Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help remove Alureon [Solved]

Started by braddx , Sep 20 2012 12:07 PM

  • This topic is locked This topic is locked

#1
braddx
Posted 20 September 2012 - 12:07 PM

braddx

    Member

  • Member
  • PipPip
  • 27 posts
I ran Microsoft Scanner and it showed the following:

Win32/Alureon.Gen!AD Severe
Win64/Alureon.Gen!F Severe
Win64/Alureon.Gen!L Severe
WinNT/Alureon.AB High

It said "partially removed", needs manual work. The link did not show manual help.

I have WXP Home -

Symptoms are Windows Update keeps repeating same updates, computer running slow.

How do I get rid of the Trojan Alureon? Thanks.


OTL logfile created on: 9/20/2012 1:27:06 PM - Run 1
OTL by OldTimer - Version 3.2.64.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 61.26% Memory free
3.85 Gb Paging File | 3.05 Gb Available in Paging File | 79.11% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 52.16 Gb Free Space | 70.02% Space Free | Partition Type: NTFS

Computer Name: OWNER-BD1NRREPH | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/20 13:26:11 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2012/09/13 00:30:56 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/09/07 02:48:22 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/07/26 03:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/06/30 23:14:42 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/06/27 02:14:47 | 000,107,520 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2012/01/04 15:26:46 | 001,606,488 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/30 12:00:00 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/07 02:48:21 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/09/01 13:50:53 | 009,813,704 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2012/06/27 02:14:47 | 000,107,520 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
MOD - [2011/08/19 17:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/13 00:30:56 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/09/07 02:48:22 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/01 13:50:54 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/06/27 02:14:47 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\Owner\Application Data\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/07/26 03:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/02/16 15:48:14 | 000,012,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/08/09 17:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2010/11/26 19:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/06/30 19:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchr...om/?c=2803&t=02
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.c...on=1.1.3001.0(B)
IE - HKCU\..\SearchScopes\{DF9F6525-2107-4ABE-A085-3028EB41A716}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search Here"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.4.2
FF - prefs.js..extensions.enabledAddons: [email protected]:1.5
FF - prefs.js..extensions.enabledAddons: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2189


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/09/11 08:56:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 08:51:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/30 23:15:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 02:48:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/25 07:13:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\AVG\AVG2012\Thunderbird\ [2012/01/27 08:59:53 | 000,000,000 | ---D | M]

[2012/01/25 15:29:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/08/17 15:01:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1wqr5qnu.default\extensions
[2012/08/03 17:37:12 | 000,021,674 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1wqr5qnu.default\extensions\[email protected]
[2012/02/16 02:12:30 | 000,008,363 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1wqr5qnu.default\extensions\[email protected]
[2012/08/09 09:37:54 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1wqr5qnu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/01/25 23:33:10 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1wqr5qnu.default\searchplugins\alot-search.xml
[2012/09/20 08:09:17 | 000,001,982 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1wqr5qnu.default\searchplugins\search-here.xml
[2012/09/07 02:47:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/02 08:51:12 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/09/07 02:48:22 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/30 04:13:40 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/30 04:13:40 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2003/03/31 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\Owner\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A0FA9A9-AD2F-4B3A-9645-7871CC5EF056}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/25 13:01:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/20 07:41:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\WinZip
[2012/09/20 07:40:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2012/09/20 07:40:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/09/20 07:40:09 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012/09/18 08:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2012/09/16 21:47:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\.explorer.local
[2012/09/16 21:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\.explorer.cache
[2012/09/13 00:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/11 08:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/09/07 02:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/20 13:16:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/20 13:16:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/20 12:44:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/20 09:03:01 | 095,346,364 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/09/20 07:40:51 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2012/09/18 13:07:10 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-1060284298-839522115-1003.job
[2012/09/18 13:07:10 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-329068152-1060284298-839522115-1003.job
[2012/09/18 09:21:40 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/18 09:16:54 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2012/09/18 09:16:48 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/18 09:16:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/18 08:45:12 | 000,027,520 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\dt.dat
[2012/09/18 08:20:42 | 000,001,723 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/09/18 08:20:42 | 000,001,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2012/09/11 08:56:31 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/27 06:00:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\DriverEasy Scheduled Scan.job
[2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/20 07:40:51 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2012/09/18 08:45:12 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\dt.dat
[2012/09/18 08:20:42 | 000,001,723 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/09/18 08:20:42 | 000,001,711 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
[2012/09/18 08:20:42 | 000,001,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2012/09/18 08:20:39 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2012/08/01 05:00:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys
[2012/06/30 23:19:02 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/23 15:12:14 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2012/02/15 06:46:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/08 20:49:12 | 000,012,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2012/02/02 19:03:17 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll
[2012/02/02 19:03:16 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\ZSHP1020.EXE
[2012/01/25 16:36:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wsbl.dat
[2012/01/25 16:36:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_summ.dat
[2012/01/25 16:36:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_white.dat
[2012/01/25 16:36:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_black.dat
[2012/01/25 16:36:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2012/01/25 16:36:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2012/01/25 16:08:52 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
[2012/01/25 16:08:52 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat
[2012/01/25 16:02:27 | 000,000,132 | ---- | C] () -- C:\WINDOWS\System32\rezumatenoi.dat
[2012/01/25 13:03:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/01/25 12:58:50 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/01/25 07:43:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/01/25 07:42:36 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2012/01/25 14:53:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

========== LOP Check ==========

[2012/01/27 09:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/05/12 20:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOINC
[2012/01/27 09:01:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/01/27 13:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Manager
[2012/06/27 02:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileHelp
[2012/07/23 15:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free File Opener
[2012/07/30 20:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/09/20 09:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/01/27 15:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters Inc
[2012/07/30 16:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC1Data
[2012/01/27 08:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Security Shield
[2012/06/22 16:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/02/23 14:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2012/09/20 07:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/02/23 14:44:46 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/06/30 23:03:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A73A8D1F-7E6C-45C6-90E5-2799C895CB0C}
[2012/06/27 02:19:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EC7D5FD4-23D2-4B8E-A4FB-676A35CD0044}
[2012/01/27 09:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG
[2012/01/27 09:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG2012
[2012/06/27 02:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DefaultTab
[2012/01/27 12:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Easeware
[2012/09/18 09:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2012/02/23 15:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2012/07/30 16:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2012/08/19 23:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oracle
[2012/07/30 15:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Cleaners
[2012/07/30 15:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PCPro
[2012/01/25 14:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Security Shield
[2012/01/29 16:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TestApp
[2012/01/25 15:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Thunderbird
[2012/02/23 14:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2012/01/25 14:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2012/01/27 08:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\Desktop\Security code32.txt:SummaryInformation
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

OTL Extras logfile created on: 9/20/2012 1:27:06 PM - Run 1
OTL by OldTimer - Version 3.2.64.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 61.26% Memory free
3.85 Gb Paging File | 3.05 Gb Available in Paging File | 79.11% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 52.16 Gb Free Space | 70.02% Space Free | Partition Type: NTFS

Computer Name: OWNER-BD1NRREPH | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\FileHelp\FileHelp.exe %1 (System Software, LLC)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Documents and Settings\Owner\Local Settings\Temp\7zS3D0C\HPDiagnosticCoreUI.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\7zS3D0C\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS -- (Hewlett-Packard)
"C:\Documents and Settings\Owner\Local Settings\Temp\7zS4332\HPDiagnosticCoreUI.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\7zS4332\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS -- (Hewlett-Packard)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38580E5E-AF78-4536-AD1E-6A62661372C5}" = AVG 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D4}" = WinZip 16.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2012
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Belarc Advisor" = Belarc Advisor 8.2
"CCleaner" = CCleaner
"DefaultTab" = DefaultTab
"FileHelp Assistant" = FileHelp Assistant
"Free File Opener" = Free File Opener
"HP-LaserJet 1020 series" = LaserJet 1020 series
"ie8" = Windows Internet Explorer 8
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"Mozilla Thunderbird 15.0.1 (x86 en-US)" = Mozilla Thunderbird 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"OrderReminder HP LaserJet 1020" = OrderReminder HP LaserJet 1020
"RealPlayer 15.0" = RealPlayer
"Smart Defrag 2_is1" = Smart Defrag 2
"Speccy" = Speccy
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/1/2012 8:50:49 PM | Computer Name = OWNER-BD1NRREPH | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The content index cannot be read. (0xc0041800)

Error - 8/1/2012 8:50:49 PM | Computer Name = OWNER-BD1NRREPH | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
content index cannot be read. (0xc0041800)

Error - 8/2/2012 9:55:18 PM | Computer Name = OWNER-BD1NRREPH | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 8/17/2012 3:03:53 PM | Computer Name = OWNER-BD1NRREPH | Source = Windows Search Service | ID = 7040
Description = The search service has detected corrupted data files in the index.
The service will attempt to automatically correct this problem by rebuilding the
index. Context: Windows Application, SystemIndex Catalog Details: 0xc0041801 (0xc0041801)


Error - 8/17/2012 3:03:53 PM | Computer Name = OWNER-BD1NRREPH | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.TripoliIndexer> cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: The content index cannot be read.
(0xc0041800)

Error - 8/17/2012 3:03:53 PM | Computer Name = OWNER-BD1NRREPH | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The content index cannot be read. (0xc0041800)

Error - 8/17/2012 3:03:54 PM | Computer Name = OWNER-BD1NRREPH | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
content index cannot be read. (0xc0041800)

Error - 8/18/2012 4:58:47 AM | Computer Name = OWNER-BD1NRREPH | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 8/19/2012 10:19:27 PM | Computer Name = OWNER-BD1NRREPH | Source = Microsoft Office 14 | ID = 2001
Description = Microsoft Word: Rejected Safe Mode action : Word failed to start correctly
last time. Starting Word in safe mode will help you correct or isolate a startup
problem in order to successfully start the program. Some functionality may be
disabled in this mode. Do you want to start Word in safe mode?.

Error - 9/18/2012 8:49:00 AM | Computer Name = OWNER-BD1NRREPH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 9/12/2012 6:18:16 PM | Computer Name = OWNER-BD1NRREPH | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 9/12/2012 6:18:19 PM | Computer Name = OWNER-BD1NRREPH | Source = Service Control Manager | ID = 7000
Description = The Print Spooler service failed to start due to the following error:
%%2

Error - 9/18/2012 9:17:13 AM | Computer Name = OWNER-BD1NRREPH | Source = Service Control Manager | ID = 7000
Description = The Print Spooler service failed to start due to the following error:
%%2


< End of report >

Edited by braddx, 20 September 2012 - 12:14 PM.

  • 0

Advertisements

#2
Essexboy
Posted 20 September 2012 - 12:25 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
First thing to do is to determine which type it is

  • Download RogueKiller and save it on your desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • 0

#3
braddx
Posted 20 September 2012 - 12:50 PM

braddx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Ok, done.

It "found" two items. I don't know how to post it here.

Edited by braddx, 20 September 2012 - 01:12 PM.

  • 0

#4
Essexboy
Posted 20 September 2012 - 01:22 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Open the report
Right click anywhere inside and select all > copy
Then when you post here right click on the blank posting space and select paste
  • 0

#5
braddx
Posted 20 September 2012 - 01:44 PM

braddx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 09/20/2012 15:42:17

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] DTUpdate.exe -- C:\Documents and Settings\Owner\Application Data\DefaultTab\DefaultTab\DTUpdate.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Maxtor 6Y080L0 +++++
--- User ---
[MBR] 1522866a6520d844a402c65c4ed8b097
[BSP] f0531316a6163d16f4ba254ab3fe3bf4 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76285 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
  • 0

#6
Essexboy
Posted 20 September 2012 - 01:47 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Intriguing there is no sign of the infection there

Lets check another area

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 0

#7
braddx
Posted 20 September 2012 - 02:10 PM

braddx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
when I right-click on the report, nothing happens. Left-click also nothing.
  • 0

#8
braddx
Posted 20 September 2012 - 02:33 PM

braddx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I have to leave - will be back as soon as possible. Thank you for your time and effort.
  • 0

#9
Essexboy
Posted 20 September 2012 - 03:22 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did you run TDSSKiller ?

If so the log wil be at C:\TDSSKiller date time
  • 0

#10
braddx
Posted 20 September 2012 - 08:05 PM

braddx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
16:04:01.0656 4756 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
16:04:01.0921 4756 ============================================================
16:04:01.0921 4756 Current date / time: 2012/09/20 16:04:01.0921
16:04:01.0921 4756 SystemInfo:
16:04:01.0921 4756
16:04:01.0921 4756 OS Version: 5.1.2600 ServicePack: 3.0
16:04:01.0921 4756 Product type: Workstation
16:04:01.0921 4756 ComputerName: OWNER-BD1NRREPH
16:04:01.0921 4756 UserName: Owner
16:04:01.0921 4756 Windows directory: C:\WINDOWS
16:04:01.0921 4756 System windows directory: C:\WINDOWS
16:04:01.0921 4756 Processor architecture: Intel x86
16:04:01.0921 4756 Number of processors: 1
16:04:01.0921 4756 Page size: 0x1000
16:04:01.0921 4756 Boot type: Normal boot
16:04:01.0921 4756 ============================================================
16:04:04.0515 4756 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:04:04.0515 4756 ============================================================
16:04:04.0515 4756 \Device\Harddisk0\DR0:
16:04:04.0515 4756 MBR partitions:
16:04:04.0515 4756 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
16:04:04.0515 4756 ============================================================
16:04:04.0562 4756 C: <-> \Device\Harddisk0\DR0\Partition1
16:04:04.0562 4756 ============================================================
16:04:04.0562 4756 Initialize success
16:04:04.0578 4756 ============================================================
16:04:14.0296 2476 ============================================================
16:04:14.0312 2476 Scan started
16:04:14.0312 2476 Mode: Manual; SigCheck; TDLFS;
16:04:14.0312 2476 ============================================================
16:04:14.0968 2476 ================ Scan system memory ========================
16:04:14.0984 2476 System memory - ok
16:04:15.0000 2476 ================ Scan services =============================
16:04:15.0187 2476 Abiosdsk - ok
16:04:15.0203 2476 abp480n5 - ok
16:04:15.0296 2476 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:04:16.0140 2476 ACPI - ok
16:04:16.0171 2476 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:04:16.0562 2476 ACPIEC - ok
16:04:16.0796 2476 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:04:16.0843 2476 AdobeFlashPlayerUpdateSvc - ok
16:04:16.0843 2476 adpu160m - ok
16:04:16.0968 2476 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:04:17.0343 2476 aec - ok
16:04:17.0390 2476 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:04:17.0500 2476 AFD - ok
16:04:17.0531 2476 Aha154x - ok
16:04:17.0546 2476 aic78u2 - ok
16:04:17.0562 2476 aic78xx - ok
16:04:17.0593 2476 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:04:17.0906 2476 Alerter - ok
16:04:17.0953 2476 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
16:04:18.0140 2476 ALG - ok
16:04:18.0171 2476 AliIde - ok
16:04:18.0187 2476 amsint - ok
16:04:18.0218 2476 AppMgmt - ok
16:04:18.0234 2476 asc - ok
16:04:18.0250 2476 asc3350p - ok
16:04:18.0281 2476 asc3550 - ok
16:04:18.0578 2476 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:04:18.0609 2476 aspnet_state - ok
16:04:18.0656 2476 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:04:18.0953 2476 AsyncMac - ok
16:04:19.0031 2476 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:04:19.0328 2476 atapi - ok
16:04:19.0343 2476 Atdisk - ok
16:04:19.0390 2476 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:04:19.0687 2476 Atmarpc - ok
16:04:19.0734 2476 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:04:20.0031 2476 AudioSrv - ok
16:04:20.0109 2476 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:04:20.0390 2476 audstub - ok
16:04:20.0812 2476 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
16:04:21.0125 2476 AVGIDSAgent - ok
16:04:21.0187 2476 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
16:04:21.0296 2476 AVGIDSDriver - ok
16:04:21.0312 2476 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
16:04:21.0359 2476 AVGIDSFilter - ok
16:04:21.0406 2476 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
16:04:21.0437 2476 AVGIDSHX - ok
16:04:21.0500 2476 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
16:04:21.0531 2476 AVGIDSShim - ok
16:04:21.0609 2476 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
16:04:21.0656 2476 Avgldx86 - ok
16:04:21.0687 2476 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
16:04:21.0734 2476 Avgmfx86 - ok
16:04:21.0750 2476 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
16:04:21.0796 2476 Avgrkx86 - ok
16:04:21.0828 2476 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
16:04:21.0890 2476 Avgtdix - ok
16:04:21.0968 2476 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
16:04:22.0015 2476 avgwd - ok
16:04:22.0062 2476 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
16:04:22.0093 2476 BANTExt ( UnsignedFile.Multi.Generic ) - warning
16:04:22.0093 2476 BANTExt - detected UnsignedFile.Multi.Generic (1)
16:04:22.0203 2476 [ B60F57B4D9CDBC663CC03EB8AF7EC34E ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
16:04:22.0250 2476 bcm4sbxp - ok
16:04:22.0359 2476 [ 41347688046D49CDE0F6D138A534F73D ] BCMModem C:\WINDOWS\system32\DRIVERS\BCMSM.sys
16:04:22.0484 2476 BCMModem - ok
16:04:22.0562 2476 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:04:22.0843 2476 Beep - ok
16:04:22.0953 2476 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
16:04:23.0281 2476 BITS - ok
16:04:23.0343 2476 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
16:04:23.0453 2476 Browser - ok
16:04:23.0515 2476 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:04:24.0000 2476 cbidf2k - ok
16:04:24.0015 2476 cd20xrnt - ok
16:04:24.0078 2476 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:04:24.0375 2476 Cdaudio - ok
16:04:24.0421 2476 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:04:24.0703 2476 Cdfs - ok
16:04:24.0734 2476 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:04:25.0046 2476 Cdrom - ok
16:04:25.0062 2476 Changer - ok
16:04:25.0125 2476 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:04:25.0421 2476 CiSvc - ok
16:04:25.0453 2476 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:04:25.0765 2476 ClipSrv - ok
16:04:25.0843 2476 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:04:25.0890 2476 clr_optimization_v2.0.50727_32 - ok
16:04:25.0906 2476 CmdIde - ok
16:04:25.0921 2476 COMSysApp - ok
16:04:25.0953 2476 Cpqarray - ok
16:04:26.0046 2476 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:04:26.0390 2476 CryptSvc - ok
16:04:26.0406 2476 dac2w2k - ok
16:04:26.0437 2476 dac960nt - ok
16:04:26.0531 2476 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:04:26.0718 2476 DcomLaunch - ok
16:04:27.0000 2476 [ 34AE0DFA3EE3B5B9975042D87332D0B7 ] DefaultTabUpdate C:\Documents and Settings\Owner\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
16:04:27.0015 2476 DefaultTabUpdate ( UnsignedFile.Multi.Generic ) - warning
16:04:27.0015 2476 DefaultTabUpdate - detected UnsignedFile.Multi.Generic (1)
16:04:27.0093 2476 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:04:27.0375 2476 Dhcp - ok
16:04:27.0437 2476 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:04:27.0765 2476 Disk - ok
16:04:27.0796 2476 dmadmin - ok
16:04:27.0875 2476 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:04:28.0203 2476 dmboot - ok
16:04:28.0250 2476 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:04:28.0562 2476 dmio - ok
16:04:28.0609 2476 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:04:28.0937 2476 dmload - ok
16:04:29.0000 2476 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:04:29.0328 2476 dmserver - ok
16:04:29.0390 2476 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:04:29.0750 2476 DMusic - ok
16:04:29.0796 2476 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:04:29.0859 2476 Dnscache - ok
16:04:29.0921 2476 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:04:30.0218 2476 Dot3svc - ok
16:04:30.0234 2476 dpti2o - ok
16:04:30.0312 2476 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:04:30.0593 2476 drmkaud - ok
16:04:30.0625 2476 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:04:30.0937 2476 EapHost - ok
16:04:31.0015 2476 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:04:31.0296 2476 ERSvc - ok
16:04:31.0375 2476 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
16:04:31.0546 2476 Eventlog - ok
16:04:31.0625 2476 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
16:04:31.0687 2476 EventSystem - ok
16:04:31.0734 2476 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:04:32.0015 2476 Fastfat - ok
16:04:32.0093 2476 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:04:32.0140 2476 FastUserSwitchingCompatibility - ok
16:04:32.0171 2476 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
16:04:32.0453 2476 Fdc - ok
16:04:32.0515 2476 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:04:32.0812 2476 Fips - ok
16:04:32.0828 2476 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:04:33.0125 2476 Flpydisk - ok
16:04:33.0187 2476 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
16:04:33.0484 2476 FltMgr - ok
16:04:33.0593 2476 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:04:33.0625 2476 FontCache3.0.0.0 - ok
16:04:33.0687 2476 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:04:33.0984 2476 Fs_Rec - ok
16:04:34.0015 2476 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:04:34.0328 2476 Ftdisk - ok
16:04:34.0390 2476 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:04:34.0734 2476 Gpc - ok
16:04:34.0859 2476 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:04:35.0171 2476 helpsvc - ok
16:04:35.0218 2476 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
16:04:35.0515 2476 HidServ - ok
16:04:35.0578 2476 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:04:35.0890 2476 HidUsb - ok
16:04:35.0953 2476 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:04:36.0296 2476 hkmsvc - ok
16:04:36.0312 2476 hpn - ok
16:04:36.0421 2476 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:04:36.0468 2476 HTTP - ok
16:04:36.0531 2476 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:04:36.0843 2476 HTTPFilter - ok
16:04:36.0875 2476 i2omgmt - ok
16:04:36.0890 2476 i2omp - ok
16:04:36.0968 2476 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:04:37.0250 2476 i8042prt - ok
16:04:37.0359 2476 [ DA58A8BE6A445835F603720C4BC8837E ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
16:04:37.0484 2476 ialm - ok
16:04:37.0578 2476 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:04:37.0640 2476 idsvc - ok
16:04:37.0687 2476 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:04:38.0000 2476 Imapi - ok
16:04:38.0078 2476 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\System32\imapi.exe
16:04:38.0375 2476 ImapiService - ok
16:04:38.0406 2476 ini910u - ok
16:04:38.0468 2476 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
16:04:38.0750 2476 IntelIde - ok
16:04:38.0828 2476 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:04:39.0093 2476 intelppm - ok
16:04:39.0140 2476 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
16:04:39.0468 2476 ip6fw - ok
16:04:39.0515 2476 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:04:39.0828 2476 IpFilterDriver - ok
16:04:39.0875 2476 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:04:40.0203 2476 IpInIp - ok
16:04:40.0281 2476 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:04:40.0578 2476 IpNat - ok
16:04:40.0625 2476 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:04:40.0937 2476 IPSec - ok
16:04:40.0984 2476 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:04:41.0156 2476 IRENUM - ok
16:04:41.0234 2476 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:04:41.0500 2476 isapnp - ok
16:04:41.0703 2476 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
16:04:41.0750 2476 JavaQuickStarterService - ok
16:04:41.0796 2476 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:04:42.0140 2476 Kbdclass - ok
16:04:42.0187 2476 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:04:42.0484 2476 kbdhid - ok
16:04:42.0531 2476 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:04:42.0843 2476 kmixer - ok
16:04:42.0937 2476 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:04:43.0031 2476 KSecDD - ok
16:04:43.0078 2476 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:04:43.0171 2476 lanmanserver - ok
16:04:43.0265 2476 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:04:43.0328 2476 lanmanworkstation - ok
16:04:43.0343 2476 lbrtfdc - ok
16:04:43.0421 2476 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:04:43.0765 2476 LmHosts - ok
16:04:43.0796 2476 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:04:44.0125 2476 Messenger - ok
16:04:44.0203 2476 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:04:44.0484 2476 mnmdd - ok
16:04:44.0515 2476 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
16:04:44.0828 2476 mnmsrvc - ok
16:04:44.0921 2476 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:04:45.0218 2476 Modem - ok
16:04:45.0250 2476 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:04:45.0562 2476 Mouclass - ok
16:04:45.0625 2476 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:04:45.0906 2476 mouhid - ok
16:04:45.0937 2476 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:04:46.0281 2476 MountMgr - ok
16:04:46.0359 2476 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:04:46.0406 2476 MozillaMaintenance - ok
16:04:46.0421 2476 mraid35x - ok
16:04:46.0453 2476 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:04:46.0765 2476 MRxDAV - ok
16:04:46.0859 2476 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:04:46.0968 2476 MRxSmb - ok
16:04:47.0031 2476 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
16:04:47.0343 2476 MSDTC - ok
16:04:47.0421 2476 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:04:47.0718 2476 Msfs - ok
16:04:47.0750 2476 MSIServer - ok
16:04:47.0812 2476 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:04:48.0093 2476 MSKSSRV - ok
16:04:48.0125 2476 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:04:48.0437 2476 MSPCLOCK - ok
16:04:48.0484 2476 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:04:48.0796 2476 MSPQM - ok
16:04:48.0890 2476 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:04:49.0187 2476 mssmbios - ok
16:04:49.0265 2476 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:04:49.0312 2476 Mup - ok
16:04:49.0390 2476 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:04:49.0703 2476 napagent - ok
16:04:49.0781 2476 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:04:50.0062 2476 NDIS - ok
16:04:50.0140 2476 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:04:50.0203 2476 NdisTapi - ok
16:04:50.0234 2476 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:04:50.0546 2476 Ndisuio - ok
16:04:50.0578 2476 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:04:50.0890 2476 NdisWan - ok
16:04:50.0968 2476 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:04:51.0031 2476 NDProxy - ok
16:04:51.0093 2476 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:04:51.0390 2476 NetBIOS - ok
16:04:51.0453 2476 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:04:51.0750 2476 NetBT - ok
16:04:51.0812 2476 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
16:04:52.0125 2476 NetDDE - ok
16:04:52.0156 2476 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:04:52.0437 2476 NetDDEdsdm - ok
16:04:52.0500 2476 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\System32\lsass.exe
16:04:52.0781 2476 Netlogon - ok
16:04:52.0812 2476 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
16:04:53.0125 2476 Netman - ok
16:04:53.0171 2476 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:04:53.0218 2476 NetTcpPortSharing - ok
16:04:53.0312 2476 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
16:04:53.0390 2476 Nla - ok
16:04:53.0468 2476 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:04:53.0765 2476 Npfs - ok
16:04:53.0812 2476 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:04:54.0156 2476 Ntfs - ok
16:04:54.0171 2476 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
16:04:54.0484 2476 NtLmSsp - ok
16:04:54.0531 2476 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:04:54.0843 2476 NtmsSvc - ok
16:04:54.0859 2476 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:04:55.0140 2476 Null - ok
16:04:55.0218 2476 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:04:55.0500 2476 NwlnkFlt - ok
16:04:55.0531 2476 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:04:55.0843 2476 NwlnkFwd - ok
16:04:55.0937 2476 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:04:55.0984 2476 ose - ok
16:04:56.0328 2476 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:04:56.0593 2476 osppsvc - ok
16:04:56.0671 2476 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:04:56.0968 2476 Parport - ok
16:04:57.0000 2476 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:04:57.0296 2476 PartMgr - ok
16:04:57.0375 2476 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:04:57.0656 2476 ParVdm - ok
16:04:57.0734 2476 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:04:58.0046 2476 PCI - ok
16:04:58.0062 2476 PCIDump - ok
16:04:58.0093 2476 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
16:04:58.0421 2476 PCIIde - ok
16:04:58.0484 2476 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:04:58.0781 2476 Pcmcia - ok
16:04:58.0796 2476 PDCOMP - ok
16:04:58.0812 2476 PDFRAME - ok
16:04:58.0828 2476 PDRELI - ok
16:04:58.0859 2476 PDRFRAME - ok
16:04:58.0875 2476 perc2 - ok
16:04:58.0890 2476 perc2hib - ok
16:04:58.0968 2476 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
16:04:59.0093 2476 PlugPlay - ok
16:04:59.0109 2476 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
16:04:59.0375 2476 PolicyAgent - ok
16:04:59.0437 2476 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:04:59.0734 2476 PptpMiniport - ok
16:04:59.0765 2476 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
16:05:00.0046 2476 Processor - ok
16:05:00.0062 2476 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:05:00.0343 2476 ProtectedStorage - ok
16:05:00.0390 2476 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:05:00.0687 2476 PSched - ok
16:05:00.0734 2476 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:05:01.0046 2476 Ptilink - ok
16:05:01.0062 2476 ql1080 - ok
16:05:01.0078 2476 Ql10wnt - ok
16:05:01.0093 2476 ql12160 - ok
16:05:01.0125 2476 ql1240 - ok
16:05:01.0140 2476 ql1280 - ok
16:05:01.0171 2476 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:05:01.0453 2476 RasAcd - ok
16:05:01.0484 2476 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:05:01.0812 2476 RasAuto - ok
16:05:01.0828 2476 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:05:02.0125 2476 Rasl2tp - ok
16:05:02.0218 2476 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:05:02.0515 2476 RasMan - ok
16:05:02.0546 2476 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:05:02.0859 2476 RasPppoe - ok
16:05:02.0875 2476 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:05:03.0171 2476 Raspti - ok
16:05:03.0250 2476 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:05:03.0562 2476 Rdbss - ok
16:05:03.0609 2476 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:05:03.0953 2476 RDPCDD - ok
16:05:04.0046 2476 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:05:04.0187 2476 RDPWD - ok
16:05:04.0250 2476 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:05:04.0531 2476 RDSessMgr - ok
16:05:04.0593 2476 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:05:04.0875 2476 redbook - ok
16:05:04.0953 2476 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:05:05.0250 2476 RemoteAccess - ok
16:05:05.0312 2476 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
16:05:05.0578 2476 RpcLocator - ok
16:05:05.0640 2476 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
16:05:05.0781 2476 RpcSs - ok
16:05:05.0828 2476 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
16:05:06.0125 2476 RSVP - ok
16:05:06.0171 2476 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
16:05:06.0468 2476 SamSs - ok
16:05:06.0500 2476 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:05:06.0796 2476 SCardSvr - ok
16:05:06.0890 2476 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:05:07.0187 2476 Schedule - ok
16:05:07.0234 2476 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:05:07.0421 2476 Secdrv - ok
16:05:07.0484 2476 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:05:07.0718 2476 seclogon - ok
16:05:07.0828 2476 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
16:05:07.0953 2476 senfilt - ok
16:05:08.0015 2476 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
16:05:08.0343 2476 SENS - ok
16:05:08.0390 2476 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:05:08.0703 2476 serenum - ok
16:05:08.0765 2476 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:05:09.0062 2476 Serial - ok
16:05:09.0109 2476 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:05:09.0421 2476 Sfloppy - ok
16:05:09.0500 2476 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:05:10.0000 2476 SharedAccess - ok
16:05:10.0046 2476 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:05:10.0093 2476 ShellHWDetection - ok
16:05:10.0125 2476 Simbad - ok
16:05:10.0218 2476 [ 14BB60A4F1C5291217A05D5728C403E6 ] SmartDefragDriver C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
16:05:10.0265 2476 SmartDefragDriver - ok
16:05:10.0343 2476 [ 0066FF77AEB4AE70066F7E94D5A6D866 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
16:05:10.0437 2476 smwdm - ok
16:05:10.0453 2476 Sparrow - ok
16:05:10.0531 2476 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:05:10.0828 2476 splitter - ok
16:05:10.0859 2476 Spooler - ok
16:05:10.0890 2476 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:05:11.0062 2476 sr - ok
16:05:11.0156 2476 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\System32\srsvc.dll
16:05:11.0296 2476 srservice - ok
16:05:11.0390 2476 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:05:11.0437 2476 Srv - ok
16:05:11.0500 2476 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:05:11.0656 2476 SSDPSRV - ok
16:05:11.0718 2476 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:05:12.0031 2476 stisvc - ok
16:05:12.0093 2476 [ A089FA4AF3D36AE69A349627A15BCA4C ] SWDUMon C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
16:05:12.0140 2476 SWDUMon - ok
16:05:12.0203 2476 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:05:12.0500 2476 swenum - ok
16:05:12.0562 2476 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:05:12.0843 2476 swmidi - ok
16:05:12.0859 2476 SwPrv - ok
16:05:12.0890 2476 symc810 - ok
16:05:12.0906 2476 symc8xx - ok
16:05:12.0921 2476 sym_hi - ok
16:05:12.0937 2476 sym_u3 - ok
16:05:13.0000 2476 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:05:13.0296 2476 sysaudio - ok
16:05:13.0390 2476 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:05:13.0703 2476 SysmonLog - ok
16:05:13.0796 2476 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:05:14.0093 2476 TapiSrv - ok
16:05:14.0125 2476 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:05:14.0218 2476 Tcpip - ok
16:05:14.0281 2476 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:05:14.0593 2476 TDPIPE - ok
16:05:14.0625 2476 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:05:14.0953 2476 TDTCP - ok
16:05:14.0984 2476 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:05:15.0265 2476 TermDD - ok
16:05:15.0359 2476 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
16:05:15.0640 2476 TermService - ok
16:05:15.0703 2476 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
16:05:15.0750 2476 Themes - ok
16:05:15.0781 2476 TosIde - ok
16:05:15.0859 2476 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:05:16.0156 2476 TrkWks - ok
16:05:16.0218 2476 [ C11362058918CD38C8B8D3E265DA80F5 ] TrueSight C:\WINDOWS\system32\drivers\TrueSight.sys
16:05:16.0265 2476 TrueSight ( UnsignedFile.Multi.Generic ) - warning
16:05:16.0265 2476 TrueSight - detected UnsignedFile.Multi.Generic (1)
16:05:16.0328 2476 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:05:16.0640 2476 Udfs - ok
16:05:16.0656 2476 ultra - ok
16:05:16.0750 2476 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:05:17.0093 2476 Update - ok
16:05:17.0140 2476 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:05:17.0312 2476 upnphost - ok
16:05:17.0359 2476 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
16:05:17.0671 2476 UPS - ok
16:05:17.0734 2476 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:05:18.0015 2476 usbccgp - ok
16:05:18.0078 2476 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:05:18.0328 2476 usbehci - ok
16:05:18.0390 2476 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:05:18.0765 2476 usbhub - ok
16:05:18.0843 2476 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:05:19.0171 2476 USBSTOR - ok
16:05:19.0250 2476 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:05:19.0578 2476 usbuhci - ok
16:05:19.0640 2476 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:05:19.0953 2476 VgaSave - ok
16:05:19.0984 2476 ViaIde - ok
16:05:20.0062 2476 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:05:20.0406 2476 VolSnap - ok
16:05:20.0453 2476 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
16:05:20.0640 2476 VSS - ok
16:05:20.0687 2476 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\System32\w32time.dll
16:05:20.0984 2476 W32Time - ok
16:05:21.0062 2476 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:05:21.0343 2476 Wanarp - ok
16:05:21.0375 2476 WDICA - ok
16:05:21.0437 2476 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:05:21.0718 2476 wdmaud - ok
16:05:21.0796 2476 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:05:22.0093 2476 WebClient - ok
16:05:22.0265 2476 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:05:22.0515 2476 winmgmt - ok
16:05:22.0593 2476 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:05:22.0640 2476 WmdmPmSN - ok
16:05:22.0703 2476 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
16:05:23.0015 2476 WmiApSrv - ok
16:05:23.0156 2476 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
16:05:23.0265 2476 WMPNetworkSvc - ok
16:05:23.0343 2476 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:05:23.0640 2476 wscsvc - ok
16:05:23.0671 2476 WSearch - ok
16:05:23.0703 2476 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:05:24.0015 2476 wuauserv - ok
16:05:24.0078 2476 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:05:24.0156 2476 WudfPf - ok
16:05:24.0203 2476 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:05:24.0281 2476 WudfRd - ok
16:05:24.0359 2476 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:05:24.0421 2476 WudfSvc - ok
16:05:24.0531 2476 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:05:24.0875 2476 WZCSVC - ok
16:05:24.0937 2476 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:05:25.0234 2476 xmlprov - ok
16:05:25.0265 2476 ================ Scan global ===============================
16:05:25.0328 2476 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
16:05:25.0437 2476 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:05:25.0468 2476 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:05:25.0531 2476 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
16:05:25.0531 2476 [Global] - ok
16:05:25.0546 2476 ================ Scan MBR ==================================
16:05:25.0593 2476 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
16:05:26.0296 2476 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:05:26.0296 2476 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:05:26.0312 2476 ================ Scan VBR ==================================
16:05:26.0375 2476 [ 55A6359F05BA6FD72FEF3B9C40BD3D06 ] \Device\Harddisk0\DR0\Partition1
16:05:26.0375 2476 \Device\Harddisk0\DR0\Partition1 - ok
16:05:26.0390 2476 ============================================================
16:05:26.0390 2476 Scan finished
16:05:26.0390 2476 ============================================================
16:05:26.0515 5940 Detected object count: 4
16:05:26.0515 5940 Actual detected object count: 4
16:05:32.0984 5940 BANTExt ( UnsignedFile.Multi.Generic ) - skipped by user
16:05:33.0000 5940 BANTExt ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:05:33.0000 5940 DefaultTabUpdate ( UnsignedFile.Multi.Generic ) - skipped by user
16:05:33.0000 5940 DefaultTabUpdate ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:05:33.0000 5940 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
16:05:33.0000 5940 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:05:33.0000 5940 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:05:33.0000 5940 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
16:11:39.0390 10116 ============================================================
16:11:39.0390 10116 Scan started
16:11:39.0390 10116 Mode: Manual; SigCheck; TDLFS;
16:11:39.0390 10116 ============================================================
16:11:39.0890 10116 ================ Scan system memory ========================
16:11:39.0890 10116 System memory - ok
16:11:39.0906 10116 ================ Scan services =============================
16:11:40.0093 10116 Abiosdsk - ok
16:11:40.0109 10116 abp480n5 - ok
16:11:40.0203 10116 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:11:40.0781 10116 ACPI - ok
16:11:40.0812 10116 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:11:41.0125 10116 ACPIEC - ok
16:11:41.0265 10116 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:11:41.0328 10116 AdobeFlashPlayerUpdateSvc - ok
16:11:41.0328 10116 adpu160m - ok
16:11:41.0421 10116 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:11:41.0687 10116 aec - ok
16:11:41.0750 10116 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:11:41.0812 10116 AFD - ok
16:11:41.0843 10116 Aha154x - ok
16:11:41.0859 10116 aic78u2 - ok
16:11:41.0875 10116 aic78xx - ok
16:11:41.0937 10116 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:11:42.0265 10116 Alerter - ok
16:11:42.0281 10116 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
16:11:42.0437 10116 ALG - ok
16:11:42.0453 10116 AliIde - ok
16:11:42.0468 10116 amsint - ok
16:11:42.0484 10116 AppMgmt - ok
16:11:42.0500 10116 asc - ok
16:11:42.0515 10116 asc3350p - ok
16:11:42.0531 10116 asc3550 - ok
16:11:42.0734 10116 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:11:42.0796 10116 aspnet_state - ok
16:11:42.0859 10116 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:11:43.0140 10116 AsyncMac - ok
16:11:43.0218 10116 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:11:43.0546 10116 atapi - ok
16:11:43.0562 10116 Atdisk - ok
16:11:43.0609 10116 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:11:43.0921 10116 Atmarpc - ok
16:11:43.0984 10116 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:11:44.0265 10116 AudioSrv - ok
16:11:44.0343 10116 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:11:44.0593 10116 audstub - ok
16:11:45.0031 10116 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
16:11:45.0328 10116 AVGIDSAgent - ok
16:11:45.0390 10116 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
16:11:45.0437 10116 AVGIDSDriver - ok
16:11:45.0453 10116 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
16:11:45.0500 10116 AVGIDSFilter - ok
16:11:45.0531 10116 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
16:11:45.0578 10116 AVGIDSHX - ok
16:11:45.0593 10116 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
16:11:45.0656 10116 AVGIDSShim - ok
16:11:45.0734 10116 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
16:11:45.0796 10116 Avgldx86 - ok
16:11:45.0890 10116 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
16:11:45.0937 10116 Avgmfx86 - ok
16:11:45.0953 10116 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
16:11:46.0000 10116 Avgrkx86 - ok
16:11:46.0093 10116 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
16:11:46.0171 10116 Avgtdix - ok
16:11:46.0250 10116 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
16:11:46.0296 10116 avgwd - ok
16:11:46.0375 10116 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
16:11:46.0437 10116 BANTExt ( UnsignedFile.Multi.Generic ) - warning
16:11:46.0437 10116 BANTExt - detected UnsignedFile.Multi.Generic (1)
16:11:46.0515 10116 [ B60F57B4D9CDBC663CC03EB8AF7EC34E ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
16:11:46.0578 10116 bcm4sbxp - ok
16:11:46.0671 10116 [ 41347688046D49CDE0F6D138A534F73D ] BCMModem C:\WINDOWS\system32\DRIVERS\BCMSM.sys
16:11:46.0796 10116 BCMModem - ok
16:11:46.0875 10116 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:11:47.0140 10116 Beep - ok
16:11:47.0234 10116 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
16:11:47.0546 10116 BITS - ok
16:11:47.0609 10116 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
16:11:47.0687 10116 Browser - ok
16:11:47.0750 10116 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:11:48.0062 10116 cbidf2k - ok
16:11:48.0078 10116 cd20xrnt - ok
16:11:48.0140 10116 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:11:48.0406 10116 Cdaudio - ok
16:11:48.0500 10116 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:11:48.0765 10116 Cdfs - ok
16:11:48.0796 10116 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:11:49.0078 10116 Cdrom - ok
16:11:49.0109 10116 Changer - ok
16:11:49.0156 10116 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:11:49.0437 10116 CiSvc - ok
16:11:49.0500 10116 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:11:49.0796 10116 ClipSrv - ok
16:11:49.0890 10116 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:11:49.0953 10116 clr_optimization_v2.0.50727_32 - ok
16:11:49.0953 10116 CmdIde - ok
16:11:49.0984 10116 COMSysApp - ok
16:11:50.0015 10116 Cpqarray - ok
16:11:50.0093 10116 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:11:50.0343 10116 CryptSvc - ok
16:11:50.0375 10116 dac2w2k - ok
16:11:50.0390 10116 dac960nt - ok
16:11:50.0468 10116 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:11:50.0656 10116 DcomLaunch - ok
16:11:50.0921 10116 [ 34AE0DFA3EE3B5B9975042D87332D0B7 ] DefaultTabUpdate C:\Documents and Settings\Owner\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
16:11:50.0937 10116 DefaultTabUpdate ( UnsignedFile.Multi.Generic ) - warning
16:11:50.0937 10116 DefaultTabUpdate - detected UnsignedFile.Multi.Generic (1)
16:11:51.0015 10116 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:11:51.0265 10116 Dhcp - ok
16:11:51.0343 10116 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:11:51.0640 10116 Disk - ok
16:11:51.0656 10116 dmadmin - ok
16:11:51.0734 10116 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:11:52.0031 10116 dmboot - ok
16:11:52.0062 10116 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:11:52.0359 10116 dmio - ok
16:11:52.0421 10116 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:11:52.0734 10116 dmload - ok
16:11:52.0796 10116 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:11:53.0078 10116 dmserver - ok
16:11:53.0140 10116 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:11:53.0421 10116 DMusic - ok
16:11:53.0500 10116 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:11:53.0562 10116 Dnscache - ok
16:11:53.0625 10116 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:11:53.0921 10116 Dot3svc - ok
16:11:53.0937 10116 dpti2o - ok
16:11:54.0015 10116 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:11:54.0265 10116 drmkaud - ok
16:11:54.0312 10116 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:11:54.0593 10116 EapHost - ok
16:11:54.0656 10116 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:11:54.0906 10116 ERSvc - ok
16:11:54.0984 10116 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
16:11:55.0125 10116 Eventlog - ok
16:11:55.0156 10116 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
16:11:55.0218 10116 EventSystem - ok
16:11:55.0296 10116 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:11:55.0593 10116 Fastfat - ok
16:11:55.0640 10116 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:11:55.0703 10116 FastUserSwitchingCompatibility - ok
16:11:55.0718 10116 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
16:11:55.0984 10116 Fdc - ok
16:11:56.0046 10116 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:11:56.0312 10116 Fips - ok
16:11:56.0343 10116 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:11:56.0593 10116 Flpydisk - ok
16:11:56.0671 10116 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
16:11:56.0953 10116 FltMgr - ok
16:11:57.0062 10116 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:11:57.0109 10116 FontCache3.0.0.0 - ok
16:11:57.0156 10116 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:11:57.0421 10116 Fs_Rec - ok
16:11:57.0468 10116 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:11:57.0734 10116 Ftdisk - ok
16:11:57.0812 10116 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:11:58.0078 10116 Gpc - ok
16:11:58.0203 10116 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:11:58.0484 10116 helpsvc - ok
16:11:58.0531 10116 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
16:11:58.0796 10116 HidServ - ok
16:11:58.0875 10116 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:11:59.0156 10116 HidUsb - ok
16:11:59.0234 10116 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:11:59.0531 10116 hkmsvc - ok
16:11:59.0562 10116 hpn - ok
16:11:59.0656 10116 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:11:59.0718 10116 HTTP - ok
16:11:59.0781 10116 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:12:00.0062 10116 HTTPFilter - ok
16:12:00.0078 10116 i2omgmt - ok
16:12:00.0093 10116 i2omp - ok
16:12:00.0140 10116 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:12:00.0421 10116 i8042prt - ok
16:12:00.0500 10116 [ DA58A8BE6A445835F603720C4BC8837E ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
16:12:00.0640 10116 ialm - ok
16:12:00.0734 10116 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:12:00.0828 10116 idsvc - ok
16:12:00.0890 10116 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:12:01.0171 10116 Imapi - ok
16:12:01.0265 10116 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\System32\imapi.exe
16:12:01.0515 10116 ImapiService - ok
16:12:01.0546 10116 ini910u - ok
16:12:01.0593 10116 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
16:12:01.0859 10116 IntelIde - ok
16:12:01.0921 10116 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:12:02.0171 10116 intelppm - ok
16:12:02.0203 10116 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
16:12:02.0500 10116 ip6fw - ok
16:12:02.0546 10116 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:12:02.0843 10116 IpFilterDriver - ok
16:12:02.0890 10116 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:12:03.0187 10116 IpInIp - ok
16:12:03.0265 10116 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:12:03.0531 10116 IpNat - ok
16:12:03.0562 10116 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:12:03.0859 10116 IPSec - ok
16:12:03.0906 10116 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:12:04.0109 10116 IRENUM - ok
16:12:04.0187 10116 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:12:04.0468 10116 isapnp - ok
16:12:04.0703 10116 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
16:12:04.0765 10116 JavaQuickStarterService - ok
16:12:04.0843 10116 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:12:05.0109 10116 Kbdclass - ok
16:12:05.0156 10116 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:12:05.0421 10116 kbdhid - ok
16:12:05.0484 10116 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:12:05.0750 10116 kmixer - ok
16:12:05.0796 10116 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:12:05.0875 10116 KSecDD - ok
16:12:05.0937 10116 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:12:06.0015 10116 lanmanserver - ok
16:12:06.0093 10116 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:12:06.0156 10116 lanmanworkstation - ok
16:12:06.0171 10116 lbrtfdc - ok
16:12:06.0265 10116 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:12:06.0562 10116 LmHosts - ok
16:12:06.0578 10116 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:12:06.0875 10116 Messenger - ok
16:12:06.0937 10116 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:12:07.0218 10116 mnmdd - ok
16:12:07.0250 10116 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
16:12:07.0562 10116 mnmsrvc - ok
16:12:07.0609 10116 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:12:07.0875 10116 Modem - ok
16:12:07.0906 10116 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:12:08.0171 10116 Mouclass - ok
16:12:08.0234 10116 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:12:08.0484 10116 mouhid - ok
16:12:08.0546 10116 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:12:08.0843 10116 MountMgr - ok
16:12:08.0906 10116 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:12:08.0968 10116 MozillaMaintenance - ok
16:12:08.0984 10116 mraid35x - ok
16:12:09.0046 10116 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:12:09.0328 10116 MRxDAV - ok
16:12:09.0437 10116 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:12:09.0875 10116 MRxSmb - ok
16:12:09.0937 10116 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
16:12:10.0218 10116 MSDTC - ok
16:12:10.0281 10116 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:12:10.0593 10116 Msfs - ok
16:12:10.0609 10116 MSIServer - ok
16:12:10.0671 10116 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:12:10.0937 10116 MSKSSRV - ok
16:12:10.0953 10116 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:12:11.0281 10116 MSPCLOCK - ok
16:12:11.0296 10116 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:12:11.0578 10116 MSPQM - ok
16:12:11.0640 10116 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:12:11.0906 10116 mssmbios - ok
16:12:11.0968 10116 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:12:12.0062 10116 Mup - ok
16:12:12.0125 10116 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:12:12.0421 10116 napagent - ok
16:12:12.0500 10116 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:12:12.0750 10116 NDIS - ok
16:12:12.0843 10116 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:12:12.0906 10116 NdisTapi - ok
16:12:12.0921 10116 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:12:13.0187 10116 Ndisuio - ok
16:12:13.0250 10116 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:12:13.0531 10116 NdisWan - ok
16:12:13.0593 10116 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:12:13.0703 10116 NDProxy - ok
16:12:13.0781 10116 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:12:14.0031 10116 NetBIOS - ok
16:12:14.0078 10116 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:12:14.0343 10116 NetBT - ok
16:12:14.0406 10116 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
16:12:14.0703 10116 NetDDE - ok
16:12:14.0718 10116 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:12:14.0984 10116 NetDDEdsdm - ok
16:12:15.0046 10116 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\System32\lsass.exe
16:12:15.0296 10116 Netlogon - ok
16:12:15.0375 10116 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
16:12:15.0625 10116 Netman - ok
16:12:15.0687 10116 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:12:15.0734 10116 NetTcpPortSharing - ok
16:12:15.0812 10116 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
16:12:15.0875 10116 Nla - ok
16:12:15.0968 10116 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:12:16.0265 10116 Npfs - ok
16:12:16.0312 10116 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:12:16.0625 10116 Ntfs - ok
16:12:16.0671 10116 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
16:12:16.0968 10116 NtLmSsp - ok
16:12:17.0046 10116 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:12:17.0328 10116 NtmsSvc - ok
16:12:17.0359 10116 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:12:17.0625 10116 Null - ok
16:12:17.0656 10116 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:12:17.0953 10116 NwlnkFlt - ok
16:12:17.0953 10116 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:12:18.0250 10116 NwlnkFwd - ok
16:12:18.0343 10116 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:12:18.0406 10116 ose - ok
16:12:18.0750 10116 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:12:19.0031 10116 osppsvc - ok
16:12:19.0109 10116 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:12:19.0375 10116 Parport - ok
16:12:19.0406 10116 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:12:19.0671 10116 PartMgr - ok
16:12:19.0734 10116 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:12:19.0984 10116 ParVdm - ok
16:12:20.0062 10116 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:12:20.0343 10116 PCI - ok
16:12:20.0359 10116 PCIDump - ok
16:12:20.0390 10116 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
16:12:20.0671 10116 PCIIde - ok
16:12:20.0718 10116 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:12:21.0000 10116 Pcmcia - ok
16:12:21.0015 10116 PDCOMP - ok
16:12:21.0046 10116 PDFRAME - ok
16:12:21.0062 10116 PDRELI - ok
16:12:21.0093 10116 PDRFRAME - ok
16:12:21.0109 10116 perc2 - ok
16:12:21.0140 10116 perc2hib - ok
16:12:21.0218 10116 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
16:12:21.0359 10116 PlugPlay - ok
16:12:21.0375 10116 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
16:12:21.0640 10116 PolicyAgent - ok
16:12:21.0718 10116 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:12:21.0984 10116 PptpMiniport - ok
16:12:22.0031 10116 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
16:12:22.0328 10116 Processor - ok
16:12:22.0390 10116 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:12:22.0656 10116 ProtectedStorage - ok
16:12:22.0703 10116 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:12:22.0968 10116 PSched - ok
16:12:23.0015 10116 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:12:23.0296 10116 Ptilink - ok
16:12:23.0312 10116 ql1080 - ok
16:12:23.0328 10116 Ql10wnt - ok
16:12:23.0359 10116 ql12160 - ok
16:12:23.0375 10116 ql1240 - ok
16:12:23.0406 10116 ql1280 - ok
16:12:23.0437 10116 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:12:23.0687 10116 RasAcd - ok
16:12:23.0718 10116 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:12:24.0031 10116 RasAuto - ok
16:12:24.0046 10116 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:12:24.0312 10116 Rasl2tp - ok
16:12:24.0390 10116 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:12:24.0671 10116 RasMan - ok
16:12:24.0718 10116 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:12:24.0984 10116 RasPppoe - ok
16:12:25.0015 10116 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:12:25.0281 10116 Raspti - ok
16:12:25.0343 10116 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:12:25.0640 10116 Rdbss - ok
16:12:25.0687 10116 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:12:25.0937 10116 RDPCDD - ok
16:12:26.0015 10116 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:12:26.0125 10116 RDPWD - ok
16:12:26.0187 10116 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:12:26.0437 10116 RDSessMgr - ok
16:12:26.0500 10116 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:12:26.0796 10116 redbook - ok
16:12:26.0859 10116 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:12:27.0156 10116 RemoteAccess - ok
16:12:27.0218 10116 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
16:12:27.0468 10116 RpcLocator - ok
16:12:27.0531 10116 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
16:12:27.0687 10116 RpcSs - ok
16:12:27.0734 10116 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
16:12:27.0984 10116 RSVP - ok
16:12:28.0031 10116 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
16:12:28.0281 10116 SamSs - ok
16:12:28.0343 10116 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:12:28.0625 10116 SCardSvr - ok
16:12:28.0687 10116 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:12:28.0968 10116 Schedule - ok
16:12:29.0046 10116 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:12:29.0234 10116 Secdrv - ok
16:12:29.0312 10116 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:12:29.0578 10116 seclogon - ok
16:12:29.0671 10116 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
16:12:29.0812 10116 senfilt - ok
16:12:29.0875 10116 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
16:12:30.0140 10116 SENS - ok
16:12:30.0171 10116 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:12:30.0453 10116 serenum - ok
16:12:30.0500 10116 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:12:30.0781 10116 Serial - ok
16:12:30.0859 10116 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:12:31.0125 10116 Sfloppy - ok
16:12:31.0218 10116 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:12:31.0515 10116 SharedAccess - ok
16:12:31.0593 10116 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:12:31.0656 10116 ShellHWDetection - ok
16:12:31.0656 10116 Simbad - ok
16:12:31.0734 10116 [ 14BB60A4F1C5291217A05D5728C403E6 ] SmartDefragDriver C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
16:12:31.0781 10116 SmartDefragDriver - ok
16:12:31.0890 10116 [ 0066FF77AEB4AE70066F7E94D5A6D866 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
16:12:31.0968 10116 smwdm - ok
16:12:31.0984 10116 Sparrow - ok
16:12:32.0062 10116 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:12:32.0328 10116 splitter - ok
16:12:32.0359 10116 Spooler - ok
16:12:32.0390 10116 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:12:32.0562 10116 sr - ok
16:12:32.0640 10116 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\System32\srsvc.dll
16:12:32.0796 10116 srservice - ok
16:12:32.0890 10116 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:12:32.0953 10116 Srv - ok
16:12:33.0031 10116 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:12:33.0187 10116 SSDPSRV - ok
16:12:33.0250 10116 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:12:33.0562 10116 stisvc - ok
16:12:33.0593 10116 [ A089FA4AF3D36AE69A349627A15BCA4C ] SWDUMon C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
16:12:33.0656 10116 SWDUMon - ok
16:12:33.0718 10116 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:12:34.0000 10116 swenum - ok
16:12:34.0062 10116 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:12:34.0343 10116 swmidi - ok
16:12:34.0359 10116 SwPrv - ok
16:12:34.0375 10116 symc810 - ok
16:12:34.0390 10116 symc8xx - ok
16:12:34.0421 10116 sym_hi - ok
16:12:34.0437 10116 sym_u3 - ok
16:12:34.0468 10116 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:12:34.0718 10116 sysaudio - ok
16:12:34.0765 10116 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:12:35.0062 10116 SysmonLog - ok
16:12:35.0171 10116 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:12:35.0453 10116 TapiSrv - ok
16:12:35.0515 10116 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:12:35.0625 10116 Tcpip - ok
16:12:35.0687 10116 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:12:35.0968 10116 TDPIPE - ok
16:12:36.0015 10116 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:12:36.0296 10116 TDTCP - ok
16:12:36.0328 10116 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:12:36.0593 10116 TermDD - ok
16:12:36.0671 10116 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
16:12:36.0937 10116 TermService - ok
16:12:36.0968 10116 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
16:12:37.0031 10116 Themes - ok
16:12:37.0046 10116 TosIde - ok
16:12:37.0140 10116 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:12:37.0406 10116 TrkWks - ok
16:12:37.0453 10116 [ C11362058918CD38C8B8D3E265DA80F5 ] TrueSight C:\WINDOWS\system32\drivers\TrueSight.sys
16:12:37.0515 10116 TrueSight ( UnsignedFile.Multi.Generic ) - warning
16:12:37.0515 10116 TrueSight - detected UnsignedFile.Multi.Generic (1)
16:12:37.0593 10116 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:12:37.0875 10116 Udfs - ok
16:12:37.0906 10116 ultra - ok
16:12:38.0000 10116 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:12:38.0296 10116 Update - ok
16:12:38.0375 10116 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:12:38.0562 10116 upnphost - ok
16:12:38.0593 10116 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
16:12:38.0875 10116 UPS - ok
16:12:38.0953 10116 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:12:39.0218 10116 usbccgp - ok
16:12:39.0250 10116 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:12:39.0562 10116 usbehci - ok
16:12:39.0609 10116 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:12:39.0875 10116 usbhub - ok
16:12:39.0921 10116 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:12:40.0218 10116 USBSTOR - ok
16:12:40.0296 10116 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:12:40.0609 10116 usbuhci - ok
16:12:40.0671 10116 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:12:40.0937 10116 VgaSave - ok
16:12:40.0953 10116 ViaIde - ok
16:12:41.0031 10116 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:12:41.0312 10116 VolSnap - ok
16:12:41.0359 10116 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
16:12:41.0562 10116 VSS - ok
16:12:41.0625 10116 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\System32\w32time.dll
16:12:41.0890 10116 W32Time - ok
16:12:41.0968 10116 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:12:42.0250 10116 Wanarp - ok
16:12:42.0265 10116 WDICA - ok
16:12:42.0359 10116 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:12:42.0640 10116 wdmaud - ok
16:12:42.0718 10116 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:12:43.0000 10116 WebClient - ok
16:12:43.0156 10116 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:12:43.0406 10116 winmgmt - ok
16:12:43.0484 10116 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:12:43.0546 10116 WmdmPmSN - ok
16:12:43.0625 10116 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
16:12:43.0921 10116 WmiApSrv - ok
16:12:44.0078 10116 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
16:12:44.0187 10116 WMPNetworkSvc - ok
16:12:44.0281 10116 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:12:44.0546 10116 wscsvc - ok
16:12:44.0562 10116 WSearch - ok
16:12:44.0625 10116 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:12:44.0875 10116 wuauserv - ok
16:12:44.0937 10116 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:12:45.0031 10116 WudfPf - ok
16:12:45.0078 10116 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:12:45.0171 10116 WudfRd - ok
16:12:45.0234 10116 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:12:45.0359 10116 WudfSvc - ok
16:12:45.0437 10116 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:12:45.0750 10116 WZCSVC - ok
16:12:45.0796 10116 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:12:46.0062 10116 xmlprov - ok
16:12:46.0078 10116 ================ Scan global ===============================
16:12:46.0140 10116 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
16:12:46.0218 10116 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:12:46.0250 10116 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:12:46.0281 10116 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
16:12:46.0296 10116 [Global] - ok
16:12:46.0296 10116 ================ Scan MBR ==================================
16:12:46.0343 10116 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
16:12:46.0703 10116 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:12:46.0703 10116 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:12:46.0718 10116 ================ Scan VBR ==================================
16:12:46.0750 10116 [ 55A6359F05BA6FD72FEF3B9C40BD3D06 ] \Device\Harddisk0\DR0\Partition1
16:12:46.0750 10116 \Device\Harddisk0\DR0\Partition1 - ok
16:12:46.0765 10116 ============================================================
16:12:46.0765 10116 Scan finished
16:12:46.0765 10116 ============================================================
16:12:46.0796 6264 Detected object count: 4
16:12:46.0796 6264 Actual detected object count: 4
16:13:05.0203 6264 BANTExt ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:05.0203 6264 BANTExt ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:05.0218 6264 DefaultTabUpdate ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:05.0218 6264 DefaultTabUpdate ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:05.0218 6264 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:05.0218 6264 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:05.0218 6264 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:13:05.0218 6264 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
16:13:53.0906 9992 Deinitialize success
  • 0

Advertisements

#11
Essexboy
Posted 21 September 2012 - 05:35 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you re-run TDSSKiller with the same parameters and when you see the following select delete :

\Device\Harddisk0\DR0 ( TDSS File System ) -

Once done could you let me know how the system is behaving
  • 0

#12
braddx
Posted 21 September 2012 - 04:06 PM

braddx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I did as you instructed and Windows Update ran 35 updates. I assume these had been the ones not run the past several days. However, it then continued to run the same 3 updates over and over again. Also, I re-ran Microsoft Security Essentials and Alureon is no longer showing up. So definite progress was made. Many thanks. Now if only the Windows Update program worked, it'd be 100%.

Edited by braddx, 21 September 2012 - 04:08 PM.

  • 0

#13
braddx
Posted 21 September 2012 - 09:18 PM

braddx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Sorry, my mistake. The original scan I ran was Microsoft Scanner, not Microsoft Security Essentials. So I ran Scanner again and the 4 Alureon Trojans are still there. As before, the final result said they were partially removed but needed further manual removal. So, other than opening Windows Update temporarily, I'm still where I was when I started. The Scanner was a "full" scan and it took over 4 hours to complete.
  • 0

#14
Essexboy
Posted 22 September 2012 - 04:30 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is the location of the detected files C:\TDSSKiller\quarantine ?

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#15
braddx
Posted 22 September 2012 - 05:38 AM

braddx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
1. Yes, TDSSKiller/quarantine is found in the C: location.

2. I did not get an option to save Combofix to desktop. I sent it there afterwards from C:\COMBOFIX.TXT

3. ComboFix 12-09-22.02 - Owner 09/22/2012 7:05.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1354 [GMT -4:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Owner\Application Data\DefaultTab\DefaultTab
c:\documents and settings\Owner\Application Data\DefaultTab\DefaultTab\addon.ico
c:\documents and settings\Owner\Application Data\DefaultTab\DefaultTab\amazon_ie.ico
c:\documents and settings\Owner\Application Data\DefaultTab\DefaultTab\bing.ico
c:\documents and settings\Owner\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\documents and settings\Owner\Application Data\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\documents and settings\Owner\Application Data\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\documents and settings\Owner\Application Data\DefaultTab\DefaultTab\DT.ico
c:\documents and settings\Owner\Application Data\DefaultTab\DefaultTab\ebay_ie.ico
c:\documents and settings\Owner\Application Data\DefaultTab\DefaultTab\facebook_ie.ico
c:\documents and settings\Owner\Application Data\DefaultTab\DefaultTab\google.ico
c:\documents and settings\Owner\Application Data\DefaultTab\DefaultTab\search_here_ie.ico
c:\documents and settings\Owner\Application Data\DefaultTab\DefaultTab\searchhere.ico
c:\documents and settings\Owner\Application Data\DefaultTab\DefaultTab\twitter_ie.ico
c:\documents and settings\Owner\Application Data\DefaultTab\DefaultTab\uninstalldt.exe
c:\documents and settings\Owner\Application Data\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\documents and settings\Owner\Application Data\DefaultTab\DefaultTab\yahoo.ico
c:\documents and settings\Owner\Application Data\DefaultTab\DefaultTab\youtube_ie.ico
c:\windows\system32\SET177.tmp
c:\windows\system32\SET179.tmp
c:\windows\system32\SET17B.tmp
c:\windows\system32\SET17D.tmp
c:\windows\system32\SET17F.tmp
c:\windows\system32\SET181.tmp
c:\windows\system32\SET18F.tmp
c:\windows\system32\SET19B.tmp
c:\windows\system32\SET19D.tmp
c:\windows\system32\SET204.tmp
c:\windows\system32\SET208.tmp
c:\windows\system32\SET210.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-22 to 2012-09-22 )))))))))))))))))))))))))))))))
.
.
2012-09-22 04:45 . 2012-09-22 04:46 -------- d-----w- c:\documents and settings\Owner\Application Data\QuickScan
2012-09-21 20:38 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-09-21 20:21 . 2012-06-02 19:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-09-21 19:51 . 2012-09-21 19:51 -------- d-----w- c:\documents and settings\Owner\Application Data\DriverCure
2012-09-21 19:51 . 2012-09-21 19:51 -------- d-----w- c:\documents and settings\Owner\Application Data\SpeedMaxPc
2012-09-21 19:51 . 2012-09-21 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc
2012-09-21 09:10 . 2012-09-21 09:10 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Secunia PSI
2012-09-21 09:10 . 2012-09-21 09:10 -------- d-----w- c:\program files\Secunia
2012-09-20 11:41 . 2012-09-20 11:41 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WinZip
2012-09-20 11:40 . 2012-09-20 11:41 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2012-09-18 12:20 . 2012-09-18 12:20 -------- d-----w- c:\program files\Belarc
2012-09-17 01:47 . 2012-09-17 01:47 -------- d-----w- c:\documents and settings\Owner\.explorer.local
2012-09-17 01:47 . 2012-09-17 01:51 -------- d-----w- c:\documents and settings\Owner\.explorer.cache
2012-09-13 04:32 . 2012-09-13 04:32 -------- d-----w- c:\program files\Common Files\Java
2012-09-13 04:31 . 2012-09-13 04:30 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-13 04:30 . 2012-08-20 03:01 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-13 04:30 . 2012-02-16 06:18 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-13 04:30 . 2012-02-16 06:18 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-07 21:04 . 2012-01-29 20:08 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-01 17:50 . 2012-04-12 17:04 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-01 17:50 . 2012-01-26 04:07 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:14 . 2003-03-31 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2003-03-31 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2003-03-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2012-01-25 18:11 385024 ------w- c:\windows\system32\html.iec
2012-08-24 19:43 . 2011-07-11 06:14 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-01 09:00 . 2012-08-01 09:00 0 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-07-30 19:37 . 2012-07-30 19:40 4269368 ----a-w- c:\windows\uninst.exe
2012-07-26 07:21 . 2011-10-07 11:23 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-07-06 13:58 . 2003-03-31 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2012-01-25 16:57 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2003-03-31 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-01 03:14 . 2003-03-19 01:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-07-01 03:14 . 2003-02-21 09:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-07 06:48 . 2012-09-07 06:47 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2003-03-31 . 9B4155BA58192D4073082B8FC5D42612 . 51200 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
.
c:\windows\System32\spoolsv.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-07-01 296096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-7-25 572000]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 7:30 AM 31952]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2/23/2012 3:12 PM 14776]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 7:23 AM 237408]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 2:14 AM 301920]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [7/25/2012 4:46 AM 1326176]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [7/25/2012 4:46 AM 681056]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [8/13/2012 3:24 AM 5167736]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/12/2012 1:04 PM 250568]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/26/2012 5:27 AM 114144]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2/8/2012 8:49 PM 12984]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 31271016
*NewlyCreated* - 45290842
*NewlyCreated* - 77438555
*Deregistered* - 31271016
*Deregistered* - 45290842
*Deregistered* - 77438555
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 17:50]
.
2012-09-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-1060284298-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 16:00]
.
2012-09-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-1060284298-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 16:00]
.
2012-09-22 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2012-02-23 19:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mysearchresults.com/?c=2803&t=02
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1wqr5qnu.default\
FF - prefs.js: browser.search.selectedEngine - Search Here
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\Owner\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll
SafeBoot-45290842.sys
MSConfigStartUp-CTFMON - (no file)
AddRemove-DefaultTab - c:\documents and settings\Owner\Application Data\DefaultTab\DefaultTab\uninstalldt.exe
AddRemove-{037524F1-D279-4FD5-A5DE-19B241F4ED4E} - c:\documents and settings\All Users\Application Data\{0B4EECC2-B656-4BF8-9915-6F8B225BC43C}\UMPSetup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-22 07:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-09-22 07:20:54
ComboFix-quarantined-files.txt 2012-09-22 11:20
.
Pre-Run: 54,679,707,648 bytes free
Post-Run: 57,503,019,008 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 789A9184D8220CAA8E092B288C8258B6

4. The log notes "spooler is missing !!" Does this have anything to do with my printer? That was my next issue - printer isn't working and I got a window about "spooler". This was well before the current Alureon issue.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP