:45:30.0218 3408 i2omp - ok
03:45:30.0218 3408 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
03:45:30.0218 3408 i8042prt - ok
03:45:30.0234 3408 [ 6ECB3B42E84F6B73A5D57FB13DDE74F9 ] IceDragonUpdater C:\Program Files\Comodo\IceDragon\icedragon_updater.exe
03:45:30.0234 3408 IceDragonUpdater - ok
03:45:30.0250 3408 [ 681887CF1AB16171DBBC7A9FD3BB108B ] IDMTDI C:\WINDOWS\system32\DRIVERS\idmtdi.sys
03:45:30.0250 3408 IDMTDI - ok
03:45:30.0281 3408 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
03:45:30.0296 3408 idsvc - ok
03:45:30.0296 3408 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
03:45:30.0296 3408 Imapi - ok
03:45:30.0312 3408 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
03:45:30.0312 3408 ImapiService - ok
03:45:30.0328 3408 [ BC9C2EF22EE0320C079E3FF9B4D29951 ] INFUNLTD C:\WINDOWS\system32\drivers\SiUSBXp.sys
03:45:30.0328 3408 INFUNLTD - ok
03:45:30.0328 3408 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
03:45:30.0328 3408 ini910u - ok
03:45:30.0343 3408 [ 4FDEAF9AC6F51A355E5A8F124B55F072 ] InputDirector C:\Program Files\Input Director\IDWinService.exe
03:45:30.0343 3408 InputDirector - ok
03:45:30.0343 3408 [ E1DF634BEC066B3D4FFE437BCB78C282 ] Inspect C:\WINDOWS\system32\DRIVERS\inspect.sys
03:45:30.0359 3408 Inspect - ok
03:45:30.0359 3408 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
03:45:30.0359 3408 IntelIde - ok
03:45:30.0375 3408 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
03:45:30.0375 3408 intelppm - ok
03:45:30.0375 3408 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
03:45:30.0390 3408 IntuitUpdateService - ok
03:45:30.0390 3408 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
03:45:30.0390 3408 IntuitUpdateServiceV4 - ok
03:45:30.0406 3408 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
03:45:30.0406 3408 Ip6Fw - ok
03:45:30.0421 3408 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
03:45:30.0421 3408 IpFilterDriver - ok
03:45:30.0421 3408 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
03:45:30.0421 3408 IpInIp - ok
03:45:30.0437 3408 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
03:45:30.0437 3408 IpNat - ok
03:45:30.0437 3408 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
03:45:30.0437 3408 IPSec - ok
03:45:30.0453 3408 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
03:45:30.0453 3408 IRENUM - ok
03:45:30.0468 3408 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
03:45:30.0468 3408 isapnp - ok
03:45:30.0468 3408 [ 2F03CEB28307983F3B36216D35FFA5AA ] ISODrive C:\Program Files\UltraISO\drivers\ISODrive.sys
03:45:30.0468 3408 ISODrive - ok
03:45:30.0484 3408 [ D53D7ED7D85A18B0CD4626B88B6DA52A ] IvtBtBUs C:\WINDOWS\system32\Drivers\IvtBtBus.sys
03:45:30.0484 3408 IvtBtBUs - ok
03:45:30.0500 3408 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre1.7.0_09\bin\jqs.exe
03:45:30.0500 3408 JavaQuickStarterService - ok
03:45:30.0500 3408 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
03:45:30.0500 3408 Kbdclass - ok
03:45:30.0515 3408 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
03:45:30.0515 3408 kbdhid - ok
03:45:30.0515 3408 [ 1223A8B567FFDB4B8BB5F59E5F033FDB ] KeyScrambler C:\WINDOWS\system32\drivers\keyscrambler.sys
03:45:30.0515 3408 KeyScrambler - ok
03:45:30.0531 3408 kguard - ok
03:45:30.0546 3408 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
03:45:30.0546 3408 kmixer - ok
03:45:30.0546 3408 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
03:45:30.0546 3408 KSecDD - ok
03:45:30.0562 3408 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
03:45:30.0562 3408 lanmanserver - ok
03:45:30.0578 3408 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
03:45:30.0578 3408 lanmanworkstation - ok
03:45:30.0578 3408 [ B7C19EC8B0DD7EFA58AD41FFEB8B8CDA ] Lbd C:\WINDOWS\system32\DRIVERS\Lbd.sys
03:45:30.0578 3408 Lbd - ok
03:45:30.0593 3408 [ A9033333ED0C188EFA567BC2341763F8 ] LexBceS C:\WINDOWS\system32\LEXBCES.EXE
03:45:30.0609 3408 LexBceS - ok
03:45:30.0609 3408 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
03:45:30.0609 3408 LmHosts - ok
03:45:30.0625 3408 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
03:45:30.0625 3408 LMIInfo - ok
03:45:30.0625 3408 [ 490E370B6343CAAEC2A1BF1EA712E495 ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
03:45:30.0625 3408 LMIMaint - ok
03:45:30.0640 3408 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys
03:45:30.0640 3408 lmimirr - ok
03:45:30.0640 3408 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
03:45:30.0640 3408 LMIRfsDriver - ok
03:45:30.0656 3408 [ 9015122D04C195BDAB88FEBCBAE229DB ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
03:45:30.0656 3408 LogMeIn - ok
03:45:30.0671 3408 [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
03:45:30.0671 3408 LVRS - ok
03:45:30.0765 3408 [ 5BC80451109A8DD7F2DDD35BCE2929A3 ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
03:45:30.0796 3408 LVUVC - ok
03:45:30.0812 3408 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
03:45:30.0812 3408 MBAMProtector - ok
03:45:30.0843 3408 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
03:45:30.0843 3408 MBAMScheduler - ok
03:45:30.0890 3408 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
03:45:30.0890 3408 MBAMService - ok
03:45:30.0890 3408 [ 8FD868E32459ECE2A1BB0169F513D31E ] mcdbus C:\WINDOWS\system32\DRIVERS\mcdbus.sys
03:45:30.0906 3408 mcdbus - ok
03:45:30.0921 3408 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
03:45:30.0921 3408 MDM - ok
03:45:30.0921 3408 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
03:45:30.0921 3408 mdmxsdk - ok
03:45:30.0937 3408 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
03:45:30.0937 3408 Messenger - ok
03:45:30.0937 3408 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
03:45:30.0937 3408 MHN - ok
03:45:30.0953 3408 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
03:45:30.0953 3408 MHNDRV - ok
03:45:30.0953 3408 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
03:45:30.0953 3408 mnmdd - ok
03:45:30.0968 3408 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
03:45:30.0968 3408 mnmsrvc - ok
03:45:30.0984 3408 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
03:45:30.0984 3408 Modem - ok
03:45:30.0984 3408 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
03:45:30.0984 3408 MODEMCSA - ok
03:45:31.0000 3408 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
03:45:31.0000 3408 Mouclass - ok
03:45:31.0000 3408 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
03:45:31.0000 3408 mouhid - ok
03:45:31.0015 3408 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
03:45:31.0015 3408 MountMgr - ok
03:45:31.0015 3408 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
03:45:31.0031 3408 mraid35x - ok
03:45:31.0031 3408 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
03:45:31.0031 3408 MRxDAV - ok
03:45:31.0062 3408 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
03:45:31.0062 3408 MRxSmb - ok
03:45:31.0062 3408 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
03:45:31.0078 3408 MSDTC - ok
03:45:31.0093 3408 [ 1477849772712BAC69C144DCF2C9CE81 ] MSDV C:\WINDOWS\system32\DRIVERS\msdv.sys
03:45:31.0093 3408 MSDV - ok
03:45:31.0093 3408 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
03:45:31.0093 3408 Msfs - ok
03:45:31.0109 3408 MSIServer - ok
03:45:31.0109 3408 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
03:45:31.0109 3408 MSKSSRV - ok
03:45:31.0125 3408 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
03:45:31.0125 3408 MSPCLOCK - ok
03:45:31.0125 3408 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
03:45:31.0125 3408 MSPQM - ok
03:45:31.0140 3408 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
03:45:31.0140 3408 mssmbios - ok
03:45:31.0281 3408 [ 1B959A0614D575D0AB3B09095F0A8B83 ] MSSQL$MICROSOFTSMLBIZ C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
03:45:31.0359 3408 MSSQL$MICROSOFTSMLBIZ - ok
03:45:31.0390 3408 [ 1D1B22613EAB9287AF902398867BC93C ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
03:45:31.0390 3408 MSSQLServerADHelper - ok
03:45:31.0390 3408 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
03:45:31.0390 3408 MSTEE - ok
03:45:31.0406 3408 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
03:45:31.0406 3408 Mup - ok
03:45:31.0437 3408 [ 6965B3F7D2E699A012522B059C1E770B ] MyConnectionServer-24cecd90 C:\Program Files\MyConnection Server\msserver.exe
03:45:31.0453 3408 MyConnectionServer-24cecd90 - ok
03:45:31.0453 3408 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
03:45:31.0453 3408 NABTSFEC - ok
03:45:31.0484 3408 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
03:45:31.0484 3408 napagent - ok
03:45:31.0500 3408 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
03:45:31.0500 3408 NDIS - ok
03:45:31.0500 3408 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
03:45:31.0500 3408 NdisIP - ok
03:45:31.0515 3408 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
03:45:31.0515 3408 NdisTapi - ok
03:45:31.0515 3408 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
03:45:31.0515 3408 Ndisuio - ok
03:45:31.0531 3408 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
03:45:31.0531 3408 NdisWan - ok
03:45:31.0531 3408 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
03:45:31.0531 3408 NDProxy - ok
03:45:31.0546 3408 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
03:45:31.0546 3408 NetBIOS - ok
03:45:31.0546 3408 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
03:45:31.0546 3408 NetBT - ok
03:45:31.0562 3408 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
03:45:31.0562 3408 NetDDE - ok
03:45:31.0578 3408 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
03:45:31.0578 3408 NetDDEdsdm - ok
03:45:31.0578 3408 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
03:45:31.0578 3408 Netlogon - ok
03:45:31.0593 3408 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
03:45:31.0593 3408 Netman - ok
03:45:31.0609 3408 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
03:45:31.0609 3408 NetTcpPortSharing - ok
03:45:31.0656 3408 [ 71371ED9086A3D65F43967C89634E9A9 ] NETw3x32 C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
03:45:31.0671 3408 NETw3x32 - ok
03:45:31.0812 3408 [ 3BDC90D9B12B685944F2B0896AF5413C ] NETw5x32 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
03:45:31.0859 3408 NETw5x32 - ok
03:45:32.0046 3408 [ 72062B53186E4A3F5FCBC41EBB62B905 ] NETwLx32 C:\WINDOWS\system32\DRIVERS\NETwLx32.sys
03:45:32.0093 3408 NETwLx32 - ok
03:45:32.0109 3408 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
03:45:32.0109 3408 NIC1394 - ok
03:45:32.0125 3408 [ C0764D004E33D276E69CDA522824BF3C ] NitroDriverReadSpool8 C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
03:45:32.0125 3408 NitroDriverReadSpool8 - ok
03:45:32.0125 3408 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
03:45:32.0140 3408 Nla - ok
03:45:32.0140 3408 [ 06FE5405DA932CD4DEF1517B532F543A ] nlsX86cc C:\WINDOWS\system32\NLSSRV32.EXE
03:45:32.0140 3408 nlsX86cc - ok
03:45:32.0156 3408 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys
03:45:32.0156 3408 nm - ok
03:45:32.0156 3408 [ B4E87D4F40C57D036E821BD06DB1D1B7 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
03:45:32.0156 3408 nmwcd - ok
03:45:32.0171 3408 [ BEE0ADDF01D62725DDC2CC113D6B374C ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
03:45:32.0171 3408 nmwcdc - ok
03:45:32.0171 3408 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\WINDOWS\system32\drivers\npf.sys
03:45:32.0171 3408 NPF - ok
03:45:32.0187 3408 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
03:45:32.0187 3408 Npfs - ok
03:45:32.0187 3408 [ 53F7546E8DAEFB3A0813F5E19C4613C9 ] NSNDIS5 C:\WINDOWS\system32\NSNDIS5.SYS
03:45:32.0203 3408 NSNDIS5 - ok
03:45:32.0218 3408 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
03:45:32.0218 3408 Ntfs - ok
03:45:32.0234 3408 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
03:45:32.0234 3408 NtLmSsp - ok
03:45:32.0250 3408 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
03:45:32.0265 3408 NtmsSvc - ok
03:45:32.0265 3408 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
03:45:32.0265 3408 Null - ok
03:45:32.0312 3408 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
03:45:32.0328 3408 nv - ok
03:45:32.0328 3408 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
03:45:32.0328 3408 NwlnkFlt - ok
03:45:32.0343 3408 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
03:45:32.0343 3408 NwlnkFwd - ok
03:45:32.0343 3408 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
03:45:32.0343 3408 ohci1394 - ok
03:45:32.0359 3408 [ B17228142CEC9B3C222239FD935A37CA ] omci C:\WINDOWS\system32\DRIVERS\omci.sys
03:45:32.0359 3408 omci - ok
03:45:32.0375 3408 [ 3707A236D78BC96374CE167C39B21702 ] Omni-NFS Server C:\Program Files\Nfserver\nfsd.exe
03:45:32.0375 3408 Omni-NFS Server - ok
03:45:32.0375 3408 [ D0C7B1D8485C6EF7544FD65D8B3ACE7E ] OpenVPNService C:\Program Files\OpenVPN\bin\openvpnserv.exe
03:45:32.0375 3408 OpenVPNService - ok
03:45:32.0390 3408 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:45:32.0390 3408 ose - ok
03:45:32.0406 3408 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
03:45:32.0406 3408 Parport - ok
03:45:32.0421 3408 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
03:45:32.0421 3408 PartMgr - ok
03:45:32.0421 3408 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
03:45:32.0421 3408 ParVdm - ok
03:45:32.0437 3408 [ 5B756D92F0E3BCD9C8A7FCF4851223DD ] PCANDIS5_WIFISCAN.SYS C:\Program Files\eEye Digital Security\Retina Wireless Scanner\PCANDIS5_WIFISCAN.SYS
03:45:32.0437 3408 PCANDIS5_WIFISCAN.SYS - ok
03:45:32.0437 3408 [ 1961590AA191B6B7DCF18A6A693AF7B8 ] PCASp50 C:\WINDOWS\system32\Drivers\PCASp50.sys
03:45:32.0437 3408 PCASp50 - ok
03:45:32.0453 3408 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
03:45:32.0453 3408 pccsmcfd - ok
03:45:32.0453 3408 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
03:45:32.0453 3408 PCI - ok
03:45:32.0468 3408 PCIDump - ok
03:45:32.0468 3408 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
03:45:32.0484 3408 PCIIde - ok
03:45:32.0484 3408 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
03:45:32.0484 3408 Pcmcia - ok
03:45:32.0500 3408 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
03:45:32.0500 3408 pcouffin - ok
03:45:32.0515 3408 [ D6DA0B85889D8236E2A3E80826AD104B ] PCTINDIS5 C:\WINDOWS\system32\PCTINDIS5.SYS
03:45:32.0515 3408 PCTINDIS5 - ok
03:45:32.0562 3408 [ EAAA7462A31D15E7237798F2D931A211 ] PDAgent C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
03:45:32.0562 3408 PDAgent - ok
03:45:32.0625 3408 [ EF96BE5E0DB97AE7ED4B225C056C7755 ] PDEngine C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
03:45:32.0625 3408 PDEngine - ok
03:45:32.0640 3408 [ 4BF1B60276BE359158F0E68681713872 ] PDFSFilter C:\WINDOWS\system32\Drivers\PDFsFilter.sys
03:45:32.0640 3408 PDFSFilter - ok
03:45:32.0656 3408 [ DFC28ACE17E67DD4F96AD296338A4A0D ] PEEK5 C:\DOCUME~1\Jay\Desktop\WINAIR~1.6\PEEK5.SYS
03:45:32.0656 3408 PEEK5 - ok
03:45:32.0671 3408 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
03:45:32.0671 3408 perc2 - ok
03:45:32.0671 3408 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
03:45:32.0671 3408 perc2hib - ok
03:45:32.0703 3408 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
03:45:32.0703 3408 PlugPlay - ok
03:45:32.0703 3408 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
03:45:32.0718 3408 PolicyAgent - ok
03:45:32.0718 3408 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
03:45:32.0718 3408 PptpMiniport - ok
03:45:32.0750 3408 [ D3F3B511E2CE1E385C68C9881AD5B867 ] PRISM_USB C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys
03:45:32.0765 3408 PRISM_USB - ok
03:45:32.0765 3408 [ 7E92C69C6B7902F3578790769820067E ] procguard C:\WINDOWS\system32\drivers\procguard.sys
03:45:32.0765 3408 procguard - ok
03:45:32.0781 3408 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
03:45:32.0781 3408 ProtectedStorage - ok
03:45:32.0781 3408 [ E11741CA2A01B4E546BF1CC58CF7433E ] ProtectorDriver C:\Program Files\ZeroVulnerabilityLabs\ExploitShield\ExploitShield.sys
03:45:32.0796 3408 ProtectorDriver - ok
03:45:32.0812 3408 [ 64E413BA0C529AA40C3924BBCC4153DB ] ProtexisLicensing C:\WINDOWS\system32\PSIService.exe
03:45:32.0812 3408 ProtexisLicensing - ok
03:45:32.0812 3408 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf.sys
03:45:32.0812 3408 PSI - ok
03:45:32.0828 3408 [ C8EB36910D3BD582891977E80925E21E ] PSSDK42 C:\WINDOWS\system32\Drivers\pssdk42.sys
03:45:32.0828 3408 PSSDK42 - ok
03:45:32.0843 3408 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
03:45:32.0843 3408 Ptilink - ok
03:45:32.0843 3408 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
03:45:32.0843 3408 PxHelp20 - ok
03:45:32.0859 3408 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
03:45:32.0859 3408 ql1080 - ok
03:45:32.0859 3408 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
03:45:32.0859 3408 Ql10wnt - ok
03:45:32.0875 3408 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
03:45:32.0875 3408 ql12160 - ok
03:45:32.0875 3408 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
03:45:32.0875 3408 ql1240 - ok
03:45:32.0890 3408 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
03:45:32.0890 3408 ql1280 - ok
03:45:32.0906 3408 [ 4E618C61FB7EC993836C57A4FF094A32 ] R-ImageDisk C:\Program Files\R-Drive Image\R-ImageDisk.sys
03:45:32.0906 3408 R-ImageDisk - ok
03:45:32.0921 3408 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
03:45:32.0921 3408 RasAcd - ok
03:45:32.0921 3408 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
03:45:32.0921 3408 RasAuto - ok
03:45:32.0937 3408 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
03:45:32.0937 3408 Rasl2tp - ok
03:45:32.0953 3408 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
03:45:32.0953 3408 RasMan - ok
03:45:32.0953 3408 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
03:45:32.0953 3408 RasPppoe - ok
03:45:32.0968 3408 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
03:45:32.0968 3408 Raspti - ok
03:45:32.0984 3408 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
03:45:32.0984 3408 Rdbss - ok
03:45:32.0984 3408 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
03:45:32.0984 3408 RDPCDD - ok
03:45:33.0000 3408 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
03:45:33.0000 3408 rdpdr - ok
03:45:33.0015 3408 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
03:45:33.0031 3408 RDPWD - ok
03:45:33.0031 3408 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
03:45:33.0031 3408 RDSessMgr - ok
03:45:33.0046 3408 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
03:45:33.0046 3408 redbook - ok
03:45:33.0046 3408 [ 7634B1F964F8D5C12D3A2D0B8C458568 ] RegGuard C:\WINDOWS\system32\Drivers\regguard.sys
03:45:33.0062 3408 RegGuard - ok
03:45:33.0078 3408 [ 89D87FE52AF0D06B5E56C3517360CDD8 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
03:45:33.0078 3408 RegSrvc - ok
03:45:33.0093 3408 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
03:45:33.0093 3408 RemoteAccess - ok
03:45:33.0109 3408 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
03:45:33.0109 3408 RemoteRegistry - ok
03:45:33.0125 3408 [ 8B5B8A11306190C6963D3473F052D3C8 ] Revoflt C:\WINDOWS\system32\DRIVERS\revoflt.sys
03:45:33.0125 3408 Revoflt - ok
03:45:33.0125 3408 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
03:45:33.0125 3408 RFCOMM - ok
03:45:33.0140 3408 [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
03:45:33.0140 3408 rimmptsk - ok
03:45:33.0156 3408 [ DB8EB01C58C9FADA00C70B1775278AE0 ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
03:45:33.0156 3408 rimsptsk - ok
03:45:33.0156 3408 [ D9B34325EE5DF78B8F28A3DE9F577C7D ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
03:45:33.0156 3408 RimVSerPort - ok
03:45:33.0171 3408 [ 85D880C8520929A8FC07AECF7FA94432 ] risdptsk C:\WINDOWS\system32\DRIVERS\risdptsk.sys
03:45:33.0171 3408 risdptsk - ok
03:45:33.0171 3408 [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
03:45:33.0187 3408 rismxdp - ok
03:45:33.0187 3408 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
03:45:33.0187 3408 ROOTMODEM - ok
03:45:33.0203 3408 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
03:45:33.0203 3408 RpcLocator - ok
03:45:33.0218 3408 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
03:45:33.0218 3408 RpcSs - ok
03:45:33.0234 3408 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
03:45:33.0234 3408 RSVP - ok
03:45:33.0250 3408 [ 2E2E3A2D1BA5E540C32558F3F37D33E3 ] RTL8187B C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
03:45:33.0265 3408 RTL8187B - ok
03:45:33.0281 3408 [ FD0A03C5E862E3C0BCF4E9438D1878F4 ] RTL8192su C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
03:45:33.0296 3408 RTL8192su - ok
03:45:33.0312 3408 [ 0534004DB838FD5AE5F64E8D78A544DD ] RTLWUSB C:\WINDOWS\system32\DRIVERS\RTL8187.sys
03:45:33.0312 3408 RTLWUSB - ok
03:45:33.0343 3408 [ D272FC5581526D8D124C2A1B071FB3EF ] S24EventMonitor C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
03:45:33.0343 3408 S24EventMonitor - ok
03:45:33.0359 3408 [ 27FC71DA659305E260ACBDA15A318399 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
03:45:33.0359 3408 s24trans - ok
03:45:33.0359 3408 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
03:45:33.0375 3408 SamSs - ok
03:45:33.0375 3408 [ AC73C2AC747018BFEEFEEEEACA3520B9 ] SaxNDIS C:\WINDOWS\system32\drivers\saxndis.sys
03:45:33.0375 3408 SaxNDIS - ok
03:45:33.0390 3408 [ 6CDBA7934A4F48C1606DEB957CA30793 ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
03:45:33.0390 3408 SbieDrv - ok
03:45:33.0390 3408 [ 833539963E31EDD4DC0063FE9CF95701 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
03:45:33.0390 3408 SbieSvc - ok
03:45:33.0406 3408 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
03:45:33.0406 3408 SCardSvr - ok
03:45:33.0421 3408 [ BC7C602A9202429D37CCD07E7EBB6404 ] SCDEmu C:\WINDOWS\system32\drivers\SCDEmu.sys
03:45:33.0421 3408 SCDEmu - ok
03:45:33.0437 3408 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
03:45:33.0437 3408 Schedule - ok
03:45:33.0453 3408 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
03:45:33.0453 3408 sdbus - ok
03:45:33.0484 3408 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
03:45:33.0500 3408 SDScannerService - ok
03:45:33.0531 3408 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
03:45:33.0546 3408 SDUpdateService - ok
03:45:33.0562 3408 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
03:45:33.0562 3408 SDWSCService - ok
03:45:33.0578 3408 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
03:45:33.0578 3408 Secdrv - ok
03:45:33.0578 3408 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
03:45:33.0578 3408 seclogon - ok
03:45:33.0609 3408 [ F70A51EB03EE7046784EF62EFCE9528E ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
03:45:33.0625 3408 Secunia PSI Agent - ok
03:45:33.0656 3408 [ AD56CEB08EEB517332355FDE9E5939C8 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
03:45:33.0656 3408 Secunia Update Agent - ok
03:45:33.0671 3408 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
03:45:33.0671 3408 SENS - ok
03:45:33.0687 3408 [ AEBBA7428A6C40CCE3C5ABDE45190B24 ] Sentinel C:\WINDOWS\System32\Drivers\SENTINEL.SYS
03:45:33.0687 3408 Sentinel - ok
03:45:33.0687 3408 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
03:45:33.0687 3408 serenum - ok
03:45:33.0703 3408 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
03:45:33.0703 3408 Serial - ok
03:45:33.0734 3408 [ 3EC8DE67B1C78C31E54C0F030E6BD7D5 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
03:45:33.0734 3408 ServiceLayer - ok
03:45:33.0781 3408 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
03:45:33.0781 3408 sffdisk - ok
03:45:33.0781 3408 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
03:45:33.0796 3408 sffp_sd - ok
03:45:33.0796 3408 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
03:45:33.0796 3408 Sfloppy - ok
03:45:33.0812 3408 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
03:45:33.0812 3408 SharedAccess - ok
03:45:33.0828 3408 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
03:45:33.0828 3408 ShellHWDetection - ok
03:45:33.0843 3408 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
03:45:33.0843 3408 sisagp - ok
03:45:33.0843 3408 [ BC9C2EF22EE0320C079E3FF9B4D29951 ] SIUSBXP C:\WINDOWS\system32\drivers\SiUSBXp.sys
03:45:33.0843 3408 SIUSBXP - ok
03:45:33.0859 3408 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
03:45:33.0859 3408 SkypeUpdate - ok
03:45:33.0875 3408 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
03:45:33.0875 3408 SLIP - ok
03:45:33.0890 3408 [ 4F7ED0C2F594F1B8E9CAFAB21EB86126 ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
03:45:33.0890 3408 snapman - ok
03:45:33.0906 3408 [ A1FF7D99B199CEA1F3DF371BA70D2780 ] Sntnlusb C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
03:45:33.0906 3408 Sntnlusb - ok
03:45:33.0921 3408 [ C49AC412A5C58F29BEDA9F3D507F6B82 ] SocketLock C:\WINDOWS\system32\socketlock.sys
03:45:33.0921 3408 SocketLock - ok
03:45:33.0921 3408 [ E5B2FCEB43057FB6F9E76FC4EC04EAFC ] softctrl C:\WINDOWS\system32\DRIVERS\softctrl.sys
03:45:33.0921 3408 softctrl - ok
03:45:33.0937 3408 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
03:45:33.0937 3408 Sparrow - ok
03:45:33.0953 3408 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
03:45:33.0953 3408 splitter - ok
03:45:33.0953 3408 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
03:45:33.0953 3408 Spooler - ok
03:45:33.0984 3408 [ 352E375AB298C23B0F9BC307652C7F50 ] SQLAgent$MICROSOFTSMLBIZ C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE
03:45:33.0984 3408 SQLAgent$MICROSOFTSMLBIZ - ok
03:45:34.0000 3408 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
03:45:34.0000 3408 sr - ok
03:45:34.0000 3408 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
03:45:34.0015 3408 srservice - ok
03:45:34.0031 3408 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
03:45:34.0031 3408 Srv - ok
03:45:34.0031 3408 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
03:45:34.0046 3408 SSDPSRV - ok
03:45:34.0046 3408 [ 15376507E439F73610F83947F1727E84 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
03:45:34.0046 3408 ssudmdm - ok
03:45:34.0062 3408 [ 0E550D3DDAC4CFC48602C262889590D9 ] ssudnflt C:\WINDOWS\system32\DRIVERS\ssudnflt.sys
03:45:34.0062 3408 ssudnflt - ok
03:45:34.0062 3408 [ F92254B0BCFCD10CAAC7BCCC7CB7F467 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
03:45:34.0078 3408 StarOpen - ok
03:45:34.0109 3408 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
03:45:34.0125 3408 STHDA - ok
03:45:34.0125 3408 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
03:45:34.0125 3408 StillCam - ok
03:45:34.0156 3408 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
03:45:34.0156 3408 stisvc - ok
03:45:34.0171 3408 [ E3356A679491AD7B8FF4D51C1FDB0287 ] StMp3Rec C:\WINDOWS\system32\Drivers\StMp3Rec.sys
03:45:34.0171 3408 StMp3Rec - ok
03:45:34.0187 3408 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
03:45:34.0187 3408 streamip - ok
03:45:34.0187 3408 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
03:45:34.0203 3408 swenum - ok
03:45:34.0203 3408 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
03:45:34.0203 3408 swmidi - ok
03:45:34.0218 3408 [ 851681F7D3200E2A646C5EE4D4E9883D ] swmsflt C:\WINDOWS\System32\drivers\swmsflt.sys
03:45:34.0218 3408 swmsflt - ok
03:45:34.0234 3408 [ 7AE593FE3D78195987505DA0A7E91542 ] SWNC8U80 C:\WINDOWS\system32\DRIVERS\swnc8u80.sys
03:45:34.0234 3408 SWNC8U80 - ok
03:45:34.0250 3408 SwPrv - ok
03:45:34.0343 3408 [ 3076A3BB7C340BBF851075DD2EBAD03F ] SWUMX80 C:\WINDOWS\system32\DRIVERS\swumx80.sys
03:45:34.0343 3408 SWUMX80 - ok
03:45:34.0359 3408 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
03:45:34.0359 3408 symc810 - ok
03:45:34.0359 3408 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
03:45:34.0359 3408 symc8xx - ok
03:45:34.0406 3408 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
03:45:34.0406 3408 sym_hi - ok
03:45:34.0421 3408 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
03:45:34.0421 3408 sym_u3 - ok
03:45:34.0453 3408 [ FA2DAA32BED908023272A0F77D625DAE ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
03:45:34.0453 3408 SynTP - ok
03:45:34.0468 3408 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
03:45:34.0468 3408 sysaudio - ok
03:45:34.0484 3408 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
03:45:34.0484 3408 SysmonLog - ok
03:45:34.0500 3408 [ 0C82061920A2DE35D33C2C2BB83B1E98 ] tap0801 C:\WINDOWS\system32\DRIVERS\tap0801.sys
03:45:34.0500 3408 tap0801 - ok
03:45:34.0500 3408 [ DF436E7CA9AC042B2CECB791A9A9EA74 ] tap0801co C:\WINDOWS\system32\DRIVERS\tap0801co.sys
03:45:34.0500 3408 tap0801co - ok
03:45:34.0515 3408 [ 1E89DE7A4FB7A854EBB241D0AA8996DD ] tap0901 C:\WINDOWS\system32\DRIVERS\tap0901.sys
03:45:34.0515 3408 tap0901 - ok
03:45:34.0531 3408 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
03:45:34.0531 3408 TapiSrv - ok
03:45:34.0562 3408 [ CBEEBEB899E31EF52B962CB31FC8CA5C ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
03:45:34.0562 3408 Tcpip - ok
03:45:34.0578 3408 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
03:45:34.0578 3408 Tcpip6 - ok
03:45:34.0593 3408 [ 4D96EE19D12304A048CC1F24F8D98389 ] tcpipBM C:\WINDOWS\system32\drivers\tcpipBM.sys
03:45:34.0593 3408 tcpipBM - ok
03:45:34.0609 3408 [ 8AD9B543758DAC2CB2A6940FDBFD5468 ] TcUsb C:\WINDOWS\system32\Drivers\tcusb.sys
03:45:34.0609 3408 TcUsb - ok
03:45:34.0609 3408 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
03:45:34.0609 3408 TDPIPE - ok
03:45:34.0640 3408 [ 8DE3E45000BA8C9EBB16737D3F83E216 ] tdrpman258 C:\WINDOWS\system32\DRIVERS\tdrpm258.sys
03:45:34.0640 3408 tdrpman258 - ok
03:45:34.0656 3408 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
03:45:34.0656 3408 TDTCP - ok
03:45:34.0750 3408 [ 851C5080261DFC1FCDC21DF0E5EA3BCB ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
03:45:34.0781 3408 TeamViewer8 - ok
03:45:34.0796 3408 [ 9101FFFCFCCD1A30E870A5B8A9091B10 ] teamviewervpn C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys
03:45:34.0796 3408 teamviewervpn - ok
03:45:34.0796 3408 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
03:45:34.0796 3408 TermDD - ok
03:45:34.0812 3408 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
03:45:34.0812 3408 TermService - ok
03:45:34.0828 3408 [ 9D4BBD6E27B5562AEA8295DE7134E386 ] thdudf C:\WINDOWS\system32\DRIVERS\thdudf.sys
03:45:34.0828 3408 thdudf - ok
03:45:34.0843 3408 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
03:45:34.0843 3408 Themes - ok
03:45:34.0875 3408 [ 3E06987FEDBCDFBFF8E85EF8108565F9 ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
03:45:34.0875 3408 timounter - ok
03:45:34.0890 3408 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
03:45:34.0890 3408 TlntSvr - ok
03:45:34.0890 3408 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
03:45:34.0890 3408 TosIde - ok
03:45:34.0906 3408 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
03:45:34.0906 3408 TrkWks - ok
03:45:34.0921 3408 [ 075B938565A580E0A880EB0E403A356B ] truecrypt C:\WINDOWS\system32\drivers\truecrypt.sys
03:45:34.0921 3408 truecrypt - ok
03:45:34.0937 3408 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
03:45:34.0937 3408 tunmp - ok
03:45:34.0953 3408 [ 0A284C111B3F1F080553516832A049D5 ] TVICHW32 C:\WINDOWS\system32\drivers\TVICHW32.sys
03:45:34.0953 3408 TVICHW32 - ok
03:45:34.0984 3408 [ AAF458CC200326BEF602B5339400BF86 ] tvnserver C:\Program Files\Common Files\Comodo\tvnserver.exe
03:45:34.0984 3408 tvnserver - ok
03:45:35.0000 3408 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
03:45:35.0000 3408 Udfs - ok
03:45:35.0015 3408 [ 215462AE7E6A897D675E84DD1E3B3B56 ] ufad-ws60 C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
03:45:35.0015 3408 ufad-ws60 - ok
03:45:35.0031 3408 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
03:45:35.0031 3408 ultra - ok
03:45:35.0046 3408 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
03:45:35.0062 3408 UMVPFSrv - ok
03:45:35.0078 3408 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
03:45:35.0093 3408 Update - ok
03:45:35.0109 3408 [ 325FB38C323C63C7F57885B4DFB1B91E ] UPHClean C:\Program Files\UPHClean\uphclean.exe
03:45:35.0109 3408 UPHClean - ok
03:45:35.0125 3408 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
03:45:35.0125 3408 upnphost - ok
03:45:35.0125 3408 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
03:45:35.0140 3408 UPS - ok
03:45:35.0140 3408 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
03:45:35.0156 3408 usbaudio - ok
03:45:35.0156 3408 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
03:45:35.0156 3408 usbccgp - ok
03:45:35.0171 3408 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
03:45:35.0171 3408 usbehci - ok
03:45:35.0187 3408 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
03:45:35.0187 3408 usbhub - ok
03:45:35.0203 3408 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
03:45:35.0203 3408 usbprint - ok
03:45:35.0203 3408 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
03:45:35.0203 3408 usbscan - ok
03:45:35.0218 3408 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
03:45:35.0218 3408 USBSTOR - ok
03:45:35.0234 3408 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
03:45:35.0234 3408 usbuhci - ok
03:45:35.0234 3408 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
03:45:35.0250 3408 usbvideo - ok
03:45:35.0250 3408 [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
03:45:35.0250 3408 usb_rndisx - ok
03:45:35.0265 3408 UTEWP - ok
03:45:35.0281 3408 [ 9B7D30E837C80EC406676C0FE784107F ] VBoxDrv C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
03:45:35.0281 3408 VBoxDrv - ok
03:45:35.0281 3408 [ E34CB1E4756B465CC832354162DFCEF0 ] VBoxNetAdp C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
03:45:35.0296 3408 VBoxNetAdp - ok
03:45:35.0296 3408 [ A2229877303764021C088E6400B3E063 ] VBoxUSBMon C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
03:45:35.0296 3408 VBoxUSBMon - ok
03:45:35.0312 3408 [ D1528FA039FF71779A3EA6296F746A23 ] vdiskbus C:\WINDOWS\system32\DRIVERS\vdiskbus.sys
03:45:35.0312 3408 vdiskbus - ok
03:45:35.0312 3408 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
03:45:35.0312 3408 VgaSave - ok
03:45:35.0328 3408 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
03:45:35.0328 3408 viaagp - ok
03:45:35.0343 3408 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
03:45:35.0343 3408 ViaIde - ok
03:45:35.0343 3408 [ 6FC9B272B838EE8F5FA0E4A7E971154A ] VMAuthdService C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
03:45:35.0343 3408 VMAuthdService - ok
03:45:35.0359 3408 [ C9561DCBEDA5B700752E3F7049B2D6F2 ] vmci C:\WINDOWS\system32\Drivers\vmci.sys
03:45:35.0359 3408 vmci - ok
03:45:35.0375 3408 [ DCD2F4A14795E8A8114A7CAE2A9B9465 ] vmkbd C:\WINDOWS\system32\drivers\VMkbd.sys
03:45:35.0375 3408 vmkbd - ok
03:45:35.0375 3408 [ E41704D8149992107B333CC7A52C07CC ] VMnetAdapter C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
03:45:35.0375 3408 VMnetAdapter - ok
03:45:35.0390 3408 [ AF55D6A291F99146C9B6419028FED844 ] VMnetBridge C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
03:45:35.0390 3408 VMnetBridge - ok
03:45:35.0406 3408 [ 8BB18290BAA79BFB99475223E0585CA5 ] VMnetDHCP C:\WINDOWS\system32\vmnetdhcp.exe
03:45:35.0421 3408 VMnetDHCP - ok
03:45:35.0421 3408 [ ECBE41A85C852BCD2FD12281E8F9D833 ] VMnetuserif C:\WINDOWS\system32\drivers\vmnetuserif.sys
03:45:35.0437 3408 VMnetuserif - ok
03:45:35.0437 3408 [ AFB10AD9AA91D2F70C9F0E6BDA0D119B ] vmusb C:\WINDOWS\system32\Drivers\vmusb.sys
03:45:35.0437 3408 vmusb - ok
03:45:35.0468 3408 [ F22098DBDD13C1221C274496B3E18DA7 ] VMUSBArbService C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
03:45:35.0468 3408 VMUSBArbService - ok
03:45:35.0515 3408 [ 94108996405446AE95F56606FD702A43 ] VMware NAT Service C:\WINDOWS\system32\vmnat.exe
03:45:35.0515 3408 VMware NAT Service - ok
03:45:35.0546 3408 [ 626D103EF74B9C2E9F7B5D3BE9007FBA ] vmx86 C:\WINDOWS\system32\Drivers\vmx86.sys
03:45:35.0546 3408 vmx86 - ok
03:45:35.0562 3408 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
03:45:35.0562 3408 VolSnap - ok
03:45:35.0578 3408 [ 53F064EDEC4A0B7D4281E9E87813F90A ] VSBC C:\WINDOWS\system32\DRIVERS\evsbc.sys
03:45:35.0578 3408 VSBC - ok
03:45:35.0593 3408 [ 725DACCA72FA24D5A4E12FB2D9775872 ] vsbus C:\WINDOWS\system32\DRIVERS\vsb.sys
03:45:35.0593 3408 vsbus - ok
03:45:35.0593 3408 [ 05242D114FB71F62A9BFF702EF180E08 ] vserial C:\WINDOWS\system32\DRIVERS\vserial.sys
03:45:35.0593 3408 vserial - ok
03:45:35.0625 3408 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
03:45:35.0625 3408 VSS - ok
03:45:35.0625 3408 [ 98929C5C5314C4C048E2F60492C26723 ] vstor2-ws60 C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
03:45:35.0640 3408 vstor2-ws60 - ok
03:45:35.0656 3408 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
03:45:35.0656 3408 w32time - ok
03:45:35.0687 3408 [ 95C7421F8BAFC85BA09D33364058937D ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
03:45:35.0703 3408 w39n51 - ok
03:45:35.0718 3408 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
03:45:35.0718 3408 Wanarp - ok
03:45:35.0734 3408 [ 46A247F6617526AFE38B6F12F5512120 ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
03:45:35.0734 3408 wceusbsh - ok
03:45:35.0765 3408 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
03:45:35.0765 3408 Wdf01000 - ok
03:45:35.0781 3408 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
03:45:35.0781 3408 wdmaud - ok
03:45:35.0796 3408 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
03:45:35.0796 3408 WebClient - ok
03:45:35.0812 3408 [ 74CF3F2E4E40C4A2E18D39D6300A5C24 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
03:45:35.0812 3408 winachsf - ok
03:45:35.0843 3408 [ 94E4312D546048BF31604A8B2AD13FC0 ] WinDriver6 C:\WINDOWS\system32\drivers\windrvr6.sys
03:45:35.0843 3408 WinDriver6 - ok
03:45:35.0859 3408 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
03:45:35.0859 3408 winmgmt - ok
03:45:35.0906 3408 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
03:45:35.0921 3408 WinRM - ok
03:45:35.0937 3408 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
03:45:35.0953 3408 WinUSB - ok
03:45:35.0953 3408 [ DDA0A4CCAA58CFD178771F268E23F88C ] WLANKEEPER C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
03:45:35.0968 3408 WLANKEEPER - ok
03:45:35.0968 3408 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
03:45:35.0968 3408 WmdmPmSN - ok
03:45:36.0000 3408 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
03:45:36.0000 3408 Wmi - ok
03:45:36.0015 3408 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
03:45:36.0015 3408 WmiAcpi - ok
03:45:36.0031 3408 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
03:45:36.0031 3408 WmiApSrv - ok
03:45:36.0046 3408 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
03:45:36.0062 3408 WMPNetworkSvc - ok
03:45:36.0062 3408 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
03:45:36.0078 3408 WpdUsb - ok
03:45:36.0125 3408 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
03:45:36.0125 3408 WPFFontCache_v0400 - ok
03:45:36.0140 3408 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
03:45:36.0140 3408 WS2IFSL - ok
03:45:36.0140 3408 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(1) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
03:45:36.0156 3408 WsAudio_DeviceS(1) - ok
03:45:36.0156 3408 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(2) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
03:45:36.0156 3408 WsAudio_DeviceS(2) - ok
03:45:36.0171 3408 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(3) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
03:45:36.0171 3408 WsAudio_DeviceS(3) - ok
03:45:36.0187 3408 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(4) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
03:45:36.0187 3408 WsAudio_DeviceS(4) - ok
03:45:36.0187 3408 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(5) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
03:45:36.0187 3408 WsAudio_DeviceS(5) - ok
03:45:36.0203 3408 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
03:45:36.0203 3408 wscsvc - ok
03:45:36.0218 3408 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
03:45:36.0218 3408 WSTCODEC - ok
03:45:36.0234 3408 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
03:45:36.0234 3408 wuauserv - ok
03:45:36.0265 3408 [ 50EB9E21963B4F06FD010D007D54351B ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
03:45:36.0265 3408 WudfPf - ok
03:45:36.0281 3408 [ 6E209664BDEA8A15B5E8E480D6C607C2 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
03:45:36.0281 3408 WudfRd - ok
03:45:36.0296 3408 [ AE93084D2D236887BA56467AE42B4955 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
03:45:36.0296 3408 WudfSvc - ok
03:45:36.0328 3408 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
03:45:36.0328 3408 WZCSVC - ok
03:45:36.0343 3408 xDump - ok
03:45:36.0359 3408 [ B5A91AC679808D19F6F56509A4C63D4E ] XLink LPD C:\Program Files\Nfserver\lpd.exe
03:45:36.0359 3408 XLink LPD - ok
03:45:36.0375 3408 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
03:45:36.0375 3408 xmlprov - ok
03:45:36.0390 3408 YZHDED - ok
03:45:36.0406 3408 [ 9A85EAF23FCCA8F3E056159802E81B49 ] ZentimoService C:\Program Files\Zentimo\ZentimoService.exe
03:45:36.0406 3408 ZentimoService - ok
03:45:36.0437 3408 [ 6E179617CCCBB28A625E4D3E8372BC99 ] ZRTP C:\WINDOWS\system32\DRIVERS\zrtp.sys
03:45:36.0453 3408 ZRTP - ok
03:45:36.0515 3408 [ A1A3F0E6A4584F601E8ACC92F526F5BE ] ZSMC301b C:\WINDOWS\system32\Drivers\usbVM31b.sys
03:45:36.0531 3408 ZSMC301b - ok
03:45:36.0578 3408 [ 74EC37B9EAF9FCA015B933A526825C7A ] {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
03:45:36.0578 3408 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} - ok
03:45:36.0812 3408 ================ Scan global ===============================
03:45:36.0828 3408 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
03:45:36.0828 3408 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
03:45:36.0843 3408 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
03:45:36.0859 3408 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
03:45:36.0859 3408 [Global] - ok
03:45:36.0859 3408 ================ Scan MBR ==================================
03:45:36.0859 3408 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
03:45:37.0406 3408 \Device\Harddisk0\DR0 - ok
03:45:37.0406 3408 ================ Scan VBR ==================================
03:45:37.0406 3408 [ BEF6E85D6F8D5894AB5DCD939E8026AC ] \Device\Harddisk0\DR0\Partition1
03:45:37.0406 3408 \Device\Harddisk0\DR0\Partition1 - ok
03:45:37.0406 3408 [ 64B1EF7CA5AE16B8B0AA954558B5076E ] \Device\Harddisk0\DR0\Partition2
03:45:37.0406 3408 \Device\Harddisk0\DR0\Partition2 - ok
03:45:37.0406 3408 ============================================================
03:45:37.0406 3408 Scan finished
03:45:37.0406 3408 ============================================================
03:45:37.0421 4800 Detected object count: 0
03:45:37.0421 4800 Actual detected object count: 0
03:45:48.0562 4808 Deinitialize success

Edited by Jayman007, 25 December 2012 - 03:46 PM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:09 PM

Posted 25 December 2012 - 04:41 PM

Hi Jason,

That report looks good. I would like to do some followup on a few entries which showed up in the Combofix report.

Please do this for me.


===================================================


Running Combofix Script

-------------------

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text below into the Notepad document

    DirLook::
    c:\documents and settings\All Users\Application Data\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
    c:\documents and settings\All Users\Application Data\{A62AB9D5-FDCF-49B1-9F0A-F80A3E614529}
    RegNull::
    [HKEY_USERS\S-1-5-21-3030420016-499448262-1378471451-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{08D2654C-9275-604C-35D2-5C87A2860D2A}*]
    [HKEY_USERS\S-1-5-21-3030420016-499448262-1378471451-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{27BB9111-A1FB-2D48-41C8-CD6437B06101}*]
    [HKEY_USERS\S-1-5-21-3030420016-499448262-1378471451-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2AFEB829-80AF-7B30-ABAE-A8AB6190F1DA}*]
    

  • Save this on your desktop as CFScript.txt.


    Posted Image

  • Referring to the picture above, drag CFScript.txt into ComboFix.exe
  • When finished, it will create a log for you at C:\ComboFix.txt. Please copy/paste the information in your next reply.

===================================================


Virustotal Online Virus Scanner

--------------------

  • Please go to Virustotal
  • Please do the following for each of the listed files
  • Select Choose File
  • Navigate to the following file, double click on the file so the file name is populated, then click Scan it!
  • IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.

    c:\windows\java\x.exe
    c:\documents and settings\Jay\Application Data\Microsoft\Installer\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}\icons.exe
    c:\documents and settings\Jay\Local Settings\Temp\YZHDED.exe

  • Once completed, highlight the information in the address bar and copy then paste the link in your reply


    Posted Image

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Combofix log
  • Virustotal links

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#13 Jayman007

Jayman007
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 26 December 2012 - 03:13 AM

ok. so the error I receive when I try and boot the command console is

"Disk Read Error Occurred. Press Ctrl-Alt-Del to restart"

I ran the virustotal scan on 2 of the 3 entries you listed as the 3rd entry was no longer on my HDD and there were no exe files in that location. The 2 I did upload and reanalyze seem to be clean.

https://www.virustotal.com/file/acd3a51dde4e1822b4ca2bccb0968cfa307bb94d8eb0575350aaa18696157ab4/analysis/1356506953/
https://www.virustotal.com/file/2e66eb83e4c3628772b4ff1f209511023d7f2662febf19064b2b7f1bafe0db20/analysis/1356507038/


Here is the combofix log after running as per your instructions. The only thing that was non standard is they told me a newer version was available and asked if I wanted to update to which I answered "yes".

ComboFix 12-12-25.02 - Jay 12/26/2012 14:38:58.16.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1994 [GMT 7:00]
Running from: c:\documents and settings\Jay\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jay\Desktop\cfscript.txt
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: Emsisoft Anti-Malware *Disabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jay\Local Settings\Application Data\assembly\tmp
c:\program files\Emsisoft Anti-Malware\a2hooks32.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-11-26 to 2012-12-26 )))))))))))))))))))))))))))))))
.
.
2012-12-21 17:30 . 2012-12-21 17:30 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\IObit
2012-12-21 16:44 . 2012-12-21 16:44 -------- d-----w- c:\documents and settings\All Users\Application Data\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2012-12-21 16:43 . 2012-12-21 16:43 -------- d-----w- c:\program files\IObit
2012-12-21 07:30 . 2012-12-21 07:30 -------- d-----w- c:\program files\Elcomsoft Password Recovery
2012-12-21 07:30 . 2012-12-21 07:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Elcomsoft Password Recovery
2012-12-19 17:54 . 2009-01-25 05:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-12-19 17:54 . 2012-12-19 17:54 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-12-19 17:37 . 2012-12-19 17:37 -------- d-----w- C:\Emsisoft
2012-12-18 01:59 . 2012-12-18 01:59 -------- d-----w- C:\VritualRoot
2012-12-18 01:57 . 2012-12-18 10:13 40496 ----a-w- c:\windows\system32\drivers\sfi.dat
2012-12-18 01:49 . 2012-12-18 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2012-12-17 19:07 . 2012-12-17 19:07 -------- d-----w- c:\program files\PipStrider™
2012-12-17 15:15 . 2012-12-17 15:15 -------- d-----w- c:\documents and settings\Jay\Local Settings\Application Data\Secomba_GmbH
2012-12-17 15:06 . 2012-12-04 11:44 170344 ----a-w- c:\windows\system32\cbfsMntNtf4.dll
2012-12-17 15:06 . 2012-12-04 11:45 235880 ----a-w- c:\windows\system32\cbfsNetRdr4.dll
2012-12-17 15:05 . 2012-12-04 11:45 9064 ----a-w- c:\windows\system32\elevtmsg.dll
2012-12-17 15:05 . 2012-12-04 11:37 314376 ----a-w- c:\windows\system32\drivers\cbfs4.sys
2012-12-17 15:05 . 2012-12-17 15:06 -------- d-----w- c:\program files\BoxCryptor
2012-12-17 14:41 . 2012-12-17 14:41 -------- d-----w- c:\windows\system32\wbem\Repository
2012-12-17 14:11 . 2012-12-17 14:11 -------- d-----w- c:\documents and settings\Jay\Application Data\Uninstaller Tool(Comodo Forums)
2012-12-17 09:15 . 2012-12-17 09:15 -------- d-----w- c:\documents and settings\Jay\YamicsoftDisabled
2012-12-16 21:47 . 2012-12-16 21:47 -------- d-----w- c:\documents and settings\Jay\Application Data\osphone
2012-12-16 21:46 . 2012-12-16 21:46 -------- d-----w- c:\program files\OneSuite
2012-12-14 02:26 . 2012-12-14 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2012-12-14 02:04 . 2012-12-14 02:04 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-12 16:12 . 2012-12-12 16:12 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{A62AB9D5-FDCF-49B1-9F0A-F80A3E614529}
2012-12-07 14:35 . 2012-08-14 21:52 54784 ------w- c:\windows\system32\Forex Trader Console.exe
2012-12-07 14:35 . 2012-08-08 15:02 1626624 ------w- c:\windows\system32\OU_Loader.dll
2012-12-07 14:35 . 2012-12-07 14:35 -------- d-----w- c:\program files\Fly Right Software
2012-12-06 12:01 . 2012-12-06 12:01 -------- d-----w- c:\program files\Dropbox
2012-11-26 10:36 . 2012-11-26 10:36 -------- d-----w- c:\documents and settings\Jay\Application Data\JAM Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2008-04-15 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 02:39 . 2012-06-18 12:38 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-14 02:04 . 2012-01-15 13:52 859072 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-14 02:04 . 2010-04-29 08:42 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-12 16:12 . 2012-07-24 11:46 81720 ----a-w- c:\windows\system32\drivers\AntiLog32.sys
2012-12-12 02:30 . 2012-09-11 09:09 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 02:30 . 2012-09-11 09:09 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-28 17:49 . 2010-03-11 09:17 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
2012-11-22 00:43 . 2010-12-23 19:00 112480 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2012-11-16 12:08 . 2012-08-25 11:18 11004488 ----a-w- c:\program files\Common Files\lpuninstall.exe
2012-11-13 01:25 . 2008-04-15 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-07 23:37 . 2011-10-21 09:02 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-07 23:37 . 2011-12-19 11:58 301264 ----a-w- c:\windows\system32\guard32.dll
2012-11-07 16:38 . 2012-11-07 16:38 99080 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-11-07 16:38 . 2012-11-07 16:38 32640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-07 16:38 . 2012-11-07 16:38 497952 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-07 16:38 . 2012-11-07 16:38 18096 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-02 02:02 . 2008-04-15 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2008-04-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2008-04-15 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2008-04-15 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2008-04-15 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-10-26 23:36 . 2012-10-26 23:36 98304 ----a-r- c:\documents and settings\Jay\Application Data\Microsoft\Installer\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}\icons.exe
2012-10-24 20:12 . 2012-10-24 20:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-24 20:12 . 2012-10-24 20:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-04 10:28 . 2012-10-04 10:28 241016 ----a-w- c:\windows\system32\PDBoot.exe
2012-10-03 19:01 . 2012-10-03 19:01 20240 ----a-w- c:\windows\system32\plkmon32.dll
2012-10-02 20:49 . 2012-10-02 20:49 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-10-02 18:04 . 2008-04-15 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-10-01 23:43 . 2010-10-13 18:25 30601 ----a-w- c:\windows\java\x.exe
2012-09-30 20:18 . 2012-09-30 20:18 3712 ----a-w- c:\windows\system32\socketlock.sys
2012-09-29 12:54 . 2012-01-02 21:29 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-27 10:52 . 2012-09-27 10:51 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sha-r- c:\windows\system32\nbDX.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F} ----
.
2012-12-21 16:44 . 2012-12-21 16:44 65 --sh--r- c:\documents and settings\All Users\Application Data\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}\desktop.ini
.
---- Directory of c:\documents and settings\All Users\Application Data\{A62AB9D5-FDCF-49B1-9F0A-F80A3E614529} ----
.
2012-12-12 16:12 . 2012-12-12 16:12 92 -c--a-w- c:\documents and settings\All Users\Application Data\{A62AB9D5-FDCF-49B1-9F0A-F80A3E614529}\instance.dat
2012-12-12 16:12 . 2012-12-12 16:12 9 -c--a-w- c:\documents and settings\All Users\Application Data\{A62AB9D5-FDCF-49B1-9F0A-F80A3E614529}\Setup.lan
2012-12-12 16:12 . 2012-12-12 16:12 3636 -c--a-w- c:\documents and settings\All Users\Application Data\{A62AB9D5-FDCF-49B1-9F0A-F80A3E614529}\Setup.par
2012-12-12 16:12 . 2012-12-12 16:12 243 -c--a-w- c:\documents and settings\All Users\Application Data\{A62AB9D5-FDCF-49B1-9F0A-F80A3E614529}\Setup.dat
2012-12-12 16:12 . 2012-12-04 16:26 579156 -c--a-w- c:\documents and settings\All Users\Application Data\{A62AB9D5-FDCF-49B1-9F0A-F80A3E614529}\mia.lib
2012-12-12 16:12 . 2012-12-04 16:26 18132663 -c--a-w- c:\documents and settings\All Users\Application Data\{A62AB9D5-FDCF-49B1-9F0A-F80A3E614529}\Setup.res
2012-12-12 16:12 . 2012-12-04 16:26 430080 -c--a-w- c:\documents and settings\All Users\Application Data\{A62AB9D5-FDCF-49B1-9F0A-F80A3E614529}\Setup.msi
2012-12-12 16:12 . 2012-12-04 16:26 2686480 -c--a-w- c:\documents and settings\All Users\Application Data\{A62AB9D5-FDCF-49B1-9F0A-F80A3E614529}\Setup.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-12-18 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2010-05-17 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Jay\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Jay\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Jay\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Jay\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay-cbfs4]
@="{A55BFE96-9CB8-4A86-90D1-2EC7AB9AC251}"
[HKEY_CLASSES_ROOT\CLSID\{A55BFE96-9CB8-4A86-90D1-2EC7AB9AC251}]
2012-12-04 11:44 170344 ----a-w- c:\windows\system32\cbfsMntNtf4.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartupMonitor"="c:\windows\StartupMonitor.exe" [2000-05-20 86016]
"pgaccount"="c:\program files\ProcessGuard\pgaccount.exe" [2008-07-25 120832]
"!1_ProcessGuard_Startup"="c:\program files\ProcessGuard\procguard.exe" [2008-07-25 267287]
"StatBar"="c:\program files\GLOBE SOFTWARE\StatBar\StatBar.exe" [2010-08-19 335872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2012-03-28 1407248]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-03-28 1210640]
"KeyScrambler"="c:\program files\KeyScrambler\keyscrambler.exe" [2012-06-08 431760]
"AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2012-12-04 14597616]
"emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe" [2012-11-26 3365288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KeyScrambler"="c:\program files\KeyScrambler\getting_started.html" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-10 44544]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-29 576104]
Install LastPass FF RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2012-8-25 11004488]
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2012-8-25 11004488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 00000000
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{572E54EA-AF74-4A20-B30D-1B0254DBC2F1}"= "c:\windows\system32\cbfsMntNtf4.dll" [2012-12-04 170344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"EldosMountNotificator-cbfs4"= {572E54EA-AF74-4A20-B30D-1B0254DBC2F1} - c:\windows\system32\cbfsMntNtf4.dll [2012-12-04 170344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
2008-11-02 13:48 87352 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\KeyScrambler]
2012-03-08 05:05 113464 ----a-w- c:\windows\system32\KeyScramblerLogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-12-14 18:43 788744 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk /r \??\c:\0autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2012-11-08 00:06 109336 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Gizmo Project\\mDNSResponder.exe"=
"c:\\Program Files\\Gizmo Project\\Gizmo.exe"=
"c:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"d:\\Downloads\\utorrent.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\ElcomSoft\\Distributed Password Recovery\\esdprs.exe"=
"c:\\Program Files\\ElcomSoft\\Distributed Password Recovery\\esdpr.exe"=
"c:\\Program Files\\ElcomSoft\\Distributed Password Recovery\\esda.exe"=
"c:\\Documents and Settings\\Jay\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Jay\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\AWUS036H Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Airlink101\\Airlink101 WLAN Monitor\\RtWLan.exe"=
"d:\\Downloads\\utorrent_4.exe"=
"d:\\Downloads\\utorrent_5.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Program Files\\IDA\\idag.exe"=
"c:\\Program Files\\IDA\\idag64.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Documents and Settings\\Jay\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\Jay\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Input Director\\InputDirector.exe"=
"c:\\Program Files\\Input Director\\InputDirectorSessionHelper.exe"=
"c:\\Program Files\\Input Director\\InputDirectorClipboardHelper.exe"=
"c:\\Program Files\\Common Files\\Comodo\\tvnserver.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1542:TCP"= 1542:TCP:WPS TCP Prot
"1542:UDP"= 1542:UDP:WPS UDP Prot
"53:UDP"= 53:UDP:AP UDP Prot
"12121:TCP"= 12121:TCP:ElcomSoft Distributed Agents TCP Port
"12122:TCP"= 12122:TCP:ElcomSoft Distributed Password Recovery Console TCP Port
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [1/7/2009 23:39 21512]
R0 crpf;crpf;c:\windows\system32\drivers\crpf.sys [3/5/2012 23:31 36752]
R0 csdf;cdsf;c:\windows\system32\drivers\csdf.sys [3/5/2012 23:31 39440]
R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [2/21/2007 03:53 30820]
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [9/16/2010 17:29 57312]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/6/2010 01:35 64288]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [6/25/2010 04:20 911680]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [3/12/2012 03:44 17904]
R1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [3/12/2012 03:44 37856]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [3/12/2012 03:44 11776]
R1 AmgHips;AmgHips;c:\windows\system32\drivers\AmgHips.sys [12/1/2011 22:33 25248]
R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog32.sys [7/24/2012 18:46 81720]
R1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [4/3/2006 22:00 14949]
R1 cbfs4;cbfs4;c:\windows\system32\drivers\cbfs4.sys [12/17/2012 22:05 314376]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [8/3/2012 10:23 36112]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [11/7/2012 23:38 18096]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [11/7/2012 23:38 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [11/7/2012 23:38 32640]
R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\drivers\CSN5PDTS82.sys [4/10/2012 16:25 28184]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [6/11/2008 19:05 29768]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [12/24/2010 02:00 112480]
R1 ProtectorDriver;ZeroVulnerabilityLabs ExploitShield;c:\program files\ZeroVulnerabilityLabs\ExploitShield\ExploitShield.sys [9/28/2012 21:56 44472]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [11/22/2010 06:06 143184]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [11/22/2010 06:06 41936]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/08/11 23:01];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [3/13/2010 12:58 87536]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [3/12/2012 03:44 3190272]
R2 AKEProtect;AKEProtect;c:\program files\Anti Keylogger Elite\AKEProtect.sys [12/17/2007 00:26 13351]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common Files\Comodo\launcher_service.exe [8/16/2012 09:14 70352]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [8/4/2011 21:19 21992]
R2 DCSPGSRV;DiamondCS ProcessGuard Service v3.500;c:\program files\ProcessGuard\DCSUserProt.exe [4/30/2010 23:30 31744]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [12/19/2012 21:03 1868432]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [7/10/2009 19:56 38144]
R2 Ekauio;Ekahau NDIS Usermode I/O Protocol;c:\windows\system32\drivers\ekauio.sys [4/7/2009 19:45 12416]
R2 HopperP;WiFi Hopper (XP);c:\windows\system32\drivers\hopperp.sys [11/21/2008 13:38 21888]
R2 IceDragonUpdater;COMODO IceDragon Update Service;c:\program files\Comodo\IceDragon\icedragon_updater.exe [12/5/2012 21:16 446664]
R2 InputDirector;Input Director Service;c:\program files\Input Director\IDWinService.exe [12/15/2011 08:01 36864]
R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Nitro\Pro 8\NitroPDFDriverService8.exe [9/18/2012 14:28 197128]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [9/18/2012 14:28 69640]
R2 PDFSFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [8/23/2012 17:56 69016]
R2 procguard;procguard;c:\windows\system32\drivers\procguard.sys [4/30/2010 23:30 26688]
R2 SocketLock;Raw Socket Lock Driver;c:\windows\system32\socketlock.sys [10/1/2012 03:18 3712]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [12/18/2012 09:25 3463080]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [8/20/2010 16:19 66944]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [8/19/2011 09:26 450848]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [11/11/2010 13:48 70768]
R2 ZentimoService;Zentimo Assistant;c:\program files\Zentimo\ZentimoService.exe [11/3/2010 19:55 262800]
R3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [3/12/2012 03:44 54072]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [11/25/2008 17:55 173880]
R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [7/26/2012 22:26 6609920]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [5/21/2007 18:22 47360]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [3/11/2010 16:17 25088]
R3 vdiskbus;Virtual Disk Bus;c:\windows\system32\drivers\VDiskBus.sys [2/21/2007 03:47 35107]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\drivers\evsbc.sys [10/29/2007 04:23 26448]
R3 ZRTP;ZRTP Service;c:\windows\system32\drivers\zrtp.sys [3/22/2009 20:43 1052768]
S1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82x64.sys --> c:\windows\system32\Drivers\CSN5PDTS82x64.sys [?]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [12/20/2012 00:54 168384]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [11/9/2012 11:21 160944]
S3 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [12/10/2009 23:04 814344]
S3 ADExchange;ArcSoft Exchange Service;c:\program files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [10/26/2011 09:32 37280]
S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [6/25/2010 04:20 160704]
S3 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [6/25/2010 04:20 2480048]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [9/5/2008 05:09 111896]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [12/7/2008 12:44 25864]
S3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [10/28/2011 17:39 2428968]
S3 CommIpw;[CommView] Intel® PRO/Wireless 7100 Adapter Driver;c:\windows\system32\drivers\commipw.sys [10/27/2008 20:23 238080]
S3 COMMSYM;CommView/WiFi Driver by TamoSoft;c:\windows\system32\drivers\commsym.sys [10/27/2008 20:23 91392]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 11336]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [1/1/2012 20:14 66112]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.SYS [9/19/2000 11:16 3584]
S3 DrvSnSht;DrvSnSht;c:\program files\R-Drive Image\DrvSnSht.sys [11/1/2008 22:46 94608]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [1/11/2012 17:59 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [1/11/2012 17:59 8456]
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\drivers\evserial.sys [10/29/2007 04:23 52944]
S3 Ext2Fsd;Linux ext2 file system driver;c:\windows\system32\drivers\ext2fsd.sys [3/24/2010 11:40 686360]
S3 Ext2Mgr;Ext2 Volume Manger;c:\program files\Ext2Fsd\Ext2Mgr.exe -service -hide --> c:\program files\Ext2Fsd\Ext2Mgr.exe -service -hide [?]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2/19/2008 06:14 106624]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2/9/2008 02:00 59648]
S3 GtDetectSc;GtDetectSc;c:\program files\Option\GlobeTrotter Connect\GtDetectSc.exe [5/1/2008 08:52 200704]
S3 gupdate1c9ce7e24e1579e;Google Update Service (gupdate1c9ce7e24e1579e);c:\program files\Google\Update\GoogleUpdate.exe [10/16/2009 01:49 133104]
S3 HNMQL;HNMQL;c:\docume~1\Jay\LOCALS~1\Temp\HNMQL.exe --> c:\docume~1\Jay\LOCALS~1\Temp\HNMQL.exe [?]
S3 INFUNLTD;INFUNLTD;c:\windows\system32\drivers\SiUSBXp.sys [6/29/2007 15:00 14848]
S3 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 17:53 13672]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [7/2/2008 14:58 26248]
S3 kguard;kguard;\??\c:\program files\FireLion Softwares\Anti Keyloggers\kguard.sys --> c:\program files\FireLion Softwares\Anti Keyloggers\kguard.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/3/2012 04:29 22856]
S3 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/17/2012 20:58 399432]
S3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/3/2012 04:29 676936]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [7/16/2010 07:45 35088]
S3 Omni-NFS Server;Omni-NFS Server;c:\program files\Nfserver\nfsd.exe [7/25/2007 02:10 237626]
S3 PCANDIS5_WIFISCAN.SYS;PCANDIS5_WIFISCAN.SYS;c:\program files\eEye Digital Security\Retina Wireless Scanner\PCANDIS5_WIFISCAN.SYS [6/3/2009 15:25 22131]
S3 PEEK5;PEEK5 Protocol Driver;c:\docume~1\Jay\Desktop\WINAIR~1.6\PEEK5.SYS [4/15/2012 02:41 13184]
S3 PRISM_USB;D-Link Air Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [10/3/2003 05:47 666624]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [12/16/2011 21:19 15544]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [5/15/2010 04:29 38976]
S3 R-ImageDisk;R-ImageDisk;c:\program files\R-Drive Image\R-ImageDisk.sys [12/3/2009 00:06 126542]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [6/19/2007 00:03 25773]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [5/15/2010 15:14 27064]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [7/19/2009 02:00 335104]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [10/22/2010 00:14 599936]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [7/10/2009 17:16 323328]
S3 SaxNDIS;Ax3soft Packet Driver (SaxNDIS);c:\windows\system32\drivers\SAXNDIS.sys [10/30/2008 09:52 35840]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [12/20/2012 00:54 1103392]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [12/20/2012 00:54 1369624]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [6/27/2012 14:25 1326176]
S3 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [6/27/2012 14:25 681056]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [6/29/2007 15:00 14848]
S3 softctrl;Software Flow Control Driver;c:\windows\system32\drivers\softctrl.sys [12/12/2005 08:36 9760]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [1/1/2012 20:14 180672]
S3 ssudnflt;Remote NDIS Filter Driver;c:\windows\system32\drivers\ssudnflt.sys [1/1/2012 20:14 15936]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [8/21/2008 03:35 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [8/21/2008 03:36 142976]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [10/1/2006 19:37 26624]
S3 tap0801co;TAP-Win32 Adapter V8 (coLinux);c:\windows\system32\drivers\tap0801co.sys [7/10/2004 21:54 24576]
S3 tvnserver;TightVNC Server;c:\program files\Common Files\Comodo\tvnserver.exe [1/27/2012 09:47 828944]
S3 UTEWP;UTEWP;c:\docume~1\Jay\LOCALS~1\Temp\UTEWP.exe --> c:\docume~1\Jay\LOCALS~1\Temp\UTEWP.exe [?]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [10/8/2010 15:57 100560]
S3 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [11/11/2010 12:31 539248]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [10/6/2011 19:00 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [10/6/2011 19:07 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [10/6/2011 19:09 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [10/6/2011 19:11 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [10/6/2011 19:12 25704]
S3 XLink LPD;XLink LPD;c:\program files\Nfserver\Lpd.exe [7/25/2007 02:10 118784]
S3 YZHDED;YZHDED;c:\docume~1\Jay\LOCALS~1\Temp\YZHDED.exe --> c:\docume~1\Jay\LOCALS~1\Temp\YZHDED.exe [?]
S4 BootlogService;BootlogService;c:\program files\Greatis\BootLog XP\BootLogService.exe [6/30/2010 23:47 65248]
S4 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo HDD Control\DfSdkS.exe [9/7/2011 19:18 406016]
S4 Franson GpsGate 2.0;Franson GpsGate 2.0;c:\program files\Franson\GpsGate 2.0\GpsGateService.exe [9/12/2008 01:58 258048]
S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [11/23/2011 18:16 135584]
S4 gfi_lanss9_attservice;GFI LANguard 9.0 Attendant Service;c:\program files\GFI\LANguard 9.0\lnssatt.exe [7/9/2009 22:02 329072]
S4 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2/29/2008 05:31 12856]
S4 MyConnectionServer-24cecd90;Visualware MyConnection Server (#24cecd90);c:\program files\MyConnection Server\msserver.exe [6/8/2010 08:31 639708]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PROCEXP152
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
CtServ REG_MULTI_SZ CtServ
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-11 02:30]
.
2012-12-26 c:\windows\Tasks\ExploitShield.job
- c:\program files\ZeroVulnerabilityLabs\ExploitShield\Loader32.exe [2012-12-17 18:12]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>;192.168.1.1/32
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: &NeoTrace It! - c:\progra~1\NeoTracePro\NTXcontext.htm
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Power Favorites - c:\program files\Desksware\Power Favorites\copyurl.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download FLV videos with IDM from 10 last requested - c:\program files\Internet Download Manager\IEGetVL2.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: LastPass - file://c:\documents and settings\Jay\Local Settings\Application Data\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\documents and settings\Jay\Local Settings\Application Data\LastPass\context.html?cmd=fillforms
IE: Open using &Advanced JPEG Compressor - c:\program files\Advanced JPEG Compressor\ajcieex.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
Trusted Zone: bankofamerica.com
Trusted Zone: commerceonline.com
Trusted Zone: ingdirect.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\office
Trusted Zone: turbotax.com
Trusted Zone: wamu.com
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D3E674A5-B19F-440B-B309-579EAB421B0D}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{E6C50908-72A7-4C6C-A37F-3E492BFA656B}: NameServer = 8.26.56.26,156.154.70.22
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-12-22 06:44; ascsurfingprotection@iobit.com; c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\ascsurfingprotection@iobit.com
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-26 14:56
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\LocalService\Software\AppDataLow\ISWVolatile]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-20\Software\Adobe\Adobe Acrobat]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-20\Software\AppDataLow\ISWVolatile]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3030420016-499448262-1378471451-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="BCECE7E716C1175A2F644315D2C45867A3A2F01E8CEFD3F29AABD610EDCD41DA727BB966A00550A46882D14E91FAC71CA9EEF7ADCF4135CF78C05480F459A6CF5CB5AC0920C482C2E780B24502E1DB4E06D26FC2F221684662323CB8A302F9345727416F53E890AB72AC158719B677EE8602DAF9444173E14FBA7FFC421080D022AD7BB198EEA38330ABAE96F1CBFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667C038D530D6EB3452BA7FD869164D679492F7C768EB2F42608545226C0F7421F2EA9E3C53B215F00A5878253A2698231A82F4290B313AEDE30DF9A02DE2DD51D1E817359202E135AC44394D11F9389219062BFA0A69D42E68DC70FE5E31EADF39E1655C3EA275F66841B4F93DAD981653FB1F533BB04B3AE237083E9D46D440F117643CD73197FD7C31E5DC4450AFEF1B0A06AE4A27DEF0DB9FD4C35A73C9065C0E25C4B3D0813BBA3BF80F7F746408DA144A6E35F0455172DC1ED9D70C6D6DE88F6CC5FAA565C18CC84F0B1DB013EC0EC70AD64FB4A602D57D60ABADE954D19E2833F629DA6346EB87FEB09E9F0DCA45121A10BE9E20CA4C4F484C49E888B798AA2573119D94A56869D1C2DA5F1478A4A87EA67FDDC2192FE7BC32686A09C2032A23B7D59E82DE2526C569F99261ECE301F38A5EA6147D6C9ED3349FD2473EA2024228F014AD1459B68A2F7B62A0C2D0D5E69001AF8C2D03105891578AA818CBCCCA89AF39870C51D90704AF76F23CC9A8FAF05B361A808B1DCA6B49FD87E1E96E3808B0C8F732EA1154BA3DFDEBBB443906C7B9F89CF42CE85FC5889F3350FA0A3C30EB0759151AA2408B9DAC124948921496BA3B692BA3DAFA8BF5E0EB3F10093BF527387BE7E6994C921F396311717BE140CFC549E7C2223C0ACA3E69AB5299CC2F01A5A1026AC3AD4DE1DCCEE2F187638F42E27A95EFAA70729231D4B7F8AC3F16E91E82DC5632CD9F5DD639B28B07BDADAAE22DBE23AC9CD9AB3B4B2AD37690C8A573C798EC3B4B52DA6BF81898914C2EF8998515EA9DF73ACCE1DFEA45F0784A4FF912F7057AF60F785EDB4F04829E82EF5E9EEE673AECEF7B2E1988C3D85C01D00CF4E08A4DD566A7FCA1394EF97485258D04C34D039B3D14AAEF35D7AF5BB6EC87F460FC5522CBAD94FD570DD9C6F20506B6AFE73D584746E9524822BAC39A38CD8FA36FF94915A5779854E6C93F694D2B2DF5146E2A9796FEA33953829B3F9AC3B2FC08E46C00FB7D0D7919B43DEF11E5CEF94164CB9C5C0439A732541B9951D442E48303E12AF2016DB8734AD1ED372078C3F530AE254215DBD39942AE05ECED14F5B0873218A0DFBBA4D97C442F7ACBFC824C2474E849D2CBA5F59F76C0D300736E72681B30ED7D70F5C5048E"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1164)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\KeyScramblerLogon.dll
c:\program files\Common Files\SPBA\homefus2.dll
c:\program files\Common Files\SPBA\infql2.dll
c:\program files\Common Files\SPBA\homepass.dll
c:\program files\Common Files\SPBA\bio.dll
c:\program files\Common Files\SPBA\qlbase.dll
c:\program files\Common Files\SPBA\vtapipql.dll
c:\windows\system32\cbfsNetRdr4.dll
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'lsass.exe'(1232)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(5832)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\program files\Emsisoft Anti-Malware\a2hooks32.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\AD MUNCHER\AM32-33707.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\WS2HELP.dll
c:\documents and settings\Jay\Application Data\Dropbox\bin\DropboxExt.17.dll
c:\windows\system32\cbfsMntNtf4.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\windows\system32\btmmhook.dll
c:\windows\system32\cbfsNetRdr4.dll
c:\windows\system32\netprovcredman.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
- - - - - - - > 'csrss.exe'(972)
c:\windows\system32\cmdcsr.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Intel\WiFi\bin\WLKeeper.exe
c:\program files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\eHome\ehSched.exe
c:\program files\Input Director\InputDirectorSessionHelper.exe
c:\program files\Java\jre1.7.0_09\bin\jqs.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ZeroVulnerabilityLabs\ExploitShield\ExploitShield.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\SIGMATEL\C-MAJOR AUDIO\WDM\STSYSTRA.EXE
c:\program files\ARSCLIP\ARSCLIP.EXE
c:\program files\LAUNCHY\LAUNCHY.EXE
c:\program files\ZENTIMO\ZENTIMO.EXE
c:\program files\AD MUNCHER\ADMUNCH.EXE
c:\program files\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
c:\program files\BASTA COMPUTING\HORAS\HORAS.EXE
c:\program files\SKYPE\PHONE\SKYPE.EXE
c:\program files\EVERNOTE\EVERNOTE\EVERNOTECLIPPER.EXE
c:\program files\DESKSWARE\POWER FAVORITES\BOOKMARK.EXE
c:\program files\NOTE MANIA\NOTEMANIA.EXE
c:\documents and settings\Jay\Desktop\DESKTOP\DESKTOP NOV 09\procexp.exe
.
**************************************************************************
.
Completion time: 2012-12-26 15:07:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-26 08:07
ComboFix2.txt 2012-12-24 18:56
.
Pre-Run: 205,725,171,712 bytes free
Post-Run: 205,825,667,072 bytes free
.
- - End Of File - - 2745995E92181EDAC3EA77EE2FAB9562

#14 Jayman007

Jayman007
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 26 December 2012 - 03:17 AM

I should add that I used to have the cmd console installed and working fine but when I migrated my HDD to a newer (larger) HDD I was never able to boot the cmd console again after that. I subsequently had removed it from my c: drive as well as the boot.ini menu. I would very much like to get it working again but I have tried to install it manually as well and I have no success getting it to boot. No idea why this new drive won't boot it (it's a hybrid drive if that makes a difference).

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:09 PM

Posted 26 December 2012 - 09:30 AM

Hi Jason,

Thanks for the effort. I feel better now knowing those files are not infected. Also the other registry entries we checked under the "RegNull" section of the Combofix fix were removed. In simple terms what that command does is sort of unpack the entries because they have strange characters, and then once that is done those entries are evaluated and deleted if necessary. It was necessary. :thumbup2:

When you say Command Console I am assuming you mean the same thing as the XP Recovery Console. There is a particular way to uninstall that. If not done properly you may very well experience complications in trying to resurrect it.

Please consider this tutorial and see if there are any additional steps we need to take.

Please let me know how this goes and what symptoms you are still experiencing. We still have a few programs to update once we determine your computer is clean and functioning properly.

Please do this as well.


===================================================


screen317's Security Check

--------------------

  • Please download screen317's Security Check to your desktop
  • Double-click Posted Image icon
  • Click OK
  • Select Run
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Status of Recovery Console
  • Security Check results

Edited by Oh My, 26 December 2012 - 09:33 AM.
Added Security Check

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users