Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Re-direct Virus (certain websites only) [Solved]


  • This topic is locked This topic is locked

#1
360nourishment

360nourishment

    Member

  • Member
  • PipPipPip
  • 127 posts
Hello,

It looks like I have a re-direct virus on my computer, however, the virus appears to only affect certain random websites.

I've ran Malawarebytes, an avast scan and super Anti-Spyware. All clean.
  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

Please follow the steps below:

Step 1

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
    Note: If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that. Please attach it here.

How to add an attachment to a new topic or reply

Step 2

Posted Image OTL Custom Scan

  • Download OTL to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    userinit.exe
    svchost.exe
    consrv.dll
    /md5stop
    %systemroot%\*. /mp /s
    %Temp%\smtmp\*.* /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:
  • aswMBR log and attached MBR.dat file
  • OTL scan log
  • Extras log

  • 0

#3
360nourishment

360nourishment

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Hello,

Here are the posts and attachments in the order requested.

MBR (post)

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-19 10:09:45
-----------------------------
10:09:45.250 OS Version: Windows 5.1.2600 Service Pack 3
10:09:45.250 Number of processors: 1 586 0xD08
10:09:45.250 ComputerName: TAHEERAH-5F0699 UserName: Taheerah
10:09:47.031 Initialize success
10:09:48.515 AVAST engine defs: 12071901
10:10:16.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:10:16.640 Disk 0 Vendor: TOSHIBA_MK4026GAX PA102D Size: 38154MB BusType: 3
10:10:16.656 Disk 0 MBR read successfully
10:10:16.656 Disk 0 MBR scan
10:10:16.656 Disk 0 Windows XP default MBR code
10:10:16.656 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 37173 MB offset 63
10:10:16.687 Disk 0 Partition 2 00 1C Hidd FAT32 LBA BOOTWIZ0 980 MB offset 76132035
10:10:16.703 Disk 0 scanning sectors +78140160
10:10:16.765 Disk 0 scanning C:\WINDOWS\system32\drivers
10:10:29.265 Service scanning
10:10:46.187 Modules scanning
10:10:53.296 Disk 0 trace - called modules:
10:10:53.328 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
10:10:53.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89e45ab8]
10:10:53.328 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89e42940]
10:10:53.984 AVAST engine scan C:\WINDOWS
10:11:00.718 AVAST engine scan C:\WINDOWS\system32
10:13:30.703 AVAST engine scan C:\WINDOWS\system32\drivers
10:13:44.484 AVAST engine scan C:\Documents and Settings\Taheerah
10:14:02.406 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Taheerah\Desktop\MBR.dat"
10:14:02.406 The log file has been saved successfully to "C:\Documents and Settings\Taheerah\Desktop\aswMBR.txt"


OTL


OTL.Txt

OTL logfile created on: 7/19/2012 10:28:20 AM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Taheerah\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 69.45% Memory free
3.84 Gb Paging File | 3.19 Gb Available in Paging File | 83.04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 36.30 Gb Total Space | 20.11 Gb Free Space | 55.39% Space Free | Partition Type: NTFS
Drive F: | 232.83 Gb Total Space | 199.11 Gb Free Space | 85.52% Space Free | Partition Type: FAT32

Computer Name: TAHEERAH-5F0699 | User Name: Taheerah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/19 10:17:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Taheerah\My Documents\Downloads\OTL(1).exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/02 16:11:19 | 003,905,408 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/19 07:51:28 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/07/19 07:51:28 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/07/19 03:06:41 | 001,784,320 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12071901\algo.dll
MOD - [2012/04/22 08:20:28 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/04/22 08:20:27 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/07/17 17:19:49 | 000,113,120 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/02 17:18:16 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2007/07/20 16:53:52 | 000,475,136 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2004/04/01 18:05:48 | 000,077,824 | ---- | M] (Broadcom Corp.) [Disabled | Stopped] -- C:\WINDOWS\system32\BAsfIpM.exe -- (BAsfIpM)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Taheerah\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/07/03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 12:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/07/03 12:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/07/03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 12:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2007/03/16 18:10:46 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/05/10 15:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/04/06 15:49:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2005/09/28 20:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 16:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1844237615-1292428093-1417001333-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1844237615-1292428093-1417001333-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1844237615-1292428093-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Twitter"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Taheerah\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Taheerah\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/03 15:42:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/17 17:19:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/07/18 15:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Taheerah\Application Data\Mozilla\Extensions
[2012/07/18 22:25:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Taheerah\Application Data\Mozilla\Firefox\Profiles\ebujv3ok.default\extensions
[2012/03/30 17:29:06 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\Taheerah\Application Data\Mozilla\Firefox\Profiles\ebujv3ok.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/07/02 17:31:16 | 000,000,000 | ---D | M] (adblockvideo) -- C:\Documents and Settings\Taheerah\Application Data\Mozilla\Firefox\Profiles\ebujv3ok.default\extensions\[email protected]
[2012/07/17 17:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/14 08:00:00 | 000,004,819 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\TAHEERAH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EBUJV3OK.DEFAULT\EXTENSIONS\[email protected]
[2012/07/03 15:42:06 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/04/04 20:30:44 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/07/17 17:19:51 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/29 01:17:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/29 01:17:37 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Taheerah\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Taheerah\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Taheerah\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Taheerah\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Documents and Settings\Taheerah\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1451_0\

O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-21-1844237615-1292428093-1417001333-1003..\Run: [AdobeBridge] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FileZilla FTP Client [2012/04/17 18:33:35 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1844237615-1292428093-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1844237615-1292428093-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Taheerah\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCC13FBB-8F09-44DB-8FDD-D82B38A3D983}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/17 22:09:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/12/07 14:35:32 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/19 10:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\Desktop\Give to Isabel
[2012/07/17 13:46:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\Desktop\Diabetes
[2012/07/15 12:28:46 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.3
[2012/07/15 12:26:53 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/07/15 12:26:52 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/07/15 12:26:52 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/07/15 12:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\Desktop\OpenOffice.org 3.3 (en-US) Installation Files
[2012/07/15 12:20:36 | 004,579,346 | ---- | C] (Swearware) -- C:\Documents and Settings\Taheerah\Desktop\ComboFix.exe
[2012/07/13 01:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/07/13 01:07:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\Application Data\PDAppFlex
[2012/07/13 00:52:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/07/13 00:49:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ALM
[2012/07/12 14:50:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\Adobe Illustrator CS6
[2012/07/12 14:48:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/07/12 14:47:55 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2012/07/12 14:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/07/10 17:31:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/07/10 17:29:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Taheerah\Start Menu\Programs\Administrative Tools
[2012/07/10 17:29:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/07/07 21:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\Alex Feinman
[2012/07/06 15:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\Local Settings\Application Data\Temp
[2012/07/06 15:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\Local Settings\Application Data\Adobe
[2012/07/06 15:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/07/06 15:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/07/06 15:05:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2012/07/06 10:31:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/07/04 16:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\My Documents\SemperDriverBackup
[2012/07/04 16:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\Application Data\Semper Software
[2012/07/04 16:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/07/04 16:42:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Semper Software
[2012/07/04 16:42:02 | 000,000,000 | ---D | C] -- C:\Program Files\Semper Software
[2012/07/04 16:41:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Taheerah\Local Settings\Application Data\WinZip
[2012/07/04 16:41:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2012/07/04 16:40:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/07/04 16:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012/07/02 23:59:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\sun
[2012/07/02 16:58:53 | 000,000,000 | ---D | C] -- C:\c202dc2c8db6c7d29a6e8f
[2012/07/02 16:39:47 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/07/02 16:39:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/07/02 16:39:46 | 000,353,688 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/07/02 16:39:42 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/07/02 16:39:41 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/07/02 16:39:40 | 000,721,000 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/07/02 16:39:37 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/07/02 16:39:37 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/07/02 16:39:36 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/07/02 16:38:16 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/07/02 16:38:15 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/07/02 16:37:29 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/07/02 16:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/07/02 16:17:56 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/19 10:19:37 | 000,013,987 | ---- | M] () -- C:\Documents and Settings\Taheerah\Desktop\Diabetes Meal Plan - backup.ods
[2012/07/19 10:19:26 | 000,015,183 | ---- | M] () -- C:\Documents and Settings\Taheerah\Desktop\Maintenance Meal Plan recipe.odt
[2012/07/19 10:19:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1292428093-1417001333-1003UA.job
[2012/07/19 10:14:02 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Taheerah\Desktop\MBR.dat
[2012/07/19 10:06:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/19 07:34:30 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/19 07:34:29 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/07/19 07:34:15 | 003,474,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/19 07:31:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/19 02:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-TAHEERAH-5F0699-Taheerah.job
[2012/07/18 20:19:01 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1292428093-1417001333-1003Core.job
[2012/07/17 17:05:03 | 000,090,322 | ---- | M] () -- C:\Documents and Settings\Taheerah\Desktop\Diabetes Main - backup.odt
[2012/07/17 12:53:54 | 000,040,895 | ---- | M] () -- C:\Documents and Settings\Taheerah\Desktop\Isabel Diabetes Sections 9-12 - backup.odt
[2012/07/16 04:23:28 | 000,796,449 | ---- | M] () -- C:\Documents and Settings\Taheerah\Desktop\bathroom3.zip
[2012/07/15 12:45:32 | 000,060,762 | ---- | M] () -- C:\Documents and Settings\Taheerah\My Documents\30 day recipes.odt
[2012/07/15 12:33:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/15 12:28:46 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk
[2012/07/15 12:20:51 | 004,579,346 | ---- | M] (Swearware) -- C:\Documents and Settings\Taheerah\Desktop\ComboFix.exe
[2012/07/13 00:49:38 | 000,001,231 | ---- | M] () -- C:\Documents and Settings\Taheerah\Desktop\Adobe Illustrator CS6.lnk
[2012/07/12 14:47:56 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Download Assistant.lnk
[2012/07/12 12:12:22 | 000,086,894 | ---- | M] () -- C:\Documents and Settings\Taheerah\Desktop\NAPOLI'S NEAPOLITAN BRICK OVEN PIZZA logo.ai
[2012/07/12 12:12:20 | 005,366,782 | ---- | M] () -- C:\Documents and Settings\Taheerah\Desktop\NAPOLI'S NEAPOLITAN BRICK OVEN PIZZA logo.eps
[2012/07/12 04:08:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/12 00:18:39 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\Taheerah\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/12 00:18:38 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\Taheerah\Desktop\Google Chrome.lnk
[2012/07/10 17:31:40 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/07/07 16:28:04 | 008,867,840 | ---- | M] () -- C:\Documents and Settings\Taheerah\Desktop\SeaToolsDOS223ALL.ISO
[2012/07/06 15:07:56 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/07/06 10:35:31 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/07/04 16:42:05 | 000,000,974 | ---- | M] () -- C:\Documents and Settings\Taheerah\Desktop\Semper Driver Backup.lnk
[2012/07/04 16:41:07 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2012/07/03 15:42:18 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/07/03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/07/03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/07/03 12:21:53 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/07/03 12:21:53 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/07/03 12:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/07/03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/07/03 12:21:52 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/07/03 12:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/07/03 12:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/07/03 05:18:51 | 000,093,665 | ---- | M] () -- C:\Documents and Settings\Taheerah\Desktop\Dell Bookmarks - 7-3-2012
[2012/07/02 18:48:59 | 000,493,182 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/02 18:48:59 | 000,083,664 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/02 17:18:13 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/07/02 17:18:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/07/02 16:39:47 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/19 10:14:02 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Taheerah\Desktop\MBR.dat
[2012/07/19 09:15:02 | 000,015,183 | ---- | C] () -- C:\Documents and Settings\Taheerah\Desktop\Maintenance Meal Plan recipe.odt
[2012/07/16 04:22:22 | 000,796,449 | ---- | C] () -- C:\Documents and Settings\Taheerah\Desktop\bathroom3.zip
[2012/07/15 12:28:46 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk
[2012/07/15 11:36:00 | 000,060,762 | ---- | C] () -- C:\Documents and Settings\Taheerah\My Documents\30 day recipes.odt
[2012/07/15 10:59:58 | 000,013,987 | ---- | C] () -- C:\Documents and Settings\Taheerah\Desktop\Diabetes Meal Plan - backup.ods
[2012/07/15 10:59:02 | 000,040,895 | ---- | C] () -- C:\Documents and Settings\Taheerah\Desktop\Isabel Diabetes Sections 9-12 - backup.odt
[2012/07/15 10:57:53 | 000,090,322 | ---- | C] () -- C:\Documents and Settings\Taheerah\Desktop\Diabetes Main - backup.odt
[2012/07/13 01:08:55 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-TAHEERAH-5F0699-Taheerah.job
[2012/07/13 00:49:38 | 000,001,231 | ---- | C] () -- C:\Documents and Settings\Taheerah\Desktop\Adobe Illustrator CS6.lnk
[2012/07/13 00:47:32 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS6.lnk
[2012/07/13 00:44:36 | 000,001,000 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2012/07/13 00:44:04 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012/07/13 00:42:31 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help.lnk
[2012/07/12 14:47:56 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Download Assistant.lnk
[2012/07/12 14:47:56 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Download Assistant.lnk
[2012/07/12 12:12:22 | 000,086,894 | ---- | C] () -- C:\Documents and Settings\Taheerah\Desktop\NAPOLI'S NEAPOLITAN BRICK OVEN PIZZA logo.ai
[2012/07/12 12:12:20 | 005,366,782 | ---- | C] () -- C:\Documents and Settings\Taheerah\Desktop\NAPOLI'S NEAPOLITAN BRICK OVEN PIZZA logo.eps
[2012/07/10 17:31:40 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/07/10 17:31:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/07/07 16:28:08 | 008,867,840 | ---- | C] () -- C:\Documents and Settings\Taheerah\Desktop\SeaToolsDOS223ALL.ISO
[2012/07/06 15:07:56 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/07/06 15:07:56 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/07/04 16:42:05 | 000,000,974 | ---- | C] () -- C:\Documents and Settings\Taheerah\Desktop\Semper Driver Backup.lnk
[2012/07/04 16:41:07 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2012/07/03 05:18:50 | 000,093,665 | ---- | C] () -- C:\Documents and Settings\Taheerah\Desktop\Dell Bookmarks - 7-3-2012
[2012/07/02 16:39:47 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/07/02 16:39:38 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/05/20 13:52:46 | 000,026,890 | ---- | C] () -- C:\Documents and Settings\Taheerah\.recently-used.xbel
[2012/04/10 15:11:39 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\Taheerah\g2mdlhlpx.exe
[2012/03/30 01:03:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012/03/26 21:23:06 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2012/03/26 21:23:06 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2012/03/26 21:23:06 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2012/03/26 21:23:06 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2012/03/26 21:23:06 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2012/03/26 21:23:06 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2012/03/26 21:23:06 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2012/03/26 21:23:06 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2012/03/26 21:23:06 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2012/03/26 21:23:06 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2012/03/26 21:23:06 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2012/03/26 21:23:06 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2012/03/26 21:23:06 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2012/03/26 21:23:06 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2012/03/26 21:23:06 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2012/03/26 21:23:06 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2012/03/26 10:00:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/07/23 04:17:54 | 000,080,138 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1844237615-1292428093-1417001333-1003-0.dat
[2011/07/23 04:17:53 | 000,080,138 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/07/23 04:17:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/23 01:49:29 | 000,000,115 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/07/18 15:02:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/07/18 14:45:39 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2011/07/18 14:45:37 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2011/07/18 14:45:37 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2011/07/18 13:28:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2011/07/18 13:17:29 | 000,000,283 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/07/17 22:12:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/07/17 22:05:53 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/07/17 17:48:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/07/17 17:47:32 | 003,474,504 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2012/07/02 16:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/07/18 14:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2012/03/26 21:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012/07/13 00:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/07/04 16:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/07/04 16:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/07/12 14:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/03/30 17:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\DVDVideoSoft
[2012/03/30 17:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\DVDVideoSoftIEHelpers
[2012/03/27 09:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\EPSON
[2012/07/18 15:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\FileZilla
[2012/04/02 15:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\Foxit Software
[2012/05/20 13:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\gtk-2.0
[2011/07/18 13:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\Infineon
[2012/03/26 11:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\OpenOffice.org
[2012/07/13 01:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\PDAppFlex
[2012/07/04 16:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\Semper Software
[2012/07/13 01:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Taheerah\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/07/19 07:34:29 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2008/04/11 08:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< %Temp%\smtmp\*.* /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/17 17:19:42 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/17 17:19:42 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/17 17:19:42 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/17 17:19:50 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/17 17:19:50 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/17 17:19:50 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Taheerah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Taheerah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Taheerah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Taheerah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/17 17:19:42 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/17 17:19:42 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/17 17:19:42 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/17 17:19:50 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/17 17:19:50 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/17 17:19:50 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Taheerah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Taheerah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Taheerah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Taheerah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDEBE8F6

< End of report >


Extras.txt

OTL Extras logfile created on: 7/19/2012 10:28:20 AM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Taheerah\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 69.45% Memory free
3.84 Gb Paging File | 3.19 Gb Available in Paging File | 83.04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 36.30 Gb Total Space | 20.11 Gb Free Space | 55.39% Space Free | Partition Type: NTFS
Drive F: | 232.83 Gb Total Space | 199.11 Gb Free Space | 85.52% Space Free | Partition Type: FAT32

Computer Name: TAHEERAH-5F0699 | User Name: Taheerah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1844237615-1292428093-1417001333-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe" = C:\Program Files\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe:*:Enabled:EpsonNet Setup -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Disabled:EEventManager Application -- (SEIKO EPSON CORPORATION)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = TIPCI
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{4869414E-7AEA-4C8E-BE1C-8D40977FD517}" = Adobe Illustrator CS6
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Advanced Control Suite 2
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D2}" = WinZip 16.5
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 610 Series" = EPSON WorkForce 610 Series Printer Uninstall
"FileZilla Client" = FileZilla Client 3.5.3
"Free YouTube Download_is1" = Free YouTube Download version 3.1.22.319
"Free YouTube Uploader_is1" = Free YouTube Uploader version 3.3.27.221
"ie8" = Windows Internet Explorer 8
"InstallShield_{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Advanced Control Suite 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Semper Driver Backup_is1" = Semper Driver Backup
"VLC media player" = VLC media player 2.0.1
"WinGimp-2.0_is1" = GIMP 2.6.11

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1844237615-1292428093-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 5.1.0.880

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/2/2012 5:00:35 PM | Computer Name = TAHEERAH-5F0699 | Source = MsiInstaller | ID = 11711
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1711.An
error occurred while writing installation information to disk. Check to make sure
enough disk space is available, and click Retry, or Cancel to end the install.

Error - 7/2/2012 5:00:35 PM | Computer Name = TAHEERAH-5F0699 | Source = MsiInstaller | ID = 11711
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1711.An
error occurred while writing installation information to disk. Check to make sure
enough disk space is available, and click Retry, or Cancel to end the install.

Error - 7/2/2012 5:00:35 PM | Computer Name = TAHEERAH-5F0699 | Source = MsiInstaller | ID = 11711
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1711.An
error occurred while writing installation information to disk. Check to make sure
enough disk space is available, and click Retry, or Cancel to end the install.

Error - 7/2/2012 5:00:35 PM | Computer Name = TAHEERAH-5F0699 | Source = MsiInstaller | ID = 11711
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1711.An
error occurred while writing installation information to disk. Check to make sure
enough disk space is available, and click Retry, or Cancel to end the install.

Error - 7/2/2012 5:00:35 PM | Computer Name = TAHEERAH-5F0699 | Source = MsiInstaller | ID = 11711
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1711.An
error occurred while writing installation information to disk. Check to make sure
enough disk space is available, and click Retry, or Cancel to end the install.

Error - 7/2/2012 5:00:35 PM | Computer Name = TAHEERAH-5F0699 | Source = MsiInstaller | ID = 11711
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1711.An
error occurred while writing installation information to disk. Check to make sure
enough disk space is available, and click Retry, or Cancel to end the install.

Error - 7/2/2012 5:00:35 PM | Computer Name = TAHEERAH-5F0699 | Source = MsiInstaller | ID = 11711
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1711.An
error occurred while writing installation information to disk. Check to make sure
enough disk space is available, and click Retry, or Cancel to end the install.

Error - 7/2/2012 5:00:35 PM | Computer Name = TAHEERAH-5F0699 | Source = MsiInstaller | ID = 11711
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1711.An
error occurred while writing installation information to disk. Check to make sure
enough disk space is available, and click Retry, or Cancel to end the install.

Error - 7/2/2012 5:00:35 PM | Computer Name = TAHEERAH-5F0699 | Source = MsiInstaller | ID = 11711
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1711.An
error occurred while writing installation information to disk. Check to make sure
enough disk space is available, and click Retry, or Cancel to end the install.

Error - 7/10/2012 12:39:30 AM | Computer Name = TAHEERAH-5F0699 | Source = Application Hang | ID = 1002
Description = Hanging application soffice.bin, version 3.4.9590.500, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 7/10/2012 1:11:20 AM | Computer Name = TAHEERAH-5F0699 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 7/14/2012 12:22:20 PM | Computer Name = TAHEERAH-5F0699 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avast! Antivirus service.

Error - 7/14/2012 12:22:50 PM | Computer Name = TAHEERAH-5F0699 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the wscsvc service.

Error - 7/18/2012 12:38:57 PM | Computer Name = TAHEERAH-5F0699 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 7/18/2012 12:39:06 PM | Computer Name = TAHEERAH-5F0699 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 7/18/2012 12:54:59 PM | Computer Name = TAHEERAH-5F0699 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 7/18/2012 2:08:38 PM | Computer Name = TAHEERAH-5F0699 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 7/18/2012 3:18:44 PM | Computer Name = TAHEERAH-5F0699 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 7/19/2012 7:56:44 AM | Computer Name = TAHEERAH-5F0699 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 7/19/2012 7:56:48 AM | Computer Name = TAHEERAH-5F0699 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.


< End of report >

Attached Files

  • Attached File  MBR.dat   512bytes   27 downloads

  • 0

#4
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • 0

#5
360nourishment

360nourishment

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Done
  • 0

#6
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Redirects are still present? If yes proceed with this:

Please download ComboFix from one of the following locations to your Desktop:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here.
  • Double click on ComboFix.exe and follow the prompts.
  • Accept the disclaimer and allow to update if it asks.

Posted Image

Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

  • 0

#7
360nourishment

360nourishment

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Hi

Combofix did not work for me. I've run this program in the past with no issues,but today, not so much. I allowed the program to "scan" for 3 hours - the blue screen just said that combofix was scanning my computer. I had no choice but to manually power down my computer as I don't have backup computer at present.

Hope I haven't f'ed up my computer badly by doing this, but as I said, I didn't have a choice.

Please advise.
  • 0

#8
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Redirects are still present?
  • 0

#9
360nourishment

360nourishment

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Yes, re-directs are still happening.
  • 0

#10
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please try to run this one:

  • Please download on the desktop RogueKiller (by tigzy).
  • Quit all programs.
  • Run RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan.
    Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop. We can also open it with the Report button.
  • Please copy content of report and post it in your next reply.

  • 0

Advertisements


#11
360nourishment

360nourishment

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
OK, I translated the page and ran Rogue Killer. Below is the log.

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Taheerah [Admin rights]
Mode: Scan -- Date: 07/22/2012 18:27:53

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[] HKLM\[...]\Windows : () -> ACCESS DENIED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK4026GAX +++++
--- User ---
[MBR] 08d77e731d082d8411b5fe4eae2dc557
[BSP] f0fe4d03274043a6b623bdf75d9f607b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 37173 Mo
1 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 76132035 | Size: 980 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Edited by 360nourishment, 22 July 2012 - 04:30 PM.

  • 0

#12
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK button.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".
Please copy and paste its contents on your next reply.
  • 0

#13
360nourishment

360nourishment

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Here is the log. The system didn't offer a cure option and I wasn't prompted to reboot.

20:04:32.0234 3704 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
20:04:32.0484 3704 ============================================================
20:04:32.0484 3704 Current date / time: 2012/07/22 20:04:32.0484
20:04:32.0484 3704 SystemInfo:
20:04:32.0484 3704
20:04:32.0484 3704 OS Version: 5.1.2600 ServicePack: 3.0
20:04:32.0484 3704 Product type: Workstation
20:04:32.0484 3704 ComputerName: TAHEERAH-5F0699
20:04:32.0484 3704 UserName: Taheerah
20:04:32.0484 3704 Windows directory: C:\WINDOWS
20:04:32.0484 3704 System windows directory: C:\WINDOWS
20:04:32.0484 3704 Processor architecture: Intel x86
20:04:32.0484 3704 Number of processors: 1
20:04:32.0484 3704 Page size: 0x1000
20:04:32.0484 3704 Boot type: Normal boot
20:04:32.0484 3704 ============================================================
20:04:34.0890 3704 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:04:34.0890 3704 ============================================================
20:04:34.0890 3704 \Device\Harddisk0\DR0:
20:04:34.0890 3704 MBR partitions:
20:04:34.0890 3704 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x489AE84
20:04:34.0890 3704 ============================================================
20:04:34.0968 3704 C: <-> \Device\Harddisk0\DR0\Partition0
20:04:34.0968 3704 ============================================================
20:04:34.0968 3704 Initialize success
20:04:34.0968 3704 ============================================================
20:05:23.0640 3784 ============================================================
20:05:23.0640 3784 Scan started
20:05:23.0640 3784 Mode: Manual; SigCheck; TDLFS;
20:05:23.0640 3784 ============================================================
20:05:23.0921 3784 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
20:05:24.0031 3784 !SASCORE - ok
20:05:24.0187 3784 Aavmker4 (0b27ae82c113d3687024d18459440426) C:\WINDOWS\system32\drivers\Aavmker4.sys
20:05:24.0234 3784 Aavmker4 - ok
20:05:24.0234 3784 Abiosdsk - ok
20:05:24.0250 3784 abp480n5 - ok
20:05:24.0312 3784 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:05:26.0875 3784 ACPI - ok
20:05:26.0906 3784 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:05:27.0062 3784 ACPIEC - ok
20:05:27.0171 3784 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:05:27.0187 3784 AdobeFlashPlayerUpdateSvc - ok
20:05:27.0203 3784 adpu160m - ok
20:05:27.0250 3784 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:05:27.0406 3784 aec - ok
20:05:27.0453 3784 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:05:27.0484 3784 AFD - ok
20:05:27.0500 3784 Aha154x - ok
20:05:27.0500 3784 aic78u2 - ok
20:05:27.0515 3784 aic78xx - ok
20:05:27.0546 3784 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:05:27.0703 3784 Alerter - ok
20:05:27.0734 3784 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:05:27.0812 3784 ALG - ok
20:05:27.0812 3784 AliIde - ok
20:05:27.0828 3784 amsint - ok
20:05:27.0859 3784 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
20:05:27.0906 3784 ApfiltrService - ok
20:05:27.0968 3784 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
20:05:27.0984 3784 APPDRV ( UnsignedFile.Multi.Generic ) - warning
20:05:27.0984 3784 APPDRV - detected UnsignedFile.Multi.Generic (1)
20:05:28.0031 3784 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
20:05:28.0140 3784 AppMgmt - ok
20:05:28.0140 3784 asc - ok
20:05:28.0140 3784 asc3350p - ok
20:05:28.0156 3784 asc3550 - ok
20:05:28.0265 3784 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:05:28.0312 3784 aspnet_state - ok
20:05:28.0343 3784 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\WINDOWS\system32\drivers\aswFsBlk.sys
20:05:28.0375 3784 aswFsBlk - ok
20:05:28.0390 3784 aswMon2 (9e912fe7b41650701ef2b227aca440f3) C:\WINDOWS\system32\drivers\aswMon2.sys
20:05:28.0421 3784 aswMon2 - ok
20:05:28.0453 3784 AswRdr (982e275d1c5801042fe94209fb0160fb) C:\WINDOWS\system32\drivers\AswRdr.sys
20:05:28.0468 3784 AswRdr - ok
20:05:28.0546 3784 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\WINDOWS\system32\drivers\aswSnx.sys
20:05:28.0609 3784 aswSnx - ok
20:05:28.0687 3784 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\WINDOWS\system32\drivers\aswSP.sys
20:05:28.0734 3784 aswSP - ok
20:05:28.0750 3784 aswTdi (7109a9aa551f37cd168c02368465957e) C:\WINDOWS\system32\drivers\aswTdi.sys
20:05:28.0781 3784 aswTdi - ok
20:05:28.0812 3784 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:05:29.0015 3784 AsyncMac - ok
20:05:29.0031 3784 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:05:29.0250 3784 atapi - ok
20:05:29.0265 3784 Atdisk - ok
20:05:29.0312 3784 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:05:29.0453 3784 Atmarpc - ok
20:05:29.0484 3784 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:05:29.0625 3784 AudioSrv - ok
20:05:29.0671 3784 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:05:29.0796 3784 audstub - ok
20:05:29.0937 3784 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:05:29.0953 3784 avast! Antivirus - ok
20:05:30.0000 3784 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:05:30.0046 3784 b57w2k - ok
20:05:30.0093 3784 BAsfIpM (bdd5538b859dbeb3ecaf09b3d027553a) C:\WINDOWS\system32\basfipm.exe
20:05:30.0125 3784 BAsfIpM ( UnsignedFile.Multi.Generic ) - warning
20:05:30.0125 3784 BAsfIpM - detected UnsignedFile.Multi.Generic (1)
20:05:30.0218 3784 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
20:05:30.0296 3784 BCM43XX - ok
20:05:30.0359 3784 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:05:30.0609 3784 Beep - ok
20:05:30.0671 3784 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:05:30.0890 3784 BITS - ok
20:05:30.0953 3784 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:05:31.0109 3784 Browser - ok
20:05:31.0125 3784 bvrp_pci - ok
20:05:31.0156 3784 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:05:31.0343 3784 cbidf2k - ok
20:05:31.0359 3784 cd20xrnt - ok
20:05:31.0359 3784 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:05:31.0531 3784 Cdaudio - ok
20:05:31.0578 3784 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:05:31.0703 3784 Cdfs - ok
20:05:31.0750 3784 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:05:31.0906 3784 Cdrom - ok
20:05:31.0906 3784 Changer - ok
20:05:31.0921 3784 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:05:32.0046 3784 CiSvc - ok
20:05:32.0062 3784 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:05:32.0203 3784 ClipSrv - ok
20:05:32.0359 3784 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:05:32.0390 3784 clr_optimization_v2.0.50727_32 - ok
20:05:32.0453 3784 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:05:32.0500 3784 clr_optimization_v4.0.30319_32 - ok
20:05:32.0531 3784 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:05:32.0656 3784 CmBatt - ok
20:05:32.0656 3784 CmdIde - ok
20:05:32.0671 3784 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:05:32.0796 3784 Compbatt - ok
20:05:32.0812 3784 COMSysApp - ok
20:05:32.0828 3784 Cpqarray - ok
20:05:32.0843 3784 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:05:33.0000 3784 CryptSvc - ok
20:05:33.0015 3784 dac2w2k - ok
20:05:33.0015 3784 dac960nt - ok
20:05:33.0078 3784 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:05:33.0171 3784 DcomLaunch - ok
20:05:33.0187 3784 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:05:33.0312 3784 Dhcp - ok
20:05:33.0328 3784 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:05:33.0453 3784 Disk - ok
20:05:33.0468 3784 dmadmin - ok
20:05:33.0531 3784 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:05:33.0734 3784 dmboot - ok
20:05:33.0765 3784 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:05:33.0937 3784 dmio - ok
20:05:33.0984 3784 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:05:34.0156 3784 dmload - ok
20:05:34.0187 3784 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:05:34.0359 3784 dmserver - ok
20:05:34.0406 3784 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:05:34.0578 3784 DMusic - ok
20:05:34.0625 3784 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:05:34.0656 3784 Dnscache - ok
20:05:34.0687 3784 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:05:34.0875 3784 Dot3svc - ok
20:05:34.0890 3784 dpti2o - ok
20:05:34.0906 3784 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:05:35.0062 3784 drmkaud - ok
20:05:35.0125 3784 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys
20:05:35.0140 3784 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
20:05:35.0140 3784 drvmcdb - detected UnsignedFile.Multi.Generic (1)
20:05:35.0156 3784 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys
20:05:35.0156 3784 drvnddm ( UnsignedFile.Multi.Generic ) - warning
20:05:35.0156 3784 drvnddm - detected UnsignedFile.Multi.Generic (1)
20:05:35.0187 3784 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:05:35.0375 3784 EapHost - ok
20:05:35.0531 3784 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
20:05:35.0531 3784 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
20:05:35.0546 3784 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
20:05:35.0562 3784 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:05:35.0765 3784 ERSvc - ok
20:05:35.0828 3784 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:05:35.0875 3784 Eventlog - ok
20:05:35.0921 3784 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
20:05:35.0968 3784 EventSystem - ok
20:05:36.0015 3784 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:05:36.0218 3784 Fastfat - ok
20:05:36.0281 3784 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:05:36.0359 3784 FastUserSwitchingCompatibility - ok
20:05:36.0390 3784 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:05:36.0515 3784 Fdc - ok
20:05:36.0531 3784 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:05:36.0656 3784 Fips - ok
20:05:36.0656 3784 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:05:36.0781 3784 Flpydisk - ok
20:05:36.0828 3784 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:05:36.0968 3784 FltMgr - ok
20:05:37.0109 3784 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:05:37.0125 3784 FontCache3.0.0.0 - ok
20:05:37.0156 3784 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:05:37.0296 3784 Fs_Rec - ok
20:05:37.0312 3784 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:05:37.0437 3784 Ftdisk - ok
20:05:37.0468 3784 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:05:37.0656 3784 Gpc - ok
20:05:37.0718 3784 GTIPCI21 (ca835331825599b938e37525796d3549) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
20:05:37.0765 3784 GTIPCI21 - ok
20:05:37.0796 3784 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:05:37.0984 3784 helpsvc - ok
20:05:37.0984 3784 HidServ - ok
20:05:38.0015 3784 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:05:38.0218 3784 hkmsvc - ok
20:05:38.0234 3784 hpn - ok
20:05:38.0296 3784 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
20:05:38.0328 3784 HSFHWICH - ok
20:05:38.0437 3784 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
20:05:38.0484 3784 HSF_DPV - ok
20:05:38.0562 3784 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:05:38.0593 3784 HTTP - ok
20:05:38.0640 3784 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:05:38.0812 3784 HTTPFilter - ok
20:05:38.0828 3784 i2omgmt - ok
20:05:38.0828 3784 i2omp - ok
20:05:38.0875 3784 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:05:39.0093 3784 i8042prt - ok
20:05:39.0203 3784 ialm (643162fbc619e35d3f1a90a095a5bb42) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:05:39.0265 3784 ialm - ok
20:05:39.0468 3784 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:05:39.0546 3784 idsvc - ok
20:05:39.0640 3784 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:05:39.0937 3784 Imapi - ok
20:05:40.0281 3784 Imapi Helper (1acad13923e467e473c3ec503223f983) C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
20:05:40.0296 3784 Imapi Helper ( UnsignedFile.Multi.Generic ) - warning
20:05:40.0296 3784 Imapi Helper - detected UnsignedFile.Multi.Generic (1)
20:05:40.0359 3784 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:05:40.0484 3784 ImapiService - ok
20:05:40.0500 3784 ini910u - ok
20:05:40.0546 3784 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:05:40.0812 3784 IntelIde - ok
20:05:40.0859 3784 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:05:41.0015 3784 intelppm - ok
20:05:41.0031 3784 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:05:41.0187 3784 Ip6Fw - ok
20:05:41.0218 3784 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:05:41.0375 3784 IpFilterDriver - ok
20:05:41.0375 3784 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:05:41.0515 3784 IpInIp - ok
20:05:41.0546 3784 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:05:41.0718 3784 IpNat - ok
20:05:41.0750 3784 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:05:41.0890 3784 IPSec - ok
20:05:41.0921 3784 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:05:41.0984 3784 IRENUM - ok
20:05:42.0031 3784 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:05:42.0203 3784 isapnp - ok
20:05:42.0265 3784 JavaQuickStarterService (4f2143570d2250ca4c4a4c98553c82cd) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
20:05:42.0281 3784 JavaQuickStarterService - ok
20:05:42.0312 3784 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:05:42.0453 3784 Kbdclass - ok
20:05:42.0500 3784 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:05:42.0640 3784 kmixer - ok
20:05:42.0703 3784 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:05:42.0718 3784 KSecDD - ok
20:05:42.0765 3784 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:05:42.0828 3784 LanmanServer - ok
20:05:42.0890 3784 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:05:42.0953 3784 lanmanworkstation - ok
20:05:42.0968 3784 lbrtfdc - ok
20:05:43.0046 3784 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:05:43.0203 3784 LmHosts - ok
20:05:43.0234 3784 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
20:05:43.0250 3784 MBAMProtector - ok
20:05:43.0343 3784 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:05:43.0406 3784 MBAMService - ok
20:05:43.0453 3784 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:05:43.0484 3784 mdmxsdk - ok
20:05:43.0531 3784 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:05:43.0765 3784 Messenger - ok
20:05:43.0796 3784 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:05:44.0015 3784 mnmdd - ok
20:05:44.0046 3784 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
20:05:44.0234 3784 mnmsrvc - ok
20:05:44.0281 3784 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:05:44.0421 3784 Modem - ok
20:05:44.0453 3784 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:05:44.0593 3784 Mouclass - ok
20:05:44.0609 3784 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:05:44.0734 3784 MountMgr - ok
20:05:44.0796 3784 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:05:44.0812 3784 MozillaMaintenance - ok
20:05:44.0828 3784 mraid35x - ok
20:05:44.0843 3784 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:05:44.0953 3784 MRxDAV - ok
20:05:45.0046 3784 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:05:45.0078 3784 MRxSmb - ok
20:05:45.0093 3784 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
20:05:45.0250 3784 MSDTC - ok
20:05:45.0265 3784 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:05:45.0421 3784 Msfs - ok
20:05:45.0421 3784 MSIServer - ok
20:05:45.0468 3784 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:05:45.0609 3784 MSKSSRV - ok
20:05:45.0640 3784 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:05:45.0781 3784 MSPCLOCK - ok
20:05:45.0812 3784 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:05:45.0968 3784 MSPQM - ok
20:05:46.0000 3784 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:05:46.0140 3784 mssmbios - ok
20:05:46.0187 3784 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:05:46.0203 3784 Mup - ok
20:05:46.0234 3784 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:05:46.0421 3784 napagent - ok
20:05:46.0453 3784 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:05:46.0609 3784 NDIS - ok
20:05:46.0640 3784 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:05:46.0687 3784 NdisTapi - ok
20:05:46.0734 3784 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:05:46.0890 3784 Ndisuio - ok
20:05:46.0937 3784 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:05:47.0109 3784 NdisWan - ok
20:05:47.0156 3784 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:05:47.0171 3784 NDProxy - ok
20:05:47.0203 3784 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:05:47.0359 3784 NetBIOS - ok
20:05:47.0406 3784 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:05:47.0578 3784 NetBT - ok
20:05:47.0625 3784 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:05:47.0812 3784 NetDDE - ok
20:05:47.0828 3784 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:05:47.0984 3784 NetDDEdsdm - ok
20:05:48.0015 3784 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:05:48.0203 3784 Netlogon - ok
20:05:48.0234 3784 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:05:48.0390 3784 Netman - ok
20:05:48.0578 3784 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:05:48.0593 3784 NetTcpPortSharing - ok
20:05:48.0781 3784 NICCONFIGSVC (c82dcfcc00c10b91346abb953ff79ee8) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
20:05:48.0859 3784 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - warning
20:05:48.0859 3784 NICCONFIGSVC - detected UnsignedFile.Multi.Generic (1)
20:05:48.0921 3784 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:05:48.0968 3784 Nla - ok
20:05:48.0984 3784 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:05:49.0250 3784 Npfs - ok
20:05:49.0296 3784 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:05:49.0421 3784 Ntfs - ok
20:05:49.0437 3784 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:05:49.0562 3784 NtLmSsp - ok
20:05:49.0609 3784 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:05:49.0765 3784 NtmsSvc - ok
20:05:49.0796 3784 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:05:49.0953 3784 Null - ok
20:05:50.0000 3784 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:05:50.0156 3784 NwlnkFlt - ok
20:05:50.0187 3784 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:05:50.0343 3784 NwlnkFwd - ok
20:05:50.0437 3784 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:05:50.0468 3784 ose - ok
20:05:50.0796 3784 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:05:51.0046 3784 osppsvc - ok
20:05:51.0265 3784 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:05:51.0531 3784 Parport - ok
20:05:51.0546 3784 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:05:51.0687 3784 PartMgr - ok
20:05:51.0750 3784 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:05:51.0890 3784 ParVdm - ok
20:05:51.0921 3784 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:05:52.0078 3784 PCI - ok
20:05:52.0078 3784 PCIDump - ok
20:05:52.0093 3784 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
20:05:52.0203 3784 PCIIde - ok
20:05:52.0265 3784 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:05:52.0375 3784 Pcmcia - ok
20:05:52.0390 3784 PDCOMP - ok
20:05:52.0390 3784 PDFRAME - ok
20:05:52.0406 3784 PDRELI - ok
20:05:52.0406 3784 PDRFRAME - ok
20:05:52.0421 3784 perc2 - ok
20:05:52.0421 3784 perc2hib - ok
20:05:52.0500 3784 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\ComboFix\pev.3XE
20:05:52.0515 3784 PEVSystemStart ( UnsignedFile.Multi.Generic ) - warning
20:05:52.0515 3784 PEVSystemStart - detected UnsignedFile.Multi.Generic (1)
20:05:52.0578 3784 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:05:52.0593 3784 PlugPlay - ok
20:05:52.0625 3784 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:05:52.0750 3784 PolicyAgent - ok
20:05:52.0781 3784 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:05:52.0906 3784 PptpMiniport - ok
20:05:52.0906 3784 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:05:53.0031 3784 ProtectedStorage - ok
20:05:53.0062 3784 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:05:53.0203 3784 PSched - ok
20:05:53.0218 3784 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:05:53.0343 3784 Ptilink - ok
20:05:53.0343 3784 ql1080 - ok
20:05:53.0359 3784 Ql10wnt - ok
20:05:53.0359 3784 ql12160 - ok
20:05:53.0375 3784 ql1240 - ok
20:05:53.0375 3784 ql1280 - ok
20:05:53.0390 3784 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:05:53.0500 3784 RasAcd - ok
20:05:53.0546 3784 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:05:53.0671 3784 RasAuto - ok
20:05:53.0718 3784 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:05:53.0843 3784 Rasl2tp - ok
20:05:53.0890 3784 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:05:54.0015 3784 RasMan - ok
20:05:54.0046 3784 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:05:54.0171 3784 RasPppoe - ok
20:05:54.0187 3784 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:05:54.0312 3784 Raspti - ok
20:05:54.0453 3784 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:05:54.0578 3784 Rdbss - ok
20:05:54.0609 3784 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:05:54.0718 3784 RDPCDD - ok
20:05:54.0796 3784 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:05:54.0921 3784 rdpdr - ok
20:05:55.0031 3784 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
20:05:55.0062 3784 RDPWD - ok
20:05:55.0125 3784 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:05:55.0312 3784 RDSessMgr - ok
20:05:55.0359 3784 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:05:55.0531 3784 redbook - ok
20:05:55.0578 3784 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:05:55.0796 3784 RemoteAccess - ok
20:05:55.0859 3784 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
20:05:56.0093 3784 RemoteRegistry - ok
20:05:56.0125 3784 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
20:05:56.0328 3784 RpcLocator - ok
20:05:56.0390 3784 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:05:56.0421 3784 RpcSs - ok
20:05:56.0468 3784 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:05:56.0593 3784 RSVP - ok
20:05:56.0609 3784 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:05:56.0734 3784 SamSs - ok
20:05:56.0843 3784 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:05:56.0859 3784 SASDIFSV - ok
20:05:56.0875 3784 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:05:56.0890 3784 SASKUTIL - ok
20:05:56.0984 3784 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:05:57.0125 3784 SCardSvr - ok
20:05:57.0171 3784 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:05:57.0328 3784 Schedule - ok
20:05:57.0343 3784 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:05:57.0421 3784 Secdrv - ok
20:05:57.0421 3784 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:05:57.0593 3784 seclogon - ok
20:05:57.0609 3784 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:05:57.0765 3784 SENS - ok
20:05:57.0828 3784 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:05:57.0953 3784 serenum - ok
20:05:58.0015 3784 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:05:58.0140 3784 Serial - ok
20:05:58.0187 3784 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:05:58.0296 3784 Sfloppy - ok
20:05:58.0343 3784 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:05:58.0515 3784 SharedAccess - ok
20:05:58.0578 3784 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:05:58.0609 3784 ShellHWDetection - ok
20:05:58.0625 3784 Simbad - ok
20:05:58.0640 3784 Sparrow - ok
20:05:58.0703 3784 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:05:58.0812 3784 splitter - ok
20:05:58.0859 3784 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:05:58.0875 3784 Spooler - ok
20:05:58.0921 3784 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:05:58.0984 3784 sr - ok
20:05:59.0078 3784 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:05:59.0156 3784 srservice - ok
20:05:59.0203 3784 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:05:59.0281 3784 Srv - ok
20:05:59.0296 3784 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys
20:05:59.0312 3784 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
20:05:59.0312 3784 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
20:05:59.0359 3784 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:05:59.0453 3784 SSDPSRV - ok
20:05:59.0468 3784 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys
20:05:59.0500 3784 ssrtln ( UnsignedFile.Multi.Generic ) - warning
20:05:59.0500 3784 ssrtln - detected UnsignedFile.Multi.Generic (1)
20:05:59.0531 3784 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
20:05:59.0562 3784 STAC97 - ok
20:05:59.0593 3784 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:05:59.0875 3784 stisvc - ok
20:05:59.0921 3784 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:06:00.0109 3784 swenum - ok
20:06:00.0171 3784 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:06:00.0312 3784 swmidi - ok
20:06:00.0328 3784 SwPrv - ok
20:06:00.0328 3784 symc810 - ok
20:06:00.0343 3784 symc8xx - ok
20:06:00.0343 3784 sym_hi - ok
20:06:00.0359 3784 sym_u3 - ok
20:06:00.0390 3784 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:06:00.0562 3784 sysaudio - ok
20:06:00.0593 3784 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:06:00.0765 3784 SysmonLog - ok
20:06:00.0796 3784 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:06:00.0921 3784 TapiSrv - ok
20:06:01.0046 3784 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:06:01.0078 3784 Tcpip - ok
20:06:01.0125 3784 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:06:01.0281 3784 TDPIPE - ok
20:06:01.0296 3784 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:06:01.0437 3784 TDTCP - ok
20:06:01.0484 3784 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:06:01.0640 3784 TermDD - ok
20:06:01.0671 3784 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:06:01.0875 3784 TermService - ok
20:06:01.0953 3784 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys
20:06:02.0015 3784 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
20:06:02.0031 3784 tfsnboio - detected UnsignedFile.Multi.Generic (1)
20:06:02.0062 3784 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys
20:06:02.0078 3784 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
20:06:02.0078 3784 tfsncofs - detected UnsignedFile.Multi.Generic (1)
20:06:02.0078 3784 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys
20:06:02.0093 3784 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
20:06:02.0093 3784 tfsndrct - detected UnsignedFile.Multi.Generic (1)
20:06:02.0109 3784 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys
20:06:02.0140 3784 tfsndres ( UnsignedFile.Multi.Generic ) - warning
20:06:02.0140 3784 tfsndres - detected UnsignedFile.Multi.Generic (1)
20:06:02.0140 3784 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys
20:06:02.0156 3784 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
20:06:02.0156 3784 tfsnifs - detected UnsignedFile.Multi.Generic (1)
20:06:02.0171 3784 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys
20:06:02.0171 3784 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
20:06:02.0171 3784 tfsnopio - detected UnsignedFile.Multi.Generic (1)
20:06:02.0187 3784 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys
20:06:02.0203 3784 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
20:06:02.0203 3784 tfsnpool - detected UnsignedFile.Multi.Generic (1)
20:06:02.0218 3784 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys
20:06:02.0218 3784 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
20:06:02.0218 3784 tfsnudf - detected UnsignedFile.Multi.Generic (1)
20:06:02.0234 3784 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys
20:06:02.0250 3784 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
20:06:02.0250 3784 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
20:06:02.0312 3784 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:06:02.0343 3784 Themes - ok
20:06:02.0375 3784 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
20:06:02.0484 3784 TlntSvr - ok
20:06:02.0484 3784 TosIde - ok
20:06:02.0625 3784 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:06:02.0859 3784 TrkWks - ok
20:06:02.0890 3784 TrueSight (b3c9c35dc93563b8d19ad414edf2fc82) c:\windows\system32\drivers\TrueSight.sys
20:06:02.0890 3784 TrueSight ( UnsignedFile.Multi.Generic ) - warning
20:06:02.0890 3784 TrueSight - detected UnsignedFile.Multi.Generic (1)
20:06:02.0937 3784 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:06:03.0046 3784 Udfs - ok
20:06:03.0062 3784 UIUSys - ok
20:06:03.0062 3784 ultra - ok
20:06:03.0125 3784 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:06:03.0250 3784 Update - ok
20:06:03.0281 3784 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:06:03.0359 3784 upnphost - ok
20:06:03.0375 3784 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:06:03.0531 3784 UPS - ok
20:06:03.0625 3784 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:06:03.0734 3784 usbehci - ok
20:06:03.0765 3784 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:06:03.0906 3784 usbhub - ok
20:06:04.0015 3784 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:06:04.0140 3784 USBSTOR - ok
20:06:04.0156 3784 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:06:04.0281 3784 usbuhci - ok
20:06:04.0343 3784 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:06:04.0484 3784 VgaSave - ok
20:06:04.0500 3784 ViaIde - ok
20:06:04.0515 3784 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:06:04.0656 3784 VolSnap - ok
20:06:04.0703 3784 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:06:04.0765 3784 VSS - ok
20:06:04.0796 3784 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:06:04.0953 3784 W32Time - ok
20:06:05.0015 3784 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:06:05.0140 3784 Wanarp - ok
20:06:05.0156 3784 WDICA - ok
20:06:05.0203 3784 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:06:05.0343 3784 wdmaud - ok
20:06:05.0375 3784 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:06:05.0765 3784 WebClient - ok
20:06:05.0843 3784 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:06:05.0875 3784 winachsf - ok
20:06:06.0062 3784 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:06:06.0281 3784 winmgmt - ok
20:06:06.0296 3784 wltrysvc - ok
20:06:06.0359 3784 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
20:06:06.0609 3784 WmdmPmSN - ok
20:06:06.0687 3784 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
20:06:06.0765 3784 Wmi - ok
20:06:06.0828 3784 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:06:06.0953 3784 WmiApSrv - ok
20:06:07.0140 3784 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:06:07.0281 3784 WPFFontCache_v0400 - ok
20:06:07.0375 3784 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:06:07.0578 3784 WS2IFSL - ok
20:06:07.0609 3784 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:06:07.0843 3784 wscsvc - ok
20:06:07.0890 3784 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:06:08.0093 3784 wuauserv - ok
20:06:08.0156 3784 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:06:08.0296 3784 WZCSVC - ok
20:06:08.0312 3784 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:06:08.0453 3784 xmlprov - ok
20:06:08.0468 3784 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:06:09.0000 3784 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:06:09.0000 3784 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:06:09.0000 3784 Boot (0x1200) (2794f5d5fb9710201176a26c1a5902b4) \Device\Harddisk0\DR0\Partition0
20:06:09.0000 3784 \Device\Harddisk0\DR0\Partition0 - ok
20:06:09.0000 3784 ============================================================
20:06:09.0000 3784 Scan finished
20:06:09.0000 3784 ============================================================
20:06:09.0125 3204 Detected object count: 21
20:06:09.0125 3204 Actual detected object count: 21
20:06:36.0312 3204 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:36.0312 3204 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:36.0312 3204 BAsfIpM ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:36.0312 3204 BAsfIpM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:36.0312 3204 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:36.0312 3204 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:36.0328 3204 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:36.0328 3204 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:36.0328 3204 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:36.0328 3204 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:36.0328 3204 Imapi Helper ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:36.0328 3204 Imapi Helper ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:36.0328 3204 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:36.0328 3204 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:36.0343 3204 PEVSystemStart ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:36.0343 3204 PEVSystemStart ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:36.0343 3204 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:36.0343 3204 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:36.0343 3204 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:36.0343 3204 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:36.0343 3204 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:36.0343 3204 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:36.0343 3204 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:36.0343 3204 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:36.0359 3204 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:36.0359 3204 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:36.0359 3204 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:36.0359 3204 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:36.0359 3204 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:36.0359 3204 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:36.0359 3204 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:36.0359 3204 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:36.0359 3204 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:36.0359 3204 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:36.0375 3204 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:36.0375 3204 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:36.0375 3204 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:36.0375 3204 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:36.0375 3204 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:36.0375 3204 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:06:36.0375 3204 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:06:36.0375 3204 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
20:09:00.0296 3712 ============================================================
20:09:00.0296 3712 Scan started
20:09:00.0296 3712 Mode: Manual; SigCheck; TDLFS;
20:09:00.0296 3712 ============================================================
20:09:00.0593 3712 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
20:09:00.0625 3712 !SASCORE - ok
20:09:00.0687 3712 Aavmker4 (0b27ae82c113d3687024d18459440426) C:\WINDOWS\system32\drivers\Aavmker4.sys
20:09:00.0703 3712 Aavmker4 - ok
20:09:00.0718 3712 Abiosdsk - ok
20:09:00.0718 3712 abp480n5 - ok
20:09:00.0781 3712 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:09:01.0218 3712 ACPI - ok
20:09:01.0281 3712 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:09:01.0421 3712 ACPIEC - ok
20:09:01.0531 3712 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:09:01.0546 3712 AdobeFlashPlayerUpdateSvc - ok
20:09:01.0562 3712 adpu160m - ok
20:09:01.0609 3712 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:09:01.0765 3712 aec - ok
20:09:01.0812 3712 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:09:01.0843 3712 AFD - ok
20:09:01.0843 3712 Aha154x - ok
20:09:01.0859 3712 aic78u2 - ok
20:09:01.0859 3712 aic78xx - ok
20:09:01.0906 3712 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:09:02.0062 3712 Alerter - ok
20:09:02.0093 3712 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:09:02.0187 3712 ALG - ok
20:09:02.0187 3712 AliIde - ok
20:09:02.0203 3712 amsint - ok
20:09:02.0250 3712 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
20:09:02.0296 3712 ApfiltrService - ok
20:09:02.0375 3712 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
20:09:02.0406 3712 APPDRV ( UnsignedFile.Multi.Generic ) - warning
20:09:02.0406 3712 APPDRV - detected UnsignedFile.Multi.Generic (1)
20:09:02.0437 3712 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
20:09:02.0515 3712 AppMgmt - ok
20:09:02.0531 3712 asc - ok
20:09:02.0531 3712 asc3350p - ok
20:09:02.0546 3712 asc3550 - ok
20:09:02.0640 3712 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:09:02.0671 3712 aspnet_state - ok
20:09:02.0718 3712 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\WINDOWS\system32\drivers\aswFsBlk.sys
20:09:02.0750 3712 aswFsBlk - ok
20:09:02.0765 3712 aswMon2 (9e912fe7b41650701ef2b227aca440f3) C:\WINDOWS\system32\drivers\aswMon2.sys
20:09:02.0796 3712 aswMon2 - ok
20:09:02.0828 3712 AswRdr (982e275d1c5801042fe94209fb0160fb) C:\WINDOWS\system32\drivers\AswRdr.sys
20:09:02.0859 3712 AswRdr - ok
20:09:02.0953 3712 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\WINDOWS\system32\drivers\aswSnx.sys
20:09:03.0015 3712 aswSnx - ok
20:09:03.0078 3712 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\WINDOWS\system32\drivers\aswSP.sys
20:09:03.0125 3712 aswSP - ok
20:09:03.0156 3712 aswTdi (7109a9aa551f37cd168c02368465957e) C:\WINDOWS\system32\drivers\aswTdi.sys
20:09:03.0187 3712 aswTdi - ok
20:09:03.0218 3712 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:09:03.0421 3712 AsyncMac - ok
20:09:03.0437 3712 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:09:03.0593 3712 atapi - ok
20:09:03.0609 3712 Atdisk - ok
20:09:03.0640 3712 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:09:03.0781 3712 Atmarpc - ok
20:09:03.0812 3712 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:09:03.0953 3712 AudioSrv - ok
20:09:04.0000 3712 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:09:04.0125 3712 audstub - ok
20:09:04.0250 3712 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:09:04.0265 3712 avast! Antivirus - ok
20:09:04.0328 3712 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:09:04.0375 3712 b57w2k - ok
20:09:04.0421 3712 BAsfIpM (bdd5538b859dbeb3ecaf09b3d027553a) C:\WINDOWS\system32\basfipm.exe
20:09:04.0453 3712 BAsfIpM ( UnsignedFile.Multi.Generic ) - warning
20:09:04.0453 3712 BAsfIpM - detected UnsignedFile.Multi.Generic (1)
20:09:04.0546 3712 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
20:09:04.0625 3712 BCM43XX - ok
20:09:04.0687 3712 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:09:04.0953 3712 Beep - ok
20:09:05.0015 3712 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:09:05.0203 3712 BITS - ok
20:09:05.0265 3712 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:09:05.0406 3712 Browser - ok
20:09:05.0421 3712 bvrp_pci - ok
20:09:05.0437 3712 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:09:05.0578 3712 cbidf2k - ok
20:09:05.0593 3712 cd20xrnt - ok
20:09:05.0593 3712 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:09:05.0750 3712 Cdaudio - ok
20:09:05.0812 3712 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:09:05.0921 3712 Cdfs - ok
20:09:05.0984 3712 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:09:06.0125 3712 Cdrom - ok
20:09:06.0140 3712 Changer - ok
20:09:06.0140 3712 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:09:06.0265 3712 CiSvc - ok
20:09:06.0265 3712 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:09:06.0406 3712 ClipSrv - ok
20:09:06.0531 3712 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:09:06.0562 3712 clr_optimization_v2.0.50727_32 - ok
20:09:06.0625 3712 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:09:06.0656 3712 clr_optimization_v4.0.30319_32 - ok
20:09:06.0687 3712 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:09:06.0796 3712 CmBatt - ok
20:09:06.0796 3712 CmdIde - ok
20:09:06.0812 3712 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:09:06.0968 3712 Compbatt - ok
20:09:06.0968 3712 COMSysApp - ok
20:09:06.0984 3712 Cpqarray - ok
20:09:07.0015 3712 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:09:07.0203 3712 CryptSvc - ok
20:09:07.0218 3712 dac2w2k - ok
20:09:07.0218 3712 dac960nt - ok
20:09:07.0343 3712 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:09:07.0437 3712 DcomLaunch - ok
20:09:07.0453 3712 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:09:07.0609 3712 Dhcp - ok
20:09:07.0625 3712 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:09:07.0796 3712 Disk - ok
20:09:07.0812 3712 dmadmin - ok
20:09:07.0890 3712 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:09:08.0125 3712 dmboot - ok
20:09:08.0171 3712 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:09:08.0406 3712 dmio - ok
20:09:08.0437 3712 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:09:08.0640 3712 dmload - ok
20:09:08.0718 3712 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:09:08.0937 3712 dmserver - ok
20:09:08.0984 3712 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:09:09.0140 3712 DMusic - ok
20:09:09.0187 3712 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:09:09.0203 3712 Dnscache - ok
20:09:09.0250 3712 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:09:09.0390 3712 Dot3svc - ok
20:09:09.0390 3712 dpti2o - ok
20:09:09.0406 3712 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:09:09.0515 3712 drmkaud - ok
20:09:09.0562 3712 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys
20:09:09.0578 3712 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
20:09:09.0578 3712 drvmcdb - detected UnsignedFile.Multi.Generic (1)
20:09:09.0593 3712 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys
20:09:09.0593 3712 drvnddm ( UnsignedFile.Multi.Generic ) - warning
20:09:09.0593 3712 drvnddm - detected UnsignedFile.Multi.Generic (1)
20:09:09.0625 3712 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:09:09.0812 3712 EapHost - ok
20:09:09.0984 3712 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
20:09:09.0984 3712 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
20:09:09.0984 3712 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
20:09:10.0015 3712 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:09:10.0171 3712 ERSvc - ok
20:09:10.0234 3712 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:09:10.0250 3712 Eventlog - ok
20:09:10.0312 3712 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
20:09:10.0343 3712 EventSystem - ok
20:09:10.0421 3712 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:09:10.0625 3712 Fastfat - ok
20:09:10.0687 3712 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:09:10.0734 3712 FastUserSwitchingCompatibility - ok
20:09:10.0750 3712 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:09:10.0953 3712 Fdc - ok
20:09:10.0968 3712 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:09:11.0093 3712 Fips - ok
20:09:11.0093 3712 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:09:11.0218 3712 Flpydisk - ok
20:09:11.0265 3712 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:09:11.0390 3712 FltMgr - ok
20:09:11.0500 3712 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:09:11.0531 3712 FontCache3.0.0.0 - ok
20:09:11.0546 3712 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:09:11.0703 3712 Fs_Rec - ok
20:09:11.0703 3712 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:09:11.0843 3712 Ftdisk - ok
20:09:11.0875 3712 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:09:12.0062 3712 Gpc - ok
20:09:12.0125 3712 GTIPCI21 (ca835331825599b938e37525796d3549) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
20:09:12.0156 3712 GTIPCI21 - ok
20:09:12.0187 3712 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:09:12.0312 3712 helpsvc - ok
20:09:12.0328 3712 HidServ - ok
20:09:12.0390 3712 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:09:12.0515 3712 hkmsvc - ok
20:09:12.0515 3712 hpn - ok
20:09:12.0562 3712 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
20:09:12.0609 3712 HSFHWICH - ok
20:09:12.0703 3712 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
20:09:12.0765 3712 HSF_DPV - ok
20:09:12.0843 3712 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:09:12.0875 3712 HTTP - ok
20:09:12.0921 3712 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:09:13.0093 3712 HTTPFilter - ok
20:09:13.0093 3712 i2omgmt - ok
20:09:13.0109 3712 i2omp - ok
20:09:13.0140 3712 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:09:13.0359 3712 i8042prt - ok
20:09:13.0468 3712 ialm (643162fbc619e35d3f1a90a095a5bb42) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:09:13.0546 3712 ialm - ok
20:09:13.0734 3712 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:09:13.0796 3712 idsvc - ok
20:09:13.0906 3712 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:09:14.0171 3712 Imapi - ok
20:09:14.0359 3712 Imapi Helper (1acad13923e467e473c3ec503223f983) C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
20:09:14.0375 3712 Imapi Helper ( UnsignedFile.Multi.Generic ) - warning
20:09:14.0375 3712 Imapi Helper - detected UnsignedFile.Multi.Generic (1)
20:09:14.0406 3712 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:09:14.0531 3712 ImapiService - ok
20:09:14.0531 3712 ini910u - ok
20:09:14.0593 3712 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:09:14.0718 3712 IntelIde - ok
20:09:14.0750 3712 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:09:14.0937 3712 intelppm - ok
20:09:14.0984 3712 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:09:15.0125 3712 Ip6Fw - ok
20:09:15.0187 3712 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:09:15.0328 3712 IpFilterDriver - ok
20:09:15.0328 3712 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:09:15.0453 3712 IpInIp - ok
20:09:15.0484 3712 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:09:15.0640 3712 IpNat - ok
20:09:15.0671 3712 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:09:15.0796 3712 IPSec - ok
20:09:15.0828 3712 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:09:15.0875 3712 IRENUM - ok
20:09:15.0906 3712 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:09:16.0046 3712 isapnp - ok
20:09:16.0109 3712 JavaQuickStarterService (4f2143570d2250ca4c4a4c98553c82cd) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
20:09:16.0140 3712 JavaQuickStarterService - ok
20:09:16.0171 3712 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:09:16.0281 3712 Kbdclass - ok
20:09:16.0390 3712 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:09:16.0515 3712 kmixer - ok
20:09:16.0593 3712 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:09:16.0609 3712 KSecDD - ok
20:09:16.0656 3712 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:09:16.0703 3712 LanmanServer - ok
20:09:16.0750 3712 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:09:16.0796 3712 lanmanworkstation - ok
20:09:16.0812 3712 lbrtfdc - ok
20:09:16.0859 3712 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:09:17.0000 3712 LmHosts - ok
20:09:17.0031 3712 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
20:09:17.0046 3712 MBAMProtector - ok
20:09:17.0156 3712 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:09:17.0187 3712 MBAMService - ok
20:09:17.0218 3712 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:09:17.0265 3712 mdmxsdk - ok
20:09:17.0296 3712 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:09:17.0500 3712 Messenger - ok
20:09:17.0546 3712 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:09:17.0796 3712 mnmdd - ok
20:09:17.0843 3712 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
20:09:17.0968 3712 mnmsrvc - ok
20:09:18.0015 3712 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:09:18.0156 3712 Modem - ok
20:09:18.0187 3712 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:09:18.0328 3712 Mouclass - ok
20:09:18.0359 3712 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:09:18.0484 3712 MountMgr - ok
20:09:18.0546 3712 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:09:18.0562 3712 MozillaMaintenance - ok
20:09:18.0562 3712 mraid35x - ok
20:09:18.0578 3712 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:09:18.0703 3712 MRxDAV - ok
20:09:18.0781 3712 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:09:18.0812 3712 MRxSmb - ok
20:09:18.0828 3712 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
20:09:19.0000 3712 MSDTC - ok
20:09:19.0015 3712 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:09:19.0156 3712 Msfs - ok
20:09:19.0156 3712 MSIServer - ok
20:09:19.0203 3712 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:09:19.0343 3712 MSKSSRV - ok
20:09:19.0375 3712 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:09:19.0500 3712 MSPCLOCK - ok
20:09:19.0531 3712 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:09:19.0687 3712 MSPQM - ok
20:09:19.0734 3712 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:09:19.0875 3712 mssmbios - ok
20:09:19.0921 3712 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:09:19.0953 3712 Mup - ok
20:09:20.0000 3712 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:09:20.0171 3712 napagent - ok
20:09:20.0203 3712 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:09:20.0343 3712 NDIS - ok
20:09:20.0390 3712 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:09:20.0437 3712 NdisTapi - ok
20:09:20.0484 3712 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:09:20.0609 3712 Ndisuio - ok
20:09:20.0640 3712 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:09:20.0796 3712 NdisWan - ok
20:09:20.0828 3712 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:09:20.0843 3712 NDProxy - ok
20:09:20.0843 3712 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:09:21.0000 3712 NetBIOS - ok
20:09:21.0015 3712 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:09:21.0171 3712 NetBT - ok
20:09:21.0218 3712 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:09:21.0375 3712 NetDDE - ok
20:09:21.0390 3712 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:09:21.0531 3712 NetDDEdsdm - ok
20:09:21.0546 3712 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:09:21.0671 3712 Netlogon - ok
20:09:21.0718 3712 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:09:21.0843 3712 Netman - ok
20:09:22.0015 3712 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:09:22.0031 3712 NetTcpPortSharing - ok
20:09:22.0203 3712 NICCONFIGSVC (c82dcfcc00c10b91346abb953ff79ee8) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
20:09:22.0281 3712 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - warning
20:09:22.0281 3712 NICCONFIGSVC - detected UnsignedFile.Multi.Generic (1)
20:09:22.0375 3712 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:09:22.0437 3712 Nla - ok
20:09:22.0453 3712 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:09:22.0718 3712 Npfs - ok
20:09:22.0812 3712 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:09:22.0937 3712 Ntfs - ok
20:09:22.0953 3712 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:09:23.0078 3712 NtLmSsp - ok
20:09:23.0125 3712 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:09:23.0250 3712 NtmsSvc - ok
20:09:23.0296 3712 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:09:23.0453 3712 Null - ok
20:09:23.0500 3712 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:09:23.0640 3712 NwlnkFlt - ok
20:09:23.0640 3712 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:09:23.0781 3712 NwlnkFwd - ok
20:09:23.0875 3712 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:09:23.0890 3712 ose - ok
20:09:24.0234 3712 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:09:24.0531 3712 osppsvc - ok
20:09:24.0859 3712 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:09:25.0000 3712 Parport - ok
20:09:25.0015 3712 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:09:25.0156 3712 PartMgr - ok
20:09:25.0203 3712 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:09:25.0406 3712 ParVdm - ok
20:09:25.0421 3712 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:09:25.0640 3712 PCI - ok
20:09:25.0640 3712 PCIDump - ok
20:09:25.0656 3712 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
20:09:25.0828 3712 PCIIde - ok
20:09:25.0890 3712 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:09:26.0015 3712 Pcmcia - ok
20:09:26.0015 3712 PDCOMP - ok
20:09:26.0031 3712 PDFRAME - ok
20:09:26.0031 3712 PDRELI - ok
20:09:26.0031 3712 PDRFRAME - ok
20:09:26.0046 3712 perc2 - ok
20:09:26.0046 3712 perc2hib - ok
20:09:26.0125 3712 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\ComboFix\pev.3XE
20:09:26.0140 3712 PEVSystemStart ( UnsignedFile.Multi.Generic ) - warning
20:09:26.0140 3712 PEVSystemStart - detected UnsignedFile.Multi.Generic (1)
20:09:26.0203 3712 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:09:26.0218 3712 PlugPlay - ok
20:09:26.0265 3712 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:09:26.0390 3712 PolicyAgent - ok
20:09:26.0421 3712 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:09:26.0546 3712 PptpMiniport - ok
20:09:26.0546 3712 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:09:26.0687 3712 ProtectedStorage - ok
20:09:26.0703 3712 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:09:26.0843 3712 PSched - ok
20:09:26.0859 3712 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:09:26.0984 3712 Ptilink - ok
20:09:27.0000 3712 ql1080 - ok
20:09:27.0000 3712 Ql10wnt - ok
20:09:27.0015 3712 ql12160 - ok
20:09:27.0015 3712 ql1240 - ok
20:09:27.0031 3712 ql1280 - ok
20:09:27.0046 3712 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:09:27.0156 3712 RasAcd - ok
20:09:27.0203 3712 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:09:27.0328 3712 RasAuto - ok
20:09:27.0359 3712 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:09:27.0484 3712 Rasl2tp - ok
20:09:27.0515 3712 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:09:27.0640 3712 RasMan - ok
20:09:27.0671 3712 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:09:27.0796 3712 RasPppoe - ok
20:09:27.0812 3712 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:09:27.0937 3712 Raspti - ok
20:09:28.0000 3712 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:09:28.0140 3712 Rdbss - ok
20:09:28.0156 3712 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:09:28.0281 3712 RDPCDD - ok
20:09:28.0375 3712 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:09:28.0484 3712 rdpdr - ok
20:09:28.0546 3712 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
20:09:28.0578 3712 RDPWD - ok
20:09:28.0625 3712 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:09:28.0781 3712 RDSessMgr - ok
20:09:28.0843 3712 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:09:28.0984 3712 redbook - ok
20:09:29.0046 3712 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:09:29.0218 3712 RemoteAccess - ok
20:09:29.0265 3712 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
20:09:29.0500 3712 RemoteRegistry - ok
20:09:29.0515 3712 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
20:09:29.0703 3712 RpcLocator - ok
20:09:29.0781 3712 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:09:29.0828 3712 RpcSs - ok
20:09:29.0859 3712 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:09:30.0046 3712 RSVP - ok
20:09:30.0078 3712 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:09:30.0265 3712 SamSs - ok
20:09:30.0421 3712 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:09:30.0437 3712 SASDIFSV - ok
20:09:30.0453 3712 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:09:30.0468 3712 SASKUTIL - ok
20:09:30.0515 3712 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:09:30.0656 3712 SCardSvr - ok
20:09:30.0703 3712 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:09:30.0828 3712 Schedule - ok
20:09:30.0875 3712 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:09:30.0953 3712 Secdrv - ok
20:09:30.0953 3712 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:09:31.0125 3712 seclogon - ok
20:09:31.0156 3712 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:09:31.0343 3712 SENS - ok
20:09:31.0406 3712 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:09:31.0562 3712 serenum - ok
20:09:31.0593 3712 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:09:31.0765 3712 Serial - ok
20:09:31.0812 3712 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:09:31.0953 3712 Sfloppy - ok
20:09:32.0015 3712 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:09:32.0218 3712 SharedAccess - ok
20:09:32.0421 3712 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:09:32.0468 3712 ShellHWDetection - ok
20:09:32.0468 3712 Simbad - ok
20:09:32.0484 3712 Sparrow - ok
20:09:32.0531 3712 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:09:32.0781 3712 splitter - ok
20:09:32.0828 3712 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:09:32.0859 3712 Spooler - ok
20:09:32.0875 3712 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:09:32.0937 3712 sr - ok
20:09:32.0968 3712 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:09:33.0046 3712 srservice - ok
20:09:33.0093 3712 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:09:33.0109 3712 Srv - ok
20:09:33.0156 3712 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys
20:09:33.0156 3712 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
20:09:33.0156 3712 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
20:09:33.0203 3712 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:09:33.0281 3712 SSDPSRV - ok
20:09:33.0296 3712 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys
20:09:33.0296 3712 ssrtln ( UnsignedFile.Multi.Generic ) - warning
20:09:33.0296 3712 ssrtln - detected UnsignedFile.Multi.Generic (1)
20:09:33.0500 3712 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
20:09:33.0531 3712 STAC97 - ok
20:09:33.0578 3712 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:09:33.0796 3712 stisvc - ok
20:09:33.0859 3712 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:09:34.0062 3712 swenum - ok
20:09:34.0078 3712 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:09:34.0250 3712 swmidi - ok
20:09:34.0250 3712 SwPrv - ok
20:09:34.0265 3712 symc810 - ok
20:09:34.0265 3712 symc8xx - ok
20:09:34.0281 3712 sym_hi - ok
20:09:34.0281 3712 sym_u3 - ok
20:09:34.0343 3712 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:09:34.0468 3712 sysaudio - ok
20:09:34.0500 3712 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:09:34.0625 3712 SysmonLog - ok
20:09:34.0656 3712 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:09:34.0796 3712 TapiSrv - ok
20:09:34.0843 3712 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:09:34.0906 3712 Tcpip - ok
20:09:34.0968 3712 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:09:35.0078 3712 TDPIPE - ok
20:09:35.0093 3712 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:09:35.0218 3712 TDTCP - ok
20:09:35.0265 3712 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:09:35.0390 3712 TermDD - ok
20:09:35.0421 3712 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:09:35.0562 3712 TermService - ok
20:09:35.0609 3712 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys
20:09:35.0609 3712 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
20:09:35.0609 3712 tfsnboio - detected UnsignedFile.Multi.Generic (1)
20:09:35.0625 3712 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys
20:09:35.0625 3712 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
20:09:35.0625 3712 tfsncofs - detected UnsignedFile.Multi.Generic (1)
20:09:35.0640 3712 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys
20:09:35.0640 3712 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
20:09:35.0640 3712 tfsndrct - detected UnsignedFile.Multi.Generic (1)
20:09:35.0656 3712 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys
20:09:35.0687 3712 tfsndres ( UnsignedFile.Multi.Generic ) - warning
20:09:35.0687 3712 tfsndres - detected UnsignedFile.Multi.Generic (1)
20:09:35.0703 3712 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys
20:09:35.0703 3712 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
20:09:35.0703 3712 tfsnifs - detected UnsignedFile.Multi.Generic (1)
20:09:35.0718 3712 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys
20:09:35.0734 3712 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
20:09:35.0734 3712 tfsnopio - detected UnsignedFile.Multi.Generic (1)
20:09:35.0734 3712 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys
20:09:35.0750 3712 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
20:09:35.0750 3712 tfsnpool - detected UnsignedFile.Multi.Generic (1)
20:09:35.0750 3712 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys
20:09:35.0765 3712 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
20:09:35.0765 3712 tfsnudf - detected UnsignedFile.Multi.Generic (1)
20:09:35.0781 3712 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys
20:09:35.0781 3712 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
20:09:35.0781 3712 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
20:09:35.0843 3712 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:09:35.0875 3712 Themes - ok
20:09:35.0890 3712 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
20:09:35.0968 3712 TlntSvr - ok
20:09:35.0968 3712 TosIde - ok
20:09:36.0000 3712 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:09:36.0125 3712 TrkWks - ok
20:09:36.0156 3712 TrueSight (b3c9c35dc93563b8d19ad414edf2fc82) c:\windows\system32\drivers\TrueSight.sys
20:09:36.0156 3712 TrueSight ( UnsignedFile.Multi.Generic ) - warning
20:09:36.0156 3712 TrueSight - detected UnsignedFile.Multi.Generic (1)
20:09:36.0187 3712 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:09:36.0312 3712 Udfs - ok
20:09:36.0312 3712 UIUSys - ok
20:09:36.0328 3712 ultra - ok
20:09:36.0406 3712 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:09:36.0531 3712 Update - ok
20:09:36.0578 3712 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:09:36.0656 3712 upnphost - ok
20:09:36.0687 3712 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:09:36.0812 3712 UPS - ok
20:09:36.0859 3712 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:09:37.0015 3712 usbehci - ok
20:09:37.0031 3712 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:09:37.0171 3712 usbhub - ok
20:09:37.0234 3712 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:09:37.0359 3712 USBSTOR - ok
20:09:37.0390 3712 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:09:37.0531 3712 usbuhci - ok
20:09:37.0578 3712 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:09:37.0734 3712 VgaSave - ok
20:09:37.0734 3712 ViaIde - ok
20:09:37.0765 3712 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:09:37.0890 3712 VolSnap - ok
20:09:37.0937 3712 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:09:38.0015 3712 VSS - ok
20:09:38.0046 3712 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:09:38.0187 3712 W32Time - ok
20:09:38.0234 3712 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:09:38.0359 3712 Wanarp - ok
20:09:38.0375 3712 WDICA - ok
20:09:38.0421 3712 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:09:38.0562 3712 wdmaud - ok
20:09:38.0593 3712 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:09:38.0781 3712 WebClient - ok
20:09:38.0843 3712 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:09:38.0875 3712 winachsf - ok
20:09:38.0968 3712 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:09:39.0125 3712 winmgmt - ok
20:09:39.0140 3712 wltrysvc - ok
20:09:39.0187 3712 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
20:09:39.0359 3712 WmdmPmSN - ok
20:09:39.0437 3712 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
20:09:39.0484 3712 Wmi - ok
20:09:39.0500 3712 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:09:39.0671 3712 WmiApSrv - ok
20:09:39.0859 3712 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:09:39.0906 3712 WPFFontCache_v0400 - ok
20:09:39.0984 3712 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:09:40.0140 3712 WS2IFSL - ok
20:09:40.0203 3712 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:09:40.0437 3712 wscsvc - ok
20:09:40.0468 3712 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:09:40.0625 3712 wuauserv - ok
20:09:40.0671 3712 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:09:40.0859 3712 WZCSVC - ok
20:09:40.0906 3712 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:09:41.0031 3712 xmlprov - ok
20:09:41.0062 3712 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:09:41.0546 3712 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:09:41.0546 3712 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:09:41.0562 3712 Boot (0x1200) (2794f5d5fb9710201176a26c1a5902b4) \Device\Harddisk0\DR0\Partition0
20:09:41.0562 3712 \Device\Harddisk0\DR0\Partition0 - ok
20:09:41.0562 3712 ============================================================
20:09:41.0562 3712 Scan finished
20:09:41.0562 3712 ============================================================
20:09:41.0578 3308 Detected object count: 21
20:09:41.0578 3308 Actual detected object count: 21
20:12:01.0921 3308 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:01.0921 3308 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:01.0921 3308 BAsfIpM ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:01.0921 3308 BAsfIpM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:01.0921 3308 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:01.0921 3308 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:01.0921 3308 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:01.0921 3308 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:01.0921 3308 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:01.0921 3308 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:01.0921 3308 Imapi Helper ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:01.0921 3308 Imapi Helper ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:01.0921 3308 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:01.0921 3308 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:01.0921 3308 PEVSystemStart ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:01.0921 3308 PEVSystemStart ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:01.0921 3308 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:01.0921 3308 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:01.0921 3308 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:01.0921 3308 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:01.0937 3308 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:01.0937 3308 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:01.0937 3308 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:01.0937 3308 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:01.0937 3308 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:01.0937 3308 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:01.0937 3308 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:01.0937 3308 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:01.0937 3308 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:01.0937 3308 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:01.0937 3308 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:01.0937 3308 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:01.0937 3308 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:01.0937 3308 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:01.0937 3308 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:01.0937 3308 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:01.0937 3308 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:01.0937 3308 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:01.0937 3308 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:01.0937 3308 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:01.0953 3308 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:12:01.0953 3308 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
  • 0

#14
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#15
360nourishment

360nourishment

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Ok, I ran the scan overnight, took about 2 hours.

The results? The system said no threats detected.

When I went to select the report tab, and selected detected threads report - the system didn't give me the option to press the Save button

I am still getting re-directs and I still have Rogue Killer window open with the two threats present.

Please advise.

Edited by 360nourishment, 23 July 2012 - 07:10 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP