Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

virus PUP.my websearch [Solved]

Started by mnstrbuck , Sep 26 2012 03:15 AM

  • This topic is locked This topic is locked

#16
mnstrbuck
Posted 28 September 2012 - 10:07 AM

mnstrbuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
ComboFix 12-09-27.03 - user 09/28/2012 10:58:12.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1200 [GMT -5:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\user\Application Data\wilane.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-28 )))))))))))))))))))))))))))))))
.
.
2012-09-28 14:34 . 2012-09-28 14:34 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C343A6BD-9718-48E1-8CAA-4D14B0F5E9EE}\MpKsl0669fff0.sys
2012-09-28 13:42 . 2012-09-28 13:42 -------- d-----w- C:\_OTL
2012-09-27 16:08 . 2012-09-19 05:59 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C343A6BD-9718-48E1-8CAA-4D14B0F5E9EE}\mpengine.dll
2012-09-27 16:06 . 2012-09-27 16:06 -------- d-----w- c:\program files\ERUNT
2012-09-23 13:48 . 2012-09-23 03:50 172464 ----a-w- c:\program files\4zres.dll
2012-09-23 13:38 . 2012-09-23 13:47 -------- d-----w- c:\documents and settings\user\Application Data\FreeFileViewer
2012-09-23 13:34 . 2012-09-23 13:35 -------- d-----w- c:\program files\FreeFileViewer
2012-09-23 13:34 . 2012-09-23 13:34 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Wajam
2012-09-23 13:34 . 2012-09-23 13:50 -------- d-----w- c:\program files\Yontoo
2012-09-22 02:42 . 2012-09-19 05:59 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-22 02:40 . 2012-09-22 02:40 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-22 02:30 . 2012-09-22 02:30 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Microsoft_Corporation
2012-09-21 17:49 . 2012-09-21 17:49 -------- d-----w- c:\program files\Common Files\Java
2012-09-21 17:48 . 2012-09-21 17:48 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-21 17:30 . 2012-09-21 17:30 -------- d-----w- c:\program files\iPod
2012-09-21 17:30 . 2012-09-21 17:31 -------- d-----w- c:\program files\iTunes
2012-09-21 17:30 . 2012-09-21 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-05 21:20 . 2012-09-05 21:20 389120 ----a-w- c:\windows\system32\RegistryHelperLM.ocx
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 17:53 . 2012-05-05 19:14 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 17:53 . 2011-12-24 13:26 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-21 17:48 . 2012-06-26 15:23 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-21 17:48 . 2010-05-24 01:27 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-21 17:48 . 2010-05-24 01:27 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-21 18:01 . 2009-06-30 17:15 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 18:01 . 2009-06-30 17:15 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-09 18:42 . 2011-04-05 20:05 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-07-09 18:42 . 2011-04-05 20:05 44032 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-07-06 13:58 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2009-06-11 04:41 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ExifLauncher2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk
backup=c:\windows\pss\ExifLauncher2.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog305]
2005-08-05 21:15 61440 ----a-w- c:\windows\VM305_STI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-11 23:00 138096 ----atw- c:\documents and settings\user\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]
2011-08-09 22:02 1176064 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 04:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-05-25 09:25 6595928 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2012-03-26 22:08 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 04:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 01:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-01-13 06:37 18084864 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-29 22:11 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 14:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
R1 MpKsl0669fff0;MpKsl0669fff0;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C343A6BD-9718-48E1-8CAA-4D14B0F5E9EE}\MpKsl0669fff0.sys [9/28/2012 9:34 AM 29904]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/5/2012 2:14 PM 250288]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\drivers\usbVM305.sys [12/26/2009 9:49 PM 392316]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL0669FFF0
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 17:53]
.
2012-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-09-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-682003330-1563985344-2147018087-1004Core.job
- c:\documents and settings\user\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-01-29 23:00]
.
2012-09-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-682003330-1563985344-2147018087-1004UA.job
- c:\documents and settings\user\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-01-29 23:00]
.
2012-09-28 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2012-09-23 20:24]
.
2012-09-28 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
.
2012-09-28 c:\windows\Tasks\ProgramUpdateCheck.job
- c:\program files\File Type Assistant\tsassist.exe [2012-04-03 19:22]
.
2012-09-27 c:\windows\Tasks\User_Feed_Synchronization-{B2BBBCDF-5101-4452-94CE-E6914C9DD56C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.ca/
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=CA&userid=9dcec610-e116-44f8-95e2-f846af83532d&searchtype=ds&q={searchTerms}
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www.update
Trusted Zone: yahoo.com\ca
Trusted Zone: yahoo.com\ca.news
TCP: DhcpNameServer = 192.168.100.254 142.161.130.155
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-28 11:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-09-28 11:03:38
ComboFix-quarantined-files.txt 2012-09-28 16:03
.
Pre-Run: 51,646,046,208 bytes free
Post-Run: 51,685,908,480 bytes free
.
- - End Of File - - 0D46517018D018AAE9FC8795B3AEF303
  • 0

Advertisements

#17
mnstrbuck
Posted 28 September 2012 - 10:08 AM

mnstrbuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
add/remove log

3DVIA player 5.0
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Age of Empires Online
AMD Catalyst Install Manager
AMD Processor Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
ATI Display Driver
Bejeweled 3
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CCleaner
Critical Update for Windows Media Player 11 (KB959772)
ERUNT 1.1j
Facebook Video Calling 1.2.0.159
File Type Assistant
FileHippo.com Update Checker
FinePix Studio
FinePixViewer Resource
FinePixViewer Ver.5.5
Free File Viewer 2012
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Image Plugin
Image Resizer Powertoy for Windows XP
InstallIQ Updater
iTunes
Java 7 Update 7
Java Auto Updater
Java™ 6 Update 30
JavaFX 2.1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Age of Empires II Trial Version
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
Plants vs. Zombies
PokerStars
PokerStars.net
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skins
Spelling Dictionaries Support For Adobe Reader 9
swMSM
TeamViewer 6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.6195
Veetle TV 0.9.18
VIMICRO USB PC Camera V
vShare Plugin
WebFldrs XP
WhiteSmokeTranslator
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Upload Tool
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
World of Warcraft
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
  • 0

#18
mnstrbuck
Posted 28 September 2012 - 10:09 AM

mnstrbuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
FSS log

Farbar Service Scanner Version: 19-09-2012
Ran by user (administrator) on 28-09-2012 at 11:08:41
Running from "C:\Documents and Settings\user\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) irda(8) NetBT(6) PSched(7) Tcpip(4)
0x09000000050000000100000002000000030000000400000056000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****
  • 0

#19
Dakeyras
Posted 29 September 2012 - 04:32 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Going back to this you mentioned prior:-

Can we try ? to get to where I can get all my stuff off of it such as pictures and my personal stuff then get it reformatted

We have now got your machine to the stage were this can be safely done...

Or we can continue the malware removal process, the choice is yours and I will respect whatever course of action/decision you make.
  • 0

#20
mnstrbuck
Posted 29 September 2012 - 08:29 AM

mnstrbuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
continue please
  • 0

#21
Dakeyras
Posted 29 September 2012 - 09:58 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

continue please

Acknowledged.

Next:

  • Click on Start >> Run...(or launch the Run Box via depressing both the Windows key and R together).
    Cut and paste in the following:-
services.msc

  • Click on OK >> the Services window should now appear.
  • Locate then right-click on Automatic Updates and select Properties.
  • On the General tab, next to Startup type:, ensure that Automatic is selected(if it is not) >> click on Apply then OK.
Still in the Services window, set the following to Automatic also:-

Background Intelligent Transfer Service

Windows Firewall/Internet Connection Sharing (ICS)

Wireless Zero Configuration

Close the Services window. Then reboot(restart) the machine. <-- Ensure you do restart.

Re-scan with FSS:

Delete the current version of FSS.txt(if still present), then empty the Recycle Bin.

  • Double-click on FSS.exe to start the program.
  • Select all available options.
  • Then click on the Scan tab.
  • When the scan is complete, it will produce a log named FSS.txt.
  • Post the contents in your next reply.

  • 0

#22
mnstrbuck
Posted 29 September 2012 - 10:43 AM

mnstrbuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Farbar Service Scanner Version: 19-09-2012
Ran by user (administrator) on 29-09-2012 at 11:46:15
Running from "C:\Documents and Settings\user\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) irda(8) NetBT(6) PSched(7) Tcpip(4)
0x09000000050000000100000002000000030000000400000056000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****
  • 0

#23
Dakeyras
Posted 30 September 2012 - 02:55 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Did you encounter any problems checking the Services/changing the status as I advised in post #21 ?

Reason asking is they appear to be still not working as should....
  • 0

#24
mnstrbuck
Posted 30 September 2012 - 07:45 AM

mnstrbuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Is there other names that the items you wanted me to check off automatic?
I ran another fss scan here's the log






Farbar Service Scanner Version: 19-09-2012
Ran by user (administrator) on 30-09-2012 at 08:42:28
Running from "C:\Documents and Settings\user\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) irda(8) NetBT(6) PSched(7) Tcpip(4)
0x09000000050000000100000002000000030000000400000056000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****
  • 0

#25
Dakeyras
Posted 30 September 2012 - 01:39 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Is there other names that the items you wanted me to check off automatic?
I ran another fss scan here's the log

All appears as should now, so no further action is needed with regard to that.

Java Advice:

There has been a recent severe exploration of this software, further information can be read here. The aforementioned article will also explain on how to disable the plugins, though my friendly advice would be to uninstall if you do not use anything Java related. If however you do opt to keep Java installed do uninstall this out of date version:-

Java™ 6 Update 30 and this also if you do not use it, JavaFX 2.1.1.

The other version installed is the most recent.

MSConfig Advice:

Personally I do not think it wise to use the System Configuration Utility unless you know exactly what your are doing as otherwise serious problems may arise.

I advise you consider this application to use instead, it will also provide a extra layer of system protection via its monitoring activities.

WinPatrol:

Download it from here

You can find information about how WinPatrol works here

Note: Do not download/install just yet as it may hinder the malware removal process but by all means do so when I give the all clear if you so wish.

Custom ComboFix-Script:

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog305]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[-HKEY_CLASSES_ROOT\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}]
[-HKEY_CLASSES_ROOT\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}]
[-HKEY_CLASSES_ROOT\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[-HKEY_CLASSES_ROOT\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[-HKEY_CLASSES_ROOT\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
[-HKEY_CLASSES_ROOT\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Posted Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
Caustion: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Malwarebytes Anti-Malware:

It appears it may no longer be installed, if this is the case merely redownload and install from here.

  • Launch the application, Check for Updates >> Perform quick scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Scan with TDSSKiller:

Please download TDSSKiller.zip and extract (unzip) it to your Desktop.

  • Double-click on TDSSKiller.exe to launch it.
  • When the window opens, click on Change Parameters
  • Under Additional options, select both Verify driver digital signitures & Detect TDLFS File System >> OK
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • A Report will have been created by TDSSKiller in your root directory C:\
  • To find the log go to Start > My Computer > C:
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • New ComboFix Log.
  • Malwarebytes Anti-Malware Log.
  • TDSSKiller Log.
Note: Post all requested logs separately if the need...
  • 0

Advertisements

#26
mnstrbuck
Posted 30 September 2012 - 02:59 PM

mnstrbuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
combofix log

ComboFix 12-09-30.01 - user 09/30/2012 15:44:49.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1202 [GMT -5:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-30 )))))))))))))))))))))))))))))))
.
.
2012-09-30 17:21 . 2012-09-30 17:21 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4CE17BAA-06DE-42D2-B1F2-8D9DB2083DB0}\offreg.dll
2012-09-30 13:51 . 2012-09-19 05:59 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4CE17BAA-06DE-42D2-B1F2-8D9DB2083DB0}\mpengine.dll
2012-09-28 16:18 . 2012-09-19 05:59 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-28 13:42 . 2012-09-28 13:42 -------- d-----w- C:\_OTL
2012-09-27 16:06 . 2012-09-27 16:06 -------- d-----w- c:\program files\ERUNT
2012-09-23 13:48 . 2012-09-23 03:50 172464 ----a-w- c:\program files\4zres.dll
2012-09-23 13:38 . 2012-09-23 13:47 -------- d-----w- c:\documents and settings\user\Application Data\FreeFileViewer
2012-09-23 13:34 . 2012-09-23 13:35 -------- d-----w- c:\program files\FreeFileViewer
2012-09-23 13:34 . 2012-09-23 13:34 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Wajam
2012-09-23 13:34 . 2012-09-23 13:50 -------- d-----w- c:\program files\Yontoo
2012-09-22 02:40 . 2012-09-22 02:40 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-22 02:30 . 2012-09-22 02:30 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Microsoft_Corporation
2012-09-21 17:49 . 2012-09-21 17:49 -------- d-----w- c:\program files\Common Files\Java
2012-09-21 17:48 . 2012-09-21 17:48 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-21 17:30 . 2012-09-21 17:30 -------- d-----w- c:\program files\iPod
2012-09-21 17:30 . 2012-09-21 17:31 -------- d-----w- c:\program files\iTunes
2012-09-21 17:30 . 2012-09-21 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-05 21:20 . 2012-09-05 21:20 389120 ----a-w- c:\windows\system32\RegistryHelperLM.ocx
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 17:53 . 2012-05-05 19:14 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 17:53 . 2011-12-24 13:26 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-21 17:48 . 2012-06-26 15:23 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-21 17:48 . 2010-05-24 01:27 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-21 17:48 . 2010-05-24 01:27 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-21 18:01 . 2009-06-30 17:15 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 18:01 . 2009-06-30 17:15 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-09 18:42 . 2011-04-05 20:05 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-07-09 18:42 . 2011-04-05 20:05 44032 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-07-06 13:58 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2009-06-11 04:41 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ExifLauncher2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk
backup=c:\windows\pss\ExifLauncher2.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/5/2012 2:14 PM 250288]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\drivers\usbVM305.sys [12/26/2009 9:49 PM 392316]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BITS
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 17:53]
.
2012-09-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-09-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-682003330-1563985344-2147018087-1004Core.job
- c:\documents and settings\user\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-01-29 23:00]
.
2012-09-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-682003330-1563985344-2147018087-1004UA.job
- c:\documents and settings\user\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-01-29 23:00]
.
2012-09-30 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2012-09-23 20:24]
.
2012-09-30 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
.
2012-09-30 c:\windows\Tasks\ProgramUpdateCheck.job
- c:\program files\File Type Assistant\tsassist.exe [2012-04-03 19:22]
.
2012-09-30 c:\windows\Tasks\User_Feed_Synchronization-{B2BBBCDF-5101-4452-94CE-E6914C9DD56C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.ca/
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=CA&userid=9dcec610-e116-44f8-95e2-f846af83532d&searchtype=ds&q={searchTerms}
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www.update
Trusted Zone: yahoo.com\ca
Trusted Zone: yahoo.com\ca.news
TCP: DhcpNameServer = 192.168.100.254 142.161.130.155
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-30 15:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-09-30 15:52:01
ComboFix-quarantined-files.txt 2012-09-30 20:51
ComboFix2.txt 2012-09-28 16:03
.
Pre-Run: 51,728,109,568 bytes free
Post-Run: 51,791,347,712 bytes free
.
- - End Of File - - D1E3DC8EFEB6268F3F4614FBCF27F151
  • 0

#27
mnstrbuck
Posted 30 September 2012 - 03:00 PM

mnstrbuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
mbam log

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.30.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
user :: USER-04C1162F33 [administrator]

9/30/2012 3:58:13 PM
mbam-log-2012-09-30 (15-58-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213142
Time elapsed: 2 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#28
mnstrbuck
Posted 30 September 2012 - 03:08 PM

mnstrbuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
tdsskiller log

16:07:39.0359 4044 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
16:07:39.0718 4044 ============================================================
16:07:39.0718 4044 Current date / time: 2012/09/30 16:07:39.0718
16:07:39.0718 4044 SystemInfo:
16:07:39.0718 4044
16:07:39.0718 4044 OS Version: 5.1.2600 ServicePack: 3.0
16:07:39.0718 4044 Product type: Workstation
16:07:39.0718 4044 ComputerName: USER-04C1162F33
16:07:39.0718 4044 UserName: user
16:07:39.0718 4044 Windows directory: C:\WINDOWS
16:07:39.0718 4044 System windows directory: C:\WINDOWS
16:07:39.0718 4044 Processor architecture: Intel x86
16:07:39.0718 4044 Number of processors: 2
16:07:39.0718 4044 Page size: 0x1000
16:07:39.0718 4044 Boot type: Normal boot
16:07:39.0718 4044 ============================================================
16:07:40.0890 4044 Drive \Device\Harddisk0\DR0 - Size: 0x2540ADBE00 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:07:40.0906 4044 ============================================================
16:07:40.0906 4044 \Device\Harddisk0\DR0:
16:07:40.0906 4044 MBR partitions:
16:07:40.0906 4044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A011FC
16:07:40.0906 4044 ============================================================
16:07:40.0937 4044 C: <-> \Device\Harddisk0\DR0\Partition1
16:07:40.0937 4044 ============================================================
16:07:40.0937 4044 Initialize success
16:07:40.0937 4044 ============================================================
16:08:16.0046 2136 ============================================================
16:08:16.0046 2136 Scan started
16:08:16.0046 2136 Mode: Manual; SigCheck; TDLFS;
16:08:16.0046 2136 ============================================================
16:08:16.0765 2136 ================ Scan system memory ========================
16:08:16.0765 2136 System memory - ok
16:08:16.0765 2136 ================ Scan services =============================
16:08:16.0859 2136 Abiosdsk - ok
16:08:16.0859 2136 abp480n5 - ok
16:08:16.0906 2136 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:08:17.0390 2136 ACPI - ok
16:08:17.0421 2136 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:08:17.0515 2136 ACPIEC - ok
16:08:17.0593 2136 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:08:17.0609 2136 AdobeFlashPlayerUpdateSvc - ok
16:08:17.0609 2136 adpu160m - ok
16:08:17.0656 2136 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:08:17.0765 2136 aec - ok
16:08:17.0796 2136 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:08:17.0859 2136 AFD - ok
16:08:17.0859 2136 Aha154x - ok
16:08:17.0859 2136 aic78u2 - ok
16:08:17.0859 2136 aic78xx - ok
16:08:17.0890 2136 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:08:17.0968 2136 Alerter - ok
16:08:17.0984 2136 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
16:08:18.0015 2136 ALG - ok
16:08:18.0031 2136 AliIde - ok
16:08:18.0031 2136 [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
16:08:18.0062 2136 AmdPPM - ok
16:08:18.0062 2136 amsint - ok
16:08:18.0140 2136 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:08:18.0156 2136 Apple Mobile Device - ok
16:08:18.0156 2136 AppMgmt - ok
16:08:18.0156 2136 asc - ok
16:08:18.0171 2136 asc3350p - ok
16:08:18.0171 2136 asc3550 - ok
16:08:18.0234 2136 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:08:18.0250 2136 aspnet_state - ok
16:08:18.0296 2136 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:08:18.0390 2136 AsyncMac - ok
16:08:18.0437 2136 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:08:18.0515 2136 atapi - ok
16:08:18.0515 2136 Atdisk - ok
16:08:18.0578 2136 [ ECA673779ECD27D674953D692FE070F6 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
16:08:18.0625 2136 Ati HotKey Poller - ok
16:08:18.0656 2136 [ 1428C586BB318E1404575834E428ADDD ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
16:08:18.0703 2136 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
16:08:18.0703 2136 ATI Smart - detected UnsignedFile.Multi.Generic (1)
16:08:18.0812 2136 [ 15B2FE76E2ECEB98C49ED52311A6F26F ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:08:18.0968 2136 ati2mtag - ok
16:08:19.0015 2136 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:08:19.0093 2136 Atmarpc - ok
16:08:19.0125 2136 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:08:19.0234 2136 AudioSrv - ok
16:08:19.0265 2136 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:08:19.0343 2136 audstub - ok
16:08:19.0375 2136 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:08:19.0468 2136 Beep - ok
16:08:19.0515 2136 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
16:08:19.0625 2136 BITS - ok
16:08:19.0703 2136 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:08:19.0718 2136 Bonjour Service - ok
16:08:19.0765 2136 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
16:08:19.0828 2136 Browser - ok
16:08:19.0984 2136 catchme - ok
16:08:20.0031 2136 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:08:20.0140 2136 cbidf2k - ok
16:08:20.0171 2136 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:08:20.0250 2136 CCDECODE - ok
16:08:20.0250 2136 cd20xrnt - ok
16:08:20.0281 2136 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:08:20.0359 2136 Cdaudio - ok
16:08:20.0406 2136 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:08:20.0500 2136 Cdfs - ok
16:08:20.0531 2136 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:08:20.0640 2136 Cdrom - ok
16:08:20.0640 2136 Changer - ok
16:08:20.0671 2136 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:08:20.0750 2136 CiSvc - ok
16:08:20.0781 2136 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:08:20.0890 2136 ClipSrv - ok
16:08:20.0890 2136 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:08:20.0906 2136 clr_optimization_v2.0.50727_32 - ok
16:08:20.0968 2136 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:08:20.0984 2136 clr_optimization_v4.0.30319_32 - ok
16:08:20.0984 2136 CmdIde - ok
16:08:20.0984 2136 COMSysApp - ok
16:08:21.0000 2136 Cpqarray - ok
16:08:21.0015 2136 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:08:21.0109 2136 CryptSvc - ok
16:08:21.0109 2136 dac2w2k - ok
16:08:21.0109 2136 dac960nt - ok
16:08:21.0156 2136 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:08:21.0203 2136 DcomLaunch - ok
16:08:21.0218 2136 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:08:21.0312 2136 Dhcp - ok
16:08:21.0343 2136 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:08:21.0453 2136 Disk - ok
16:08:21.0453 2136 dmadmin - ok
16:08:21.0515 2136 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:08:21.0625 2136 dmboot - ok
16:08:21.0656 2136 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:08:21.0750 2136 dmio - ok
16:08:21.0765 2136 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:08:21.0859 2136 dmload - ok
16:08:21.0859 2136 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:08:21.0953 2136 dmserver - ok
16:08:21.0984 2136 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:08:22.0093 2136 DMusic - ok
16:08:22.0140 2136 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:08:22.0203 2136 Dnscache - ok
16:08:22.0218 2136 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:08:22.0296 2136 Dot3svc - ok
16:08:22.0312 2136 dpti2o - ok
16:08:22.0328 2136 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:08:22.0406 2136 drmkaud - ok
16:08:22.0437 2136 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:08:22.0515 2136 EapHost - ok
16:08:22.0546 2136 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:08:22.0625 2136 ERSvc - ok
16:08:22.0656 2136 esgiguard - ok
16:08:22.0687 2136 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
16:08:22.0703 2136 Eventlog - ok
16:08:22.0750 2136 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
16:08:22.0781 2136 EventSystem - ok
16:08:22.0812 2136 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:08:22.0921 2136 Fastfat - ok
16:08:22.0984 2136 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:08:23.0031 2136 FastUserSwitchingCompatibility - ok
16:08:23.0046 2136 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
16:08:23.0156 2136 Fdc - ok
16:08:23.0187 2136 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:08:23.0281 2136 Fips - ok
16:08:23.0312 2136 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:08:23.0406 2136 Flpydisk - ok
16:08:23.0453 2136 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:08:23.0546 2136 FltMgr - ok
16:08:23.0625 2136 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:08:23.0640 2136 FontCache3.0.0.0 - ok
16:08:23.0640 2136 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:08:23.0734 2136 Fs_Rec - ok
16:08:23.0734 2136 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:08:23.0812 2136 Ftdisk - ok
16:08:23.0843 2136 [ C6E3105B8C68C35CC1EB26A00FD1A8C6 ] gdrv C:\WINDOWS\gdrv.sys
16:08:23.0906 2136 gdrv - ok
16:08:23.0953 2136 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:08:23.0968 2136 GEARAspiWDM - ok
16:08:23.0968 2136 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:08:24.0078 2136 Gpc - ok
16:08:24.0109 2136 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:08:24.0187 2136 HDAudBus - ok
16:08:24.0250 2136 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:08:24.0359 2136 helpsvc - ok
16:08:24.0359 2136 HidServ - ok
16:08:24.0390 2136 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:08:24.0484 2136 hidusb - ok
16:08:24.0500 2136 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:08:24.0593 2136 hkmsvc - ok
16:08:24.0593 2136 hpn - ok
16:08:24.0656 2136 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:08:24.0703 2136 HPZius12 - ok
16:08:24.0734 2136 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:08:24.0765 2136 HTTP - ok
16:08:24.0781 2136 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:08:24.0875 2136 HTTPFilter - ok
16:08:24.0890 2136 i2omgmt - ok
16:08:24.0890 2136 i2omp - ok
16:08:24.0906 2136 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:08:25.0000 2136 i8042prt - ok
16:08:25.0062 2136 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:08:25.0093 2136 idsvc - ok
16:08:25.0140 2136 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:08:25.0234 2136 Imapi - ok
16:08:25.0281 2136 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:08:25.0359 2136 ImapiService - ok
16:08:25.0359 2136 ini910u - ok
16:08:25.0546 2136 [ 2FEB5BF0312E1CB76CD2CAA875CBAA5D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:08:25.0750 2136 IntcAzAudAddService - ok
16:08:25.0765 2136 IntelIde - ok
16:08:25.0843 2136 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:08:25.0937 2136 Ip6Fw - ok
16:08:26.0000 2136 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:08:26.0078 2136 IpFilterDriver - ok
16:08:26.0078 2136 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:08:26.0156 2136 IpInIp - ok
16:08:26.0171 2136 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:08:26.0281 2136 IpNat - ok
16:08:26.0359 2136 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:08:26.0390 2136 iPod Service - ok
16:08:26.0437 2136 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:08:26.0546 2136 IPSec - ok
16:08:26.0593 2136 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
16:08:26.0718 2136 irda - ok
16:08:26.0750 2136 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:08:26.0796 2136 IRENUM - ok
16:08:26.0843 2136 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll
16:08:26.0859 2136 Irmon - ok
16:08:26.0875 2136 [ 0501F0B9AB08425F8C0EACBDCC04AA32 ] irsir C:\WINDOWS\system32\DRIVERS\irsir.sys
16:08:26.0921 2136 irsir - ok
16:08:26.0937 2136 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:08:27.0046 2136 isapnp - ok
16:08:27.0218 2136 [ 80F08F50D248EEEEB9256F6522891D40 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
16:08:27.0218 2136 JavaQuickStarterService - ok
16:08:27.0265 2136 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:08:27.0375 2136 Kbdclass - ok
16:08:27.0437 2136 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:08:27.0562 2136 kbdhid - ok
16:08:27.0593 2136 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:08:27.0703 2136 kmixer - ok
16:08:27.0750 2136 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:08:27.0796 2136 KSecDD - ok
16:08:27.0843 2136 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
16:08:27.0875 2136 LanmanServer - ok
16:08:27.0921 2136 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:08:27.0968 2136 lanmanworkstation - ok
16:08:27.0984 2136 lbrtfdc - ok
16:08:28.0015 2136 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:08:28.0109 2136 LmHosts - ok
16:08:28.0140 2136 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:08:28.0218 2136 Messenger - ok
16:08:28.0265 2136 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:08:28.0359 2136 mnmdd - ok
16:08:28.0390 2136 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:08:28.0484 2136 mnmsrvc - ok
16:08:28.0484 2136 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:08:28.0578 2136 Modem - ok
16:08:28.0625 2136 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:08:28.0703 2136 Mouclass - ok
16:08:28.0718 2136 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:08:28.0796 2136 mouhid - ok
16:08:28.0843 2136 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:08:28.0921 2136 MountMgr - ok
16:08:28.0953 2136 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
16:08:28.0968 2136 MpFilter - ok
16:08:28.0968 2136 mraid35x - ok
16:08:28.0968 2136 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:08:29.0046 2136 MRxDAV - ok
16:08:29.0093 2136 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:08:29.0156 2136 MRxSmb - ok
16:08:29.0218 2136 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:08:29.0312 2136 MSDTC - ok
16:08:29.0328 2136 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:08:29.0406 2136 Msfs - ok
16:08:29.0406 2136 MSIServer - ok
16:08:29.0453 2136 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:08:29.0531 2136 MSKSSRV - ok
16:08:29.0609 2136 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:08:29.0625 2136 MsMpSvc - ok
16:08:29.0625 2136 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:08:29.0734 2136 MSPCLOCK - ok
16:08:29.0734 2136 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:08:29.0812 2136 MSPQM - ok
16:08:29.0859 2136 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:08:29.0937 2136 mssmbios - ok
16:08:29.0968 2136 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
16:08:30.0062 2136 MSTEE - ok
16:08:30.0093 2136 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:08:30.0125 2136 Mup - ok
16:08:30.0125 2136 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:08:30.0218 2136 NABTSFEC - ok
16:08:30.0250 2136 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:08:30.0328 2136 napagent - ok
16:08:30.0359 2136 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:08:30.0437 2136 NDIS - ok
16:08:30.0437 2136 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:08:30.0546 2136 NdisIP - ok
16:08:30.0578 2136 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:08:30.0593 2136 NdisTapi - ok
16:08:30.0640 2136 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:08:30.0750 2136 Ndisuio - ok
16:08:30.0781 2136 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:08:30.0875 2136 NdisWan - ok
16:08:30.0921 2136 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:08:30.0937 2136 NDProxy - ok
16:08:30.0953 2136 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:08:31.0046 2136 NetBIOS - ok
16:08:31.0062 2136 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:08:31.0140 2136 NetBT - ok
16:08:31.0171 2136 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
16:08:31.0265 2136 NetDDE - ok
16:08:31.0265 2136 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:08:31.0359 2136 NetDDEdsdm - ok
16:08:31.0390 2136 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:08:31.0468 2136 Netlogon - ok
16:08:31.0515 2136 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
16:08:31.0609 2136 Netman - ok
16:08:31.0640 2136 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:08:31.0656 2136 NetTcpPortSharing - ok
16:08:31.0687 2136 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
16:08:31.0703 2136 Nla - ok
16:08:31.0703 2136 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:08:31.0812 2136 Npfs - ok
16:08:31.0859 2136 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:08:31.0968 2136 Ntfs - ok
16:08:31.0984 2136 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:08:32.0062 2136 NtLmSsp - ok
16:08:32.0109 2136 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:08:32.0187 2136 NtmsSvc - ok
16:08:32.0203 2136 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:08:32.0281 2136 Null - ok
16:08:32.0328 2136 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:08:32.0421 2136 NwlnkFlt - ok
16:08:32.0421 2136 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:08:32.0515 2136 NwlnkFwd - ok
16:08:32.0546 2136 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:08:32.0781 2136 Parport - ok
16:08:32.0796 2136 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:08:32.0890 2136 PartMgr - ok
16:08:32.0921 2136 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:08:33.0000 2136 ParVdm - ok
16:08:33.0015 2136 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:08:33.0109 2136 PCI - ok
16:08:33.0109 2136 PCIDump - ok
16:08:33.0109 2136 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
16:08:33.0187 2136 PCIIde - ok
16:08:33.0234 2136 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:08:33.0328 2136 Pcmcia - ok
16:08:33.0328 2136 PDCOMP - ok
16:08:33.0328 2136 PDFRAME - ok
16:08:33.0328 2136 PDRELI - ok
16:08:33.0328 2136 PDRFRAME - ok
16:08:33.0328 2136 perc2 - ok
16:08:33.0343 2136 perc2hib - ok
16:08:33.0359 2136 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
16:08:33.0375 2136 PlugPlay - ok
16:08:33.0375 2136 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:08:33.0468 2136 PolicyAgent - ok
16:08:33.0468 2136 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:08:33.0546 2136 PptpMiniport - ok
16:08:33.0593 2136 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
16:08:33.0687 2136 Processor - ok
16:08:33.0687 2136 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:08:33.0765 2136 ProtectedStorage - ok
16:08:33.0781 2136 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:08:33.0875 2136 PSched - ok
16:08:33.0875 2136 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:08:33.0953 2136 Ptilink - ok
16:08:33.0968 2136 ql1080 - ok
16:08:33.0968 2136 Ql10wnt - ok
16:08:33.0968 2136 ql12160 - ok
16:08:33.0968 2136 ql1240 - ok
16:08:33.0968 2136 ql1280 - ok
16:08:34.0000 2136 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:08:34.0078 2136 RasAcd - ok
16:08:34.0109 2136 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:08:34.0187 2136 RasAuto - ok
16:08:34.0234 2136 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
16:08:34.0281 2136 Rasirda - ok
16:08:34.0281 2136 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:08:34.0375 2136 Rasl2tp - ok
16:08:34.0406 2136 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:08:34.0484 2136 RasMan - ok
16:08:34.0484 2136 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:08:34.0578 2136 RasPppoe - ok
16:08:34.0578 2136 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:08:34.0671 2136 Raspti - ok
16:08:34.0687 2136 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:08:34.0765 2136 Rdbss - ok
16:08:34.0765 2136 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:08:34.0859 2136 RDPCDD - ok
16:08:34.0906 2136 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:08:34.0953 2136 RDPWD - ok
16:08:34.0984 2136 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:08:35.0078 2136 RDSessMgr - ok
16:08:35.0093 2136 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:08:35.0187 2136 redbook - ok
16:08:35.0203 2136 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:08:35.0281 2136 RemoteAccess - ok
16:08:35.0296 2136 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
16:08:35.0390 2136 RpcLocator - ok
16:08:35.0421 2136 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
16:08:35.0437 2136 RpcSs - ok
16:08:35.0484 2136 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:08:35.0562 2136 RSVP - ok
16:08:35.0609 2136 [ B1A055F3B4CF2A60ADA63009F157126C ] RT61 C:\WINDOWS\system32\DRIVERS\RT61.sys
16:08:35.0656 2136 RT61 - ok
16:08:35.0687 2136 [ 6EBFBBF24FED8285928B825A46618F8A ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
16:08:35.0734 2136 RTLE8023xp - ok
16:08:35.0765 2136 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
16:08:35.0843 2136 SamSs - ok
16:08:35.0890 2136 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:08:36.0000 2136 SCardSvr - ok
16:08:36.0046 2136 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:08:36.0125 2136 Schedule - ok
16:08:36.0140 2136 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:08:36.0187 2136 Secdrv - ok
16:08:36.0218 2136 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:08:36.0328 2136 seclogon - ok
16:08:36.0328 2136 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
16:08:36.0406 2136 SENS - ok
16:08:36.0437 2136 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:08:36.0515 2136 serenum - ok
16:08:36.0515 2136 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:08:36.0625 2136 Serial - ok
16:08:36.0656 2136 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:08:36.0734 2136 Sfloppy - ok
16:08:36.0750 2136 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:08:36.0828 2136 SharedAccess - ok
16:08:36.0859 2136 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:08:36.0875 2136 ShellHWDetection - ok
16:08:36.0875 2136 Simbad - ok
16:08:36.0906 2136 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:08:36.0984 2136 SLIP - ok
16:08:37.0015 2136 Sparrow - ok
16:08:37.0046 2136 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:08:37.0156 2136 splitter - ok
16:08:37.0203 2136 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:08:37.0234 2136 Spooler - ok
16:08:37.0281 2136 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:08:37.0312 2136 sr - ok
16:08:37.0343 2136 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
16:08:37.0375 2136 srservice - ok
16:08:37.0437 2136 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:08:37.0468 2136 Srv - ok
16:08:37.0515 2136 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:08:37.0546 2136 SSDPSRV - ok
16:08:37.0593 2136 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
16:08:37.0656 2136 StillCam - ok
16:08:37.0687 2136 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:08:37.0781 2136 stisvc - ok
16:08:37.0796 2136 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:08:37.0890 2136 streamip - ok
16:08:37.0890 2136 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:08:37.0968 2136 swenum - ok
16:08:38.0000 2136 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:08:38.0093 2136 swmidi - ok
16:08:38.0093 2136 SwPrv - ok
16:08:38.0109 2136 symc810 - ok
16:08:38.0109 2136 symc8xx - ok
16:08:38.0109 2136 sym_hi - ok
16:08:38.0109 2136 sym_u3 - ok
16:08:38.0140 2136 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:08:38.0234 2136 sysaudio - ok
16:08:38.0250 2136 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:08:38.0328 2136 SysmonLog - ok
16:08:38.0343 2136 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:08:38.0437 2136 TapiSrv - ok
16:08:38.0484 2136 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:08:38.0515 2136 Tcpip - ok
16:08:38.0546 2136 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:08:38.0640 2136 TDPIPE - ok
16:08:38.0656 2136 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:08:38.0734 2136 TDTCP - ok
16:08:38.0765 2136 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:08:38.0859 2136 TermDD - ok
16:08:38.0875 2136 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
16:08:38.0953 2136 TermService - ok
16:08:38.0984 2136 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
16:08:38.0984 2136 Themes - ok
16:08:39.0000 2136 TosIde - ok
16:08:39.0015 2136 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:08:39.0109 2136 TrkWks - ok
16:08:39.0125 2136 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:08:39.0218 2136 Udfs - ok
16:08:39.0218 2136 ultra - ok
16:08:39.0265 2136 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:08:39.0375 2136 Update - ok
16:08:39.0406 2136 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:08:39.0437 2136 upnphost - ok
16:08:39.0453 2136 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
16:08:39.0531 2136 UPS - ok
16:08:39.0578 2136 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
16:08:39.0609 2136 USBAAPL - ok
16:08:39.0640 2136 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
16:08:39.0734 2136 usbaudio - ok
16:08:39.0765 2136 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:08:39.0843 2136 usbccgp - ok
16:08:39.0859 2136 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:08:39.0953 2136 usbehci - ok
16:08:39.0984 2136 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:08:40.0062 2136 usbhub - ok
16:08:40.0078 2136 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:08:40.0187 2136 usbohci - ok
16:08:40.0203 2136 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:08:40.0296 2136 usbprint - ok
16:08:40.0328 2136 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:08:40.0406 2136 usbscan - ok
16:08:40.0453 2136 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:08:40.0546 2136 usbstor - ok
16:08:40.0578 2136 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:08:40.0656 2136 VgaSave - ok
16:08:40.0656 2136 ViaIde - ok
16:08:40.0703 2136 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:08:40.0781 2136 VolSnap - ok
16:08:40.0843 2136 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
16:08:40.0875 2136 VSS - ok
16:08:40.0937 2136 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
16:08:41.0031 2136 W32Time - ok
16:08:41.0046 2136 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:08:41.0156 2136 Wanarp - ok
16:08:41.0156 2136 WDICA - ok
16:08:41.0187 2136 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:08:41.0281 2136 wdmaud - ok
16:08:41.0312 2136 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:08:41.0406 2136 WebClient - ok
16:08:41.0484 2136 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:08:41.0578 2136 winmgmt - ok
16:08:41.0640 2136 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
16:08:41.0687 2136 WinRM - ok
16:08:41.0796 2136 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:08:41.0859 2136 wlidsvc - ok
16:08:41.0875 2136 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:08:41.0906 2136 WmdmPmSN - ok
16:08:41.0937 2136 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:08:42.0046 2136 WmiApSrv - ok
16:08:42.0140 2136 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
16:08:42.0171 2136 WMPNetworkSvc - ok
16:08:42.0187 2136 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:08:42.0203 2136 WpdUsb - ok
16:08:42.0296 2136 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:08:42.0328 2136 WPFFontCache_v0400 - ok
16:08:42.0390 2136 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:08:42.0484 2136 WS2IFSL - ok
16:08:42.0515 2136 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:08:42.0609 2136 wscsvc - ok
16:08:42.0609 2136 WSearch - ok
16:08:42.0640 2136 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:08:42.0718 2136 WSTCODEC - ok
16:08:42.0750 2136 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:08:42.0828 2136 wuauserv - ok
16:08:42.0875 2136 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:08:42.0906 2136 WudfPf - ok
16:08:42.0921 2136 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:08:42.0921 2136 WudfRd - ok
16:08:42.0953 2136 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:08:42.0953 2136 WudfSvc - ok
16:08:43.0015 2136 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:08:43.0125 2136 WZCSVC - ok
16:08:43.0156 2136 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:08:43.0234 2136 xmlprov - ok
16:08:43.0312 2136 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
16:08:43.0328 2136 YahooAUService - ok
16:08:43.0375 2136 [ 9371F602DA4B3CE34E519CB3E81E89C8 ] ZSMC0305 C:\WINDOWS\system32\Drivers\usbVM305.sys
16:08:43.0390 2136 ZSMC0305 ( UnsignedFile.Multi.Generic ) - warning
16:08:43.0390 2136 ZSMC0305 - detected UnsignedFile.Multi.Generic (1)
16:08:43.0406 2136 ================ Scan global ===============================
16:08:43.0437 2136 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
16:08:43.0484 2136 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:08:43.0500 2136 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:08:43.0500 2136 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
16:08:43.0500 2136 [Global] - ok
16:08:43.0500 2136 ================ Scan MBR ==================================
16:08:43.0531 2136 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
16:08:43.0765 2136 \Device\Harddisk0\DR0 - ok
16:08:43.0765 2136 ================ Scan VBR ==================================
16:08:43.0765 2136 [ E934D1DD57DD3FBBE56DCD897CFFCAFE ] \Device\Harddisk0\DR0\Partition1
16:08:43.0765 2136 \Device\Harddisk0\DR0\Partition1 - ok
16:08:43.0765 2136 ============================================================
16:08:43.0765 2136 Scan finished
16:08:43.0765 2136 ============================================================
16:08:43.0875 3880 Detected object count: 2
16:08:43.0875 3880 Actual detected object count: 2
16:09:13.0062 3880 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
16:09:13.0062 3880 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:09:13.0062 3880 ZSMC0305 ( UnsignedFile.Multi.Generic ) - skipped by user
16:09:13.0062 3880 ZSMC0305 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:10:09.0343 2372 Deinitialize success
  • 0

#29
Dakeyras
Posted 01 October 2012 - 02:52 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Could you please provide a response to this in your next reply:-

How is your computer performing now, any further symptoms and or problems encountered?

That way I will be better able to assist you, thank you.

Check Hard Disk For Errors:

Click on Start >> Run..., then copy/paste the following command into the box and click on OK:

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
A blank command window will open on your desktop, then close in a few minutes. This is normal.

A file icon named checkhd.txt should appear on your desktop. Please post the contents of this file.

Scan with AdwCleaner:

Please download adwcleaner from here and save to your desktop.

Alternate download is here.

  • Double click on adwcleaner.exe to launch the application.
  • Now click on the Search tab.
  • Please post the contents of the log-file created in your next post.
Note: The log can also be located at C: >> AdwCleaner[XX].txt >> XX <-- denotes the number of times the application has been ran, so in this case may be something like R1.
  • 0

#30
mnstrbuck
Posted 01 October 2012 - 07:31 AM

mnstrbuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Sorry for not giving an update on how my computer is running, it is running alot better everytime we do a fix, it will stream videos now and it is running smooth

The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
CHKDSK is recovering lost files.
CHKDSK is verifying security descriptors (stage 3 of 3)...
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

156240125 KB total disk space.
105499860 KB in 87670 files.
40588 KB in 12533 indexes.
4 KB in bad sectors.
260345 KB in use by the system.
65536 KB occupied by the log file.
50439328 KB available on disk.

4096 bytes in each allocation unit.
39060031 total allocation units on disk.
12609832 allocation units available on disk.

Edited by mnstrbuck, 01 October 2012 - 07:33 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP