Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

IRC BOT [Closed]

Started by Groovka , Oct 26 2012 09:59 AM

  • This topic is locked This topic is locked

#1
Groovka
Posted 26 October 2012 - 09:59 AM

Groovka

    Member

  • Member
  • PipPip
  • 10 posts
Hello,

I have been informed by my service provider Rogers that my computer has an IRC BOT/virus and they have shut down my service on a few occasions. Please help me with this.

I've ran the OTL tool and here is my log:

OTL logfile created on: 10/26/2012 10:06:51 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.47 Gb Available Physical Memory | 31.46% Memory free
3.35 Gb Paging File | 2.38 Gb Available in Paging File | 71.02% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 11.91 Gb Free Space | 15.99% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 63.87 Gb Free Space | 21.43% Space Free | Partition Type: NTFS
Drive F: | 232.83 Gb Total Space | 15.11 Gb Free Space | 6.49% Space Free | Partition Type: FAT32

Computer Name: HOME-HV7662RNXZ | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/26 10:06:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2012/10/21 21:21:01 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/10/09 10:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/08/17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2011/11/29 21:58:56 | 000,021,392 | ---- | M] () -- C:\Program Files\SAMSUNG\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011/11/29 21:58:46 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\Kies\KiesTrayAgent.exe
PRC - [2010/10/29 14:49:28 | 000,505,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/05/12 17:04:48 | 000,599,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/05/12 17:03:22 | 000,300,472 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2004/11/02 20:24:46 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
PRC - [2004/08/04 03:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/21 21:20:43 | 002,294,240 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/10/10 04:15:36 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\16670b6870746e5a8dc4a73a76a90bed\System.Management.ni.dll
MOD - [2012/10/10 04:07:26 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
MOD - [2012/10/10 04:07:11 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll
MOD - [2012/10/10 04:06:36 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll
MOD - [2012/10/10 04:05:44 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\e98726349766935ec0e9b980f19a046a\System.Core.ni.dll
MOD - [2012/10/10 04:05:15 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7579c76fa81eb309d3170b62467be58d\PresentationFramework.Luna.ni.dll
MOD - [2012/10/10 04:05:05 | 014,328,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\560662ada034afb6ec78a152bd9a47b5\PresentationFramework.ni.dll
MOD - [2012/10/10 04:04:19 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\9f5dff344ac6ac923b5ade8ba1ab9382\PresentationCore.ni.dll
MOD - [2012/10/10 04:03:45 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\d63164ac4ed5adabc6a1b0fdf07eee05\WindowsBase.ni.dll
MOD - [2012/10/10 04:02:51 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
MOD - [2012/10/10 04:02:16 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
MOD - [2012/10/10 03:59:20 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/08/17 21:39:26 | 001,310,136 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2012/01/10 07:47:34 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/29 21:58:56 | 000,021,392 | ---- | M] () -- C:\Program Files\SAMSUNG\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011/11/29 17:39:44 | 000,624,040 | ---- | M] () -- C:\Program Files\SAMSUNG\Kies\External\FirmwareUpdate\CommonModule.dll
MOD - [2011/11/29 17:39:44 | 000,494,504 | ---- | M] () -- C:\Program Files\SAMSUNG\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll
MOD - [2011/11/29 17:39:44 | 000,007,168 | ---- | M] () -- C:\Program Files\SAMSUNG\Kies\External\FirmwareUpdate\IPCServer.dll
MOD - [2011/11/29 17:39:44 | 000,003,584 | ---- | M] () -- C:\Program Files\SAMSUNG\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll
MOD - [2011/08/28 17:19:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/07/18 17:04:08 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll
MOD - [2010/08/10 00:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/21 21:20:54 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/12 05:07:16 | 004,537,664 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_5891ae0.dll -- (Akamai)
SRV - [2012/08/17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/10/06 11:27:25 | 000,024,920 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2012/10/06 11:27:23 | 000,024,408 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2012/10/06 11:27:20 | 000,584,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/16 04:52:17 | 000,020,800 | ---- | M] (ThinSoft Pte Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\betwinvf.sys -- (BeTwinVideo)
DRV - [2012/08/16 04:52:17 | 000,016,192 | ---- | M] (ThinSoft Pte Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\betwinmf.sys -- (BeTwinMouse)
DRV - [2012/08/16 04:52:17 | 000,016,192 | ---- | M] (ThinSoft Pte Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\betwinkf.sys -- (BeTwinKeyboard)
DRV - [2012/08/16 04:52:17 | 000,013,640 | ---- | M] (ThinSoft Pte Ltd.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\betwinsystem.sys -- (BeTwinSystem)
DRV - [2012/08/13 16:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kneps.sys -- (kneps)
DRV - [2012/06/27 14:09:08 | 000,035,672 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2012/06/19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2012/06/08 11:38:12 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kltdi.sys -- (kltdi)
DRV - [2011/10/26 21:25:54 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2011/10/26 21:25:54 | 000,078,136 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2010/04/16 16:22:04 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2007/01/30 13:12:06 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2001/08/17 09:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMDM.sys -- (BCMModem)
DRV - [2000/07/24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BRPAR.SYS -- (BrPar)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://win8.microsoft.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {00725d68-069b-4095-9ff1-e7469c0e95df} - C:\Program Files\Software_Master\prxtbSof0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...EA-99725D9C9CFA
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GGLL_enCA395
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT2903600
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://win8.microsoft.com"
FF - prefs.js..extensions.enabledAddons: [email protected]:5.0.4.0
FF - prefs.js..extensions.enabledAddons: [email protected]:5.0.7.0
FF - prefs.js..extensions.enabledAddons: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.8.1
FF - prefs.js..extensions.enabledAddons: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.12.9.1
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledAddons: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.1
FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2
FF - prefs.js..extensions.enabledAddons: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.19
FF - prefs.js..extensions.enabledAddons: [email protected]:3.6.6
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2.1
FF - prefs.js..extensions.enabledAddons: [email protected]:1.8.21
FF - prefs.js..extensions.enabledAddons: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:4.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.3
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.6.2.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.97
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.9
FF - prefs.js..extensions.enabledItems: [email protected]:3.5.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.8.5
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.11.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {F0E1168A-B4B5-484C-B77E-0D28E6B64096}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.7.0
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.1
FF - prefs.js..keyword.URL: "http://www.questscan...anPB&keywords="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""

FF - user.js..browser.startup.homepage: "http://win8.microsoft.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@www.citrix.com/Citrix Access Gateway Endpoint Analysis,version=3.64.0.0: C:\Documents and Settings\All Users\Application Data\Citrix\EndpointAnalysis\npCtxCAO.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: E:\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/10/04 22:20:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/10/06 09:11:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/10/06 09:11:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/10/06 09:10:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/10/06 09:10:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012/10/06 09:11:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/21 21:21:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/21 21:19:07 | 000,000,000 | ---D | M]

[2010/09/03 07:08:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/10/22 07:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kvrfbzev.default\extensions
[2011/06/30 07:58:48 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kvrfbzev.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/08/09 08:39:30 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kvrfbzev.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2012/08/30 07:45:47 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kvrfbzev.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/05/09 17:17:05 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kvrfbzev.default\extensions\[email protected]
[2011/07/09 09:34:28 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kvrfbzev.default\extensions\[email protected]
[2012/10/10 08:52:06 | 001,626,141 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kvrfbzev.default\extensions\[email protected]
[2012/10/22 07:23:19 | 000,158,966 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kvrfbzev.default\extensions\[email protected]
[2012/10/13 16:06:43 | 000,086,269 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kvrfbzev.default\extensions\[email protected]
[2012/10/13 16:06:44 | 000,223,014 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kvrfbzev.default\extensions\[email protected]
[2012/10/01 14:40:26 | 000,061,406 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kvrfbzev.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2012/10/22 07:23:20 | 000,377,191 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kvrfbzev.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2012/09/20 07:14:29 | 001,268,546 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kvrfbzev.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2010/09/11 08:35:58 | 000,002,567 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kvrfbzev.default\searchplugins\askcom.xml
[2011/01/23 13:57:05 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kvrfbzev.default\searchplugins\sweetim.xml
[2012/10/21 21:18:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/29 08:22:21 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/04 22:20:06 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- E:\ADOBE\ADOBE CONTRIBUTE CS5.1\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9}
[2012/10/21 21:21:03 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/05/12 16:42:04 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/05/12 16:43:54 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/05/12 16:42:52 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/05/12 16:42:32 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2008/04/07 15:37:40 | 001,930,270 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np7085DBC5-637F-40BD-8831-EB482754FB17.dll
[2011/03/19 04:58:26 | 000,067,216 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npContribute.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/05/12 17:22:36 | 000,423,328 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2010/05/12 16:43:56 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012/08/30 07:45:13 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/21 21:20:04 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://home.sweetim.com/
CHR - default_search_provider: QuestScan (Enabled)
CHR - default_search_provider: search_url = http://www.questscan...s={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://home.sweetim.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: DX Studio Plugin (Enabled) = C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npDXStudioPlugin.DLL
CHR - plugin: EPAFactory Endpoint Analysis Client 3.64.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np7085DBC5-637F-40BD-8831-EB482754FB17.dll
CHR - plugin: Adobe Contribute CS5.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npContribute.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Kaspersky URL Advisor = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Safe Money = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Default = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1_2\
CHR - Extension: Virtual Keyboard = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\

O1 HOSTS File: ([2012/10/26 09:15:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Software Master Toolbar) - {00725d68-069b-4095-9ff1-e7469c0e95df} - C:\Program Files\Software_Master\prxtbSof0.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Software Master Toolbar) - {00725d68-069b-4095-9ff1-e7469c0e95df} - C:\Program Files\Software_Master\prxtbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Software Master Toolbar) - {00725D68-069B-4095-9FF1-E7469C0E95DF} - C:\Program Files\Software_Master\prxtbSof0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\SAMSUNG\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\SAMSUNG\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1283311818188 (WUWebControl Class)
O16 - DPF: {6416C78A-E810-445C-8712-1785809FA433} https://remoteaccess...t/EPAClient.exe ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F69E475D-D94F-43AF-AE7B-DE24AB6DEFF8}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F69E475D-D94F-43AF-AE7B-DE24AB6DEFF8}: NameServer = 200.74.244.126,8.8.8.8
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/31 22:55:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/03/04 10:34:16 | 000,026,112 | ---- | M] () - E:\Automatic Thoughts and Distortions.doc -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/26 09:35:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/10/26 09:05:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\wedding
[2012/10/26 08:54:42 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/10/26 08:52:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/10/26 08:52:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/10/26 08:52:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/10/26 08:52:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/10/26 08:52:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/26 08:51:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/10/26 08:51:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
[2012/10/26 08:51:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/10/26 08:40:35 | 004,989,043 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/10/21 21:18:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/09 03:00:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2012/10/07 12:53:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2012/10/06 09:24:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Internet Security 2013
[2012/10/06 09:09:23 | 000,074,072 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klflt.sys
[2012/10/06 08:33:07 | 000,000,000 | ---D | C] -- C:\Avenger
[2012/10/06 08:01:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2012/10/06 08:01:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/06 08:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/10/06 08:01:11 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/10/06 08:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/26 10:10:03 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/26 09:52:09 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1757981266-682003330-1003UA.job
[2012/10/26 09:15:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/10/26 09:15:04 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/26 09:15:00 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/26 09:14:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/26 08:54:52 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/10/26 08:41:14 | 004,989,043 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/10/26 07:52:03 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1757981266-682003330-1003Core.job
[2012/10/24 18:20:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/10/22 08:18:50 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/13 17:05:29 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2012/10/13 17:05:29 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/13 16:06:09 | 000,432,664 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/13 16:06:09 | 000,067,428 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/13 03:01:02 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/10/10 07:23:18 | 003,537,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/10/09 21:40:50 | 000,044,324 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\unicorn.jpg
[2012/10/06 13:50:18 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/10/06 11:27:25 | 000,024,920 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klmouflt.sys
[2012/10/06 11:27:23 | 000,024,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klkbdflt.sys
[2012/10/06 11:27:20 | 000,584,536 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2012/10/06 09:59:04 | 000,001,981 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Safe Money.lnk
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/26 09:12:43 | 000,165,464 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/10/26 08:54:52 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/10/26 08:54:46 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/10/26 08:52:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/10/26 08:52:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/10/26 08:52:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/10/26 08:52:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/10/26 08:52:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/10/09 21:40:43 | 000,044,324 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\unicorn.jpg
[2012/10/08 09:02:06 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2012/10/06 09:59:04 | 000,001,981 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Safe Money.lnk
[2011/11/29 17:38:18 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/11/29 17:38:12 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/11/29 17:38:12 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/11/29 17:38:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/11/29 17:38:12 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/11/09 08:03:48 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Adobe PNG Format CS5 Prefs
[2011/04/30 06:40:51 | 000,039,040 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/26 20:03:54 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2010/09/09 22:02:06 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/01 16:17:23 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe

========== ZeroAccess Check ==========

[2010/09/01 16:02:18 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/01/07 18:20:52 | 001,497,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:20:33 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004/08/04 03:56:46 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/09/04 07:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/06/16 20:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/12/18 22:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2011/02/10 19:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SweetIM
[2010/09/12 07:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/10/08 09:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Bradsoft.com
[2011/11/26 09:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/09/04 07:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Citrix
[2011/02/10 07:55:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CoffeeCup Software
[2011/10/16 09:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EurekaLog
[2012/10/26 09:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileZilla
[2010/10/11 11:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2010/09/04 17:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICAClient
[2010/10/11 11:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iJoysoft
[2012/08/12 06:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Notepad++
[2011/02/12 17:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2011/12/19 06:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Samsung
[2011/03/06 09:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/09/24 07:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uspub
[2012/10/26 08:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2011/01/03 16:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VirtualStore
[2012/10/06 08:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ysci

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
gringo_pr
Posted 26 October 2012 - 09:34 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
Groovka
Posted 27 October 2012 - 01:16 PM

Groovka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks for your help, I ran the three tools and here are the results:


checkup.txt
Results of screen317's Security Check version 0.99.53
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Kaspersky Internet Security 2013
McAfee Security Scan Plus
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 24
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.1.102.55
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (16.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Kaspersky Lab Kaspersky Internet Security 2013 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````





AdwCleaner[S1]
# AdwCleaner v2.005 - Logfile created 10/27/2012 at 13:50:04
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Owner - HOME-HV7662RNXZ
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kvrfbzev.default\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kvrfbzev.default\searchplugins\SweetIm.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SweetIM
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kvrfbzev.default\SweetIMToolbarData
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\ConduitEngine
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Software_Master
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\Software_Master
Folder Deleted : C:\Program Files\SweetIM

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{116853B4-ECB3-4D10-A5AE-2B4915A4C77D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{116853B4-ECB3-4D10-A5AE-2B4915A4C77D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6A4301AD-8DEE-4218-8FEE-F15B33C90B52}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Software_Master
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00725D68-069B-4095-9FF1-E7469C0E95DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{116853B4-ECB3-4D10-A5AE-2B4915A4C77D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{58CB6A85-D7F8-4287-BB4F-5FC91F58E71A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6A4301AD-8DEE-4218-8FEE-F15B33C90B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2866295
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2903600
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2911070
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9192E286-80DD-4CB8-9075-D9A1E8C48F08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD62E4A9-B6C8-4B04-9B43-1FEE3C47E2BA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EA3E34B0-DE04-476A-8C0D-A1E4A1972DCA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Software_Master Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00725D68-069B-4095-9FF1-E7469C0E95DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6A4301AD-8DEE-4218-8FEE-F15B33C90B52}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Software_Master Toolbar
Key Deleted : HKLM\Software\Software_Master
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{00725D68-069B-4095-9FF1-E7469C0E95DF}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00725D68-069B-4095-9FF1-E7469C0E95DF}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{00725D68-069B-4095-9FF1-E7469C0E95DF}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kvrfbzev.default\prefs.js

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kvrfbzev.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("sweetim.toolbar.highlight.colors", "");
Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "");
Deleted : user_pref("sweetim.toolbar.mode.debug", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.search.external", "");
Deleted : user_pref("sweetim.toolbar.search.history.capacity", "");
Deleted : user_pref("sweetim.toolbar.simapp_id", "");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "");
Deleted : user_pref("sweetim.toolbar.version", "");

-\\ Google Chrome v22.0.1229.94

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.13] : homepage = "hxxp://home.sweetim.com/",
Deleted [l.1510] : homepage = "hxxp://home.sweetim.com/",

-\\ Opera v11.1.1190.0

File : C:\Documents and Settings\Owner\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [8497 octets] - [27/10/2012 13:50:04]

########## EOF - C:\AdwCleaner[S1].txt - [8557 octets] ##########




RKreport[2].txt

RogueKiller V8.2.0 [10/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Remove -- Date : 10/27/2012 14:27:12

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{F69E475D-D94F-43AF-AE7B-DE24AB6DEFF8} : NameServer (200.74.244.126,8.8.8.8) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{F69E475D-D94F-43AF-AE7B-DE24AB6DEFF8} : NameServer (200.74.244.126,8.8.8.8) -> NOT REMOVED, USE DNSFIX
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD800BB-75CAA0 +++++
--- User ---
[MBR] 1522866a6520d844a402c65c4ed8b097
[BSP] f0531316a6163d16f4ba254ab3fe3bf4 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76285 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD3200AAJB-00J3A0 +++++
--- User ---
[MBR] 8d3978ac94cf97d2d9505cfce242e5de
[BSP] 53ba18ce760ce01627b3884e203f298f : Standard MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
  • 0

#4
gringo_pr
Posted 27 October 2012 - 01:52 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
Groovka
Posted 29 October 2012 - 09:43 AM

Groovka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Gringo,

Thanks for your help. I ran the ComboFix tool on my PC and there were no issues. However, my internet got disconnected again due to the same problem (IRC Bot), so I will post the results of ComboFix as soon as possible.

There is another issue that seems to be related to my virus/malware problem. My website http://www.bowerbirdrenovations.com seems to get attacked by malware on a regular basis - the pages on my server seem to be attacked in the following manner - code injections, and/or deletion of all content of random files (so that their size becomes 0kb). Despite changing the permissions on all the files on my site - the malware always find some creative ways to attack again.

I had not removed any of the code injections that seemed to have happened today so that you can take a look at it and maybe it will give some insight into the problem.

It's been happening constantly and sometimes the internet would shut down by my service provider at the same time that I would notice my site having been attacked again. Therefore, I am suspecting that the IRC Bot and the website malware attacks are related.

If you can provide any insight at all to help me solve this - I would be forever thankful :))) At this point I am at a loss.

Thanks
  • 0

#6
gringo_pr
Posted 29 October 2012 - 10:38 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello


websites and servers are beyond my pay grade and have no idea what to do about them - even most of our tools will not work on them


I will wait for the reports to see how things are



gringo
  • 0

#7
gringo_pr
Posted 01 November 2012 - 10:16 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#8
Groovka
Posted 01 November 2012 - 12:29 PM

Groovka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi, since I don't have internet it's kind of difficult for me to upload the log file. However, I will make sure I will upload it tomorrow. Also, I'm switching internet providers so hopefully the new one won't turn off my internet every other day.

When my current internet provider disabled my internet - they said that I should just format my computer. I think I will hold off on the formatting and will continue with the process first.

Will post the log file shortly.

Thanks for your help!!!
  • 0

#9
gringo_pr
Posted 01 November 2012 - 07:31 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
no problem and I will be looking for you


gringo
  • 0

#10
Groovka
Posted 02 November 2012 - 08:33 AM

Groovka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Please see my log from running the ComboFix:


ComboFix 12-10-26.05 - Owner 10/28/2012 10:48:06.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1534.1101 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Owner\LOCALS~1\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll
c:\documents and settings\Owner\Local Settings\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-28 )))))))))))))))))))))))))))))))
.
.
2012-10-27 18:23 . 2012-10-27 18:23 -------- d-----w- C:\RK_Quarantine
2012-10-09 07:29 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-10-09 07:24 . 2009-07-31 04:57 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2012-10-09 07:24 . 2009-11-21 16:36 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-10-09 07:18 . 2009-03-06 14:44 283648 -c----w- c:\windows\system32\dllcache\pdh.dll
2012-10-09 07:18 . 2005-07-26 04:39 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2012-10-09 07:18 . 2009-02-09 10:20 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll
2012-10-09 07:18 . 2009-02-09 10:20 616960 -c----w- c:\windows\system32\dllcache\advapi32.dll
2012-10-09 07:18 . 2009-02-09 10:20 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2012-10-09 07:18 . 2009-02-06 17:14 110592 -c----w- c:\windows\system32\dllcache\services.exe
2012-10-09 07:18 . 2009-02-09 10:20 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2012-10-09 07:01 . 2009-07-17 16:27 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2012-10-08 12:46 . 2009-12-16 12:58 343040 -c----w- c:\windows\system32\dllcache\mspaint.exe
2012-10-08 07:01 . 2004-08-04 07:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-10-07 16:53 . 2012-10-09 07:11 -------- d-----w- c:\windows\system32\CatRoot_bak
2012-10-07 15:52 . 2009-12-14 07:35 33280 -c----w- c:\windows\system32\dllcache\csrsrv.dll
2012-10-07 15:52 . 2008-07-03 13:16 8454656 -c----w- c:\windows\system32\dllcache\shell32.dll
2012-10-07 15:52 . 2009-09-04 20:45 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2012-10-07 15:52 . 2010-04-20 05:51 285696 -c----w- c:\windows\system32\dllcache\atmfd.dll
2012-10-07 15:52 . 2008-06-24 16:23 74240 -c----w- c:\windows\system32\dllcache\mscms.dll
2012-10-07 15:52 . 2009-06-12 11:50 76288 -c----w- c:\windows\system32\dllcache\telnet.exe
2012-10-07 15:52 . 2009-10-12 13:54 69632 -c----w- c:\windows\system32\dllcache\raschap.dll
2012-10-07 15:52 . 2009-10-12 13:54 112128 -c----w- c:\windows\system32\dllcache\rastls.dll
2012-10-07 15:47 . 2010-02-12 04:47 100864 -c----w- c:\windows\system32\dllcache\6to4svc.dll
2012-10-07 15:47 . 2010-02-11 12:01 226880 -c----w- c:\windows\system32\dllcache\tcpip6.sys
2012-10-07 15:47 . 2009-06-25 08:44 168448 -c----w- c:\windows\system32\dllcache\schannel.dll
2012-10-07 15:41 . 2009-11-27 16:37 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2012-10-07 15:41 . 2009-11-27 16:37 84992 -c----w- c:\windows\system32\dllcache\avifil32.dll
2012-10-07 15:41 . 2009-11-27 16:37 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2012-10-07 15:41 . 2009-11-27 16:37 11264 -c----w- c:\windows\system32\dllcache\msrle32.dll
2012-10-07 15:41 . 2010-01-29 15:08 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2012-10-07 15:41 . 2010-01-29 15:08 1315840 -c----w- c:\windows\system32\dllcache\msoe.dll
2012-10-07 15:35 . 2010-06-14 14:30 743936 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-10-07 15:35 . 2008-10-23 13:01 283648 -c----w- c:\windows\system32\dllcache\gdi32.dll
2012-10-07 15:35 . 2009-06-21 22:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2012-10-07 15:35 . 2009-10-23 14:27 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe
2012-10-07 15:35 . 2008-05-01 14:30 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2012-10-07 15:35 . 2009-07-17 18:55 58880 -c----w- c:\windows\system32\dllcache\atl.dll
2012-10-07 15:30 . 2009-06-05 07:42 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2012-10-07 15:30 . 2009-10-13 10:53 266752 -c----w- c:\windows\system32\dllcache\oakley.dll
2012-10-07 15:29 . 2010-01-13 14:10 85504 -c----w- c:\windows\system32\dllcache\cabview.dll
2012-10-06 13:59 . 2009-08-26 08:16 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll
2012-10-06 13:57 . 2008-10-15 16:57 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll
2012-10-06 13:09 . 2012-08-13 22:24 74072 ----a-w- c:\windows\system32\drivers\klflt.sys
2012-10-06 12:01 . 2012-10-06 12:01 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2012-10-06 12:01 . 2012-10-06 12:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-10-06 12:01 . 2012-09-29 23:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-06 12:01 . 2012-10-26 12:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-06 15:27 . 2009-10-02 23:39 24920 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2012-10-06 15:27 . 2012-05-25 23:38 24408 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2012-08-18 01:39 . 2012-08-18 01:39 200632 ----a-w- c:\windows\system32\klogon.dll
2012-08-16 08:52 . 2012-08-16 08:52 261448 ----a-w- c:\windows\system32\betwinservicexp.exe
2012-08-16 08:52 . 2012-08-16 08:52 249856 ----a-w- c:\windows\system32\slsapi.dll
2012-08-16 08:52 . 2012-08-16 08:52 20800 ----a-w- c:\windows\system32\drivers\betwinvf.sys
2012-08-16 08:52 . 2012-08-16 08:52 13640 ----a-w- c:\windows\system32\drivers\betwinsystem.sys
2012-08-16 08:52 . 2012-08-16 08:52 16192 ----a-w- c:\windows\system32\drivers\betwinmf.sys
2012-08-16 08:52 . 2012-08-16 08:52 16192 ----a-w- c:\windows\system32\drivers\betwinkf.sys
2012-08-13 20:49 . 2012-08-13 20:49 144344 ----a-w- c:\windows\system32\drivers\kneps.sys
2004-10-01 19:00 . 2010-09-01 20:17 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2010-05-12 20:42 . 2012-10-26 21:43 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-05-12 21:22 . 2012-10-26 21:43 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-05-12 20:43 . 2012-10-26 21:43 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-05-12 20:42 . 2012-10-26 21:43 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-05-12 20:42 . 2012-10-26 21:43 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-05-12 20:41 . 2012-10-26 21:43 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-05-12 20:42 . 2012-10-26 21:43 31160 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-05-12 20:42 . 2012-10-26 21:43 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2010-04-14 17:55 . 2012-10-26 21:43 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-05-12 20:43 . 2012-10-26 21:43 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-10-26 21:44 . 2012-10-26 21:43 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-03 39408]
"Akamai NetSession Interface"="c:\documents and settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-10-09 4441920]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-11-30 935312]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-11-30 21392]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17416880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-11-30 3508624]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-08-18 218880]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17416880]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Adobe\\Adobe Flash Builder 4.5\\FlashBuilder.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7935:TCP"= 7935:TCP:Adobe Flash Builder 4.5
"1046:TCP"= 1046:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [4/16/2010 4:22 PM 65584]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [6/8/2012 11:38 AM 43608]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [8/13/2012 4:49 PM 144344]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/18/2001 8:00 AM 14336]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/6/2012 8:01 AM 399432]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/6/2012 8:01 AM 676936]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [6/27/2012 2:09 PM 35672]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [5/25/2012 7:38 PM 24408]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 24920]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/6/2012 8:01 AM 22856]
S0 BeTwinVideo;BeTwinVideo;c:\windows\system32\drivers\betwinvf.sys [8/16/2012 4:52 AM 20800]
S1 BeTwinSystem;BeTwinSystem;c:\windows\system32\drivers\betwinsystem.sys [8/16/2012 4:52 AM 13640]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/3/2010 7:06 AM 136176]
S3 BeTwinKeyboard;BeTwinKeyboard;c:\windows\system32\drivers\betwinkf.sys [8/16/2012 4:52 AM 16192]
S3 BeTwinMouse;BeTwinMouse;c:\windows\system32\drivers\betwinmf.sys [8/16/2012 4:52 AM 16192]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [12/18/2011 10:38 PM 78136]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/3/2010 7:06 AM 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/4/2012 8:25 AM 115168]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [12/18/2011 10:38 PM 181432]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-03 11:06]
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-03 11:06]
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1757981266-682003330-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-11 10:37]
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1757981266-682003330-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-11 10:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://win8.microsoft.com
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F69E475D-D94F-43AF-AE7B-DE24AB6DEFF8}: NameServer = 200.74.244.126,8.8.8.8
DPF: {6416C78A-E810-445C-8712-1785809FA433} - hxxps://remoteaccess.tdbank.ca/CitrixLogonPoint/TDBFG/EPAClient/EPAClient.exe
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\kvrfbzev.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://win8.microsoft.com
FF - prefs.js: keyword.URL - hxxp://www.questscan.com/?tmp=nemo_results_removelink&prt=QstscanPB&keywords=
FF - ExtSQL: 2012-10-06 09:10; [email protected]; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF - ExtSQL: 2012-10-06 09:10; [email protected]; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF - ExtSQL: 2012-10-06 09:11; [email protected]; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF - ExtSQL: 2012-10-06 09:11; [email protected]; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF - ExtSQL: 2012-10-06 09:11; [email protected]; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-28 12:36
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(5016)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2012-10-28 12:46:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-28 16:46
ComboFix2.txt 2012-10-26 13:28
.
Pre-Run: 12,609,568,768 bytes free
Post-Run: 12,593,299,456 bytes free
.
- - End Of File - - F1735BD795193F87A1B3BE814EC46B6A
  • 0

Advertisements

#11
gringo_pr
Posted 03 November 2012 - 04:38 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

#12
Groovka
Posted 04 November 2012 - 09:57 AM

Groovka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
tdsskiller report:


10:50:01.0829 4276 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:50:02.0658 4276 ============================================================
10:50:02.0658 4276 Current date / time: 2012/11/04 10:50:02.0658
10:50:02.0658 4276 SystemInfo:
10:50:02.0658 4276
10:50:02.0658 4276 OS Version: 5.1.2600 ServicePack: 2.0
10:50:02.0658 4276 Product type: Workstation
10:50:02.0658 4276 ComputerName: HOME-HV7662RNXZ
10:50:02.0658 4276 UserName: Owner
10:50:02.0658 4276 Windows directory: C:\WINDOWS
10:50:02.0658 4276 System windows directory: C:\WINDOWS
10:50:02.0658 4276 Processor architecture: Intel x86
10:50:02.0658 4276 Number of processors: 1
10:50:02.0658 4276 Page size: 0x1000
10:50:02.0658 4276 Boot type: Normal boot
10:50:02.0658 4276 ============================================================
10:50:06.0408 4276 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:50:06.0423 4276 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:50:06.0486 4276 ============================================================
10:50:06.0486 4276 \Device\Harddisk0\DR0:
10:50:06.0486 4276 MBR partitions:
10:50:06.0486 4276 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
10:50:06.0486 4276 \Device\Harddisk1\DR1:
10:50:06.0486 4276 MBR partitions:
10:50:06.0486 4276 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
10:50:06.0486 4276 ============================================================
10:50:06.0564 4276 C: <-> \Device\Harddisk0\DR0\Partition1
10:50:06.0783 4276 E: <-> \Device\Harddisk1\DR1\Partition1
10:50:06.0783 4276 ============================================================
10:50:06.0783 4276 Initialize success
10:50:06.0783 4276 ============================================================
10:50:19.0064 3284 ============================================================
10:50:19.0064 3284 Scan started
10:50:19.0064 3284 Mode: Manual;
10:50:19.0064 3284 ============================================================
10:50:20.0064 3284 ================ Scan system memory ========================
10:50:20.0064 3284 System memory - ok
10:50:20.0079 3284 ================ Scan services =============================
10:50:20.0204 3284 Abiosdsk - ok
10:50:20.0220 3284 abp480n5 - ok
10:50:20.0267 3284 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:50:20.0283 3284 ACPI - ok
10:50:20.0314 3284 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
10:50:20.0329 3284 ACPIEC - ok
10:50:20.0329 3284 adpu160m - ok
10:50:20.0392 3284 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
10:50:20.0408 3284 aec - ok
10:50:20.0454 3284 [ 55E6E1C51B6D30E54335750955453702 ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:50:20.0470 3284 AFD - ok
10:50:20.0486 3284 Aha154x - ok
10:50:20.0501 3284 aic78u2 - ok
10:50:20.0533 3284 aic78xx - ok
10:50:20.0908 3284 [ E1B1F152C4E82C85E846D25C9E6E6CC8 ] Akamai c:\program files\common files\akamai/netsession_win_b5e8a4c.dll
10:50:20.0908 3284 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_b5e8a4c.dll. md5: E1B1F152C4E82C85E846D25C9E6E6CC8
10:50:20.0970 3284 Akamai ( HiddenFile.Multi.Generic ) - warning
10:50:20.0970 3284 Akamai - detected HiddenFile.Multi.Generic (1)
10:50:21.0017 3284 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:50:21.0048 3284 Alerter - ok
10:50:21.0079 3284 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
10:50:21.0095 3284 ALG - ok
10:50:21.0111 3284 AliIde - ok
10:50:21.0142 3284 amsint - ok
10:50:21.0220 3284 [ 5AA788D5A2C6737BB9C45933985BC1B8 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:50:21.0611 3284 Apple Mobile Device - ok
10:50:21.0642 3284 AppMgmt - ok
10:50:21.0658 3284 asc - ok
10:50:21.0689 3284 asc3350p - ok
10:50:21.0704 3284 asc3550 - ok
10:50:21.0829 3284 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:50:21.0892 3284 aspnet_state - ok
10:50:21.0923 3284 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:50:21.0923 3284 AsyncMac - ok
10:50:21.0954 3284 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:50:21.0970 3284 atapi - ok
10:50:21.0986 3284 Atdisk - ok
10:50:22.0033 3284 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:50:22.0033 3284 Atmarpc - ok
10:50:22.0111 3284 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:50:22.0111 3284 AudioSrv - ok
10:50:22.0158 3284 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:50:22.0189 3284 audstub - ok
10:50:22.0251 3284 AVP - ok
10:50:22.0314 3284 [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
10:50:22.0314 3284 bcm4sbxp - ok
10:50:22.0376 3284 [ 2D39D498108C4810EF8CC1103A2A5B73 ] BCMModem C:\WINDOWS\system32\DRIVERS\BCMDM.sys
10:50:22.0439 3284 BCMModem - ok
10:50:22.0486 3284 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:50:22.0501 3284 Beep - ok
10:50:22.0548 3284 [ F3A9A056410F3AA82180050252BB4573 ] BeTwinKeyboard C:\WINDOWS\system32\drivers\BeTwinKF.sys
10:50:22.0564 3284 BeTwinKeyboard - ok
10:50:22.0579 3284 [ F34DA056766C77C8A11BCAA7E86E5657 ] BeTwinMouse C:\WINDOWS\system32\drivers\BeTwinMF.sys
10:50:22.0579 3284 BeTwinMouse - ok
10:50:22.0611 3284 [ AA2137DFFF4E61DA14C9032C5F929C4D ] BeTwinSystem C:\WINDOWS\system32\Drivers\BeTwinSystem.sys
10:50:22.0611 3284 BeTwinSystem - ok
10:50:22.0642 3284 [ 940B33E7DD9CD3D41C854E77A831DCC9 ] BeTwinVideo C:\WINDOWS\system32\drivers\BeTwinVF.sys
10:50:22.0642 3284 BeTwinVideo - ok
10:50:22.0720 3284 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll
10:50:22.0751 3284 BITS - ok
10:50:22.0814 3284 [ 673CF4F6BB1FBE09331B526802FBB892 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:50:22.0845 3284 Bonjour Service - ok
10:50:22.0892 3284 [ 34F2F5B6A6D28B8FB872DFD57C5323AC ] Brother XP spl Service C:\WINDOWS\system32\brsvc01a.exe
10:50:22.0892 3284 Brother XP spl Service - ok
10:50:22.0939 3284 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll
10:50:22.0954 3284 Browser - ok
10:50:22.0986 3284 [ 2FE6D5BE0629F706197B30C0AA05DE30 ] BrPar C:\WINDOWS\System32\drivers\BrPar.sys
10:50:22.0986 3284 BrPar - ok
10:50:23.0001 3284 catchme - ok
10:50:23.0048 3284 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:50:23.0048 3284 cbidf2k - ok
10:50:23.0079 3284 cd20xrnt - ok
10:50:23.0126 3284 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:50:23.0126 3284 Cdaudio - ok
10:50:23.0173 3284 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:50:23.0189 3284 Cdfs - ok
10:50:23.0236 3284 [ 7B53584D94E9D8716B2DE91D5F1CB42D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:50:23.0236 3284 Cdrom - ok
10:50:23.0267 3284 Changer - ok
10:50:23.0314 3284 [ 3192BD04D032A9C4A85A3278C268A13A ] cisvc C:\WINDOWS\system32\cisvc.exe
10:50:23.0314 3284 cisvc - ok
10:50:23.0345 3284 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:50:23.0345 3284 ClipSrv - ok
10:50:23.0392 3284 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:50:24.0079 3284 clr_optimization_v2.0.50727_32 - ok
10:50:24.0095 3284 CmdIde - ok
10:50:24.0126 3284 COMSysApp - ok
10:50:24.0158 3284 Cpqarray - ok
10:50:24.0236 3284 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:50:24.0236 3284 CryptSvc - ok
10:50:24.0283 3284 [ CB6FF7012BB5D59D7C12350DB795CE1F ] ctxusbm C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
10:50:24.0283 3284 ctxusbm - ok
10:50:24.0298 3284 dac2w2k - ok
10:50:24.0329 3284 dac960nt - ok
10:50:24.0392 3284 [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:50:24.0423 3284 DcomLaunch - ok
10:50:24.0470 3284 [ D8522960163FA593694E441194A9A574 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
10:50:24.0486 3284 dg_ssudbus - ok
10:50:24.0533 3284 [ CB6CA3E5261D65F6F809EED23BF167AA ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:50:24.0548 3284 Dhcp - ok
10:50:24.0595 3284 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:50:24.0595 3284 Disk - ok
10:50:24.0626 3284 dmadmin - ok
10:50:24.0704 3284 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:50:24.0736 3284 dmboot - ok
10:50:24.0783 3284 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:50:24.0798 3284 dmio - ok
10:50:24.0829 3284 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:50:24.0845 3284 dmload - ok
10:50:24.0876 3284 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
10:50:24.0892 3284 dmserver - ok
10:50:24.0923 3284 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:50:24.0954 3284 DMusic - ok
10:50:24.0970 3284 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:50:24.0986 3284 Dnscache - ok
10:50:25.0001 3284 dpti2o - ok
10:50:25.0033 3284 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
10:50:25.0033 3284 drmkaud - ok
10:50:25.0079 3284 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:50:25.0095 3284 ERSvc - ok
10:50:25.0142 3284 [ 37561F8D4160D62DA86D24AE41FAE8DE ] Eventlog C:\WINDOWS\system32\services.exe
10:50:25.0158 3284 Eventlog - ok
10:50:25.0220 3284 [ 60D1A6342238378BFB7545C81EE3606C ] EventSystem C:\WINDOWS\System32\es.dll
10:50:25.0236 3284 EventSystem - ok
10:50:25.0267 3284 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:50:25.0283 3284 Fastfat - ok
10:50:25.0392 3284 [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:50:25.0392 3284 FastUserSwitchingCompatibility - ok
10:50:25.0439 3284 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
10:50:25.0439 3284 Fdc - ok
10:50:25.0501 3284 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:50:25.0501 3284 Fips - ok
10:50:25.0548 3284 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:50:25.0564 3284 Flpydisk - ok
10:50:25.0611 3284 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
10:50:25.0626 3284 FltMgr - ok
10:50:25.0720 3284 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:50:25.0720 3284 FontCache3.0.0.0 - ok
10:50:25.0751 3284 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:50:25.0751 3284 Fs_Rec - ok
10:50:25.0767 3284 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:50:25.0783 3284 Ftdisk - ok
10:50:25.0814 3284 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:50:25.0829 3284 GEARAspiWDM - ok
10:50:25.0861 3284 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:50:25.0876 3284 Gpc - ok
10:50:25.0954 3284 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
10:50:25.0970 3284 gupdate - ok
10:50:26.0001 3284 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
10:50:26.0001 3284 gupdatem - ok
10:50:26.0079 3284 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:50:26.0095 3284 gusvc - ok
10:50:26.0173 3284 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:50:26.0173 3284 helpsvc - ok
10:50:26.0236 3284 [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ C:\WINDOWS\System32\hidserv.dll
10:50:26.0236 3284 HidServ - ok
10:50:26.0267 3284 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:50:26.0283 3284 HidUsb - ok
10:50:26.0298 3284 hpn - ok
10:50:26.0314 3284 hpt3xx - ok
10:50:26.0376 3284 [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:50:26.0392 3284 HTTP - ok
10:50:26.0454 3284 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:50:26.0454 3284 HTTPFilter - ok
10:50:26.0486 3284 i2omgmt - ok
10:50:26.0501 3284 i2omp - ok
10:50:26.0533 3284 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:50:26.0548 3284 i8042prt - ok
10:50:26.0626 3284 [ 0ACEBB31989CBF9A5663FE4A33D28D21 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
10:50:26.0673 3284 ialm - ok
10:50:26.0845 3284 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:50:27.0001 3284 idsvc - ok
10:50:27.0064 3284 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\drivers\Imapi.sys
10:50:27.0064 3284 Imapi - ok
10:50:27.0111 3284 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
10:50:27.0142 3284 ImapiService - ok
10:50:27.0158 3284 ini910u - ok
10:50:27.0204 3284 IntelIde - ok
10:50:27.0267 3284 [ 279FB78702454DFF2BB445F238C048D2 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:50:27.0267 3284 intelppm - ok
10:50:27.0314 3284 [ 4448006B6BC60E6C027932CFC38D6855 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
10:50:27.0314 3284 ip6fw - ok
10:50:27.0361 3284 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:50:27.0361 3284 IpFilterDriver - ok
10:50:27.0392 3284 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:50:27.0408 3284 IpInIp - ok
10:50:27.0439 3284 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:50:27.0454 3284 IpNat - ok
10:50:27.0564 3284 [ 8E5E5A8CC84DA3F683E3BBC045138D52 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:50:27.0611 3284 iPod Service - ok
10:50:27.0642 3284 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:50:27.0642 3284 IPSec - ok
10:50:27.0689 3284 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:50:27.0689 3284 IRENUM - ok
10:50:27.0751 3284 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:50:27.0751 3284 isapnp - ok
10:50:27.0845 3284 [ 5E06A9D23727DAF96FAA796F1135FDCD ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
10:50:27.0861 3284 JavaQuickStarterService - ok
10:50:27.0892 3284 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:50:27.0892 3284 Kbdclass - ok
10:50:27.0923 3284 [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:50:27.0923 3284 kbdhid - ok
10:50:27.0986 3284 [ EA26CB00F83686856F2C79673C00C686 ] kl1 C:\WINDOWS\system32\DRIVERS\kl1.sys
10:50:27.0986 3284 kl1 - ok
10:50:28.0095 3284 [ F21864277CCF9E997CE6296E556F21F6 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
10:50:28.0126 3284 KLIF - ok
10:50:28.0173 3284 [ 05E5504E5E06F75F18BBEA7291601FE2 ] klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys
10:50:28.0189 3284 klim5 - ok
10:50:28.0236 3284 [ 7BE035A9C20F357DC765D6C7FDCDC964 ] klkbdflt C:\WINDOWS\system32\DRIVERS\klkbdflt.sys
10:50:28.0251 3284 klkbdflt - ok
10:50:28.0283 3284 [ A8234A8F67B0565F74753FE88A7BF03D ] klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys
10:50:28.0283 3284 klmouflt - ok
10:50:28.0329 3284 [ B20DB17BC4E54B78EAB16D15B058E75B ] kltdi C:\WINDOWS\system32\DRIVERS\kltdi.sys
10:50:28.0329 3284 kltdi - ok
10:50:28.0392 3284 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
10:50:28.0392 3284 kmixer - ok
10:50:28.0439 3284 [ 71A38C123600172511C26BFABD0EF579 ] kneps C:\WINDOWS\system32\DRIVERS\kneps.sys
10:50:28.0439 3284 kneps - ok
10:50:28.0501 3284 [ 674D3E5A593475915DC6643317192403 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:50:28.0517 3284 KSecDD - ok
10:50:28.0579 3284 [ 93D32468D34E000CB3407947D1D6E22A ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
10:50:28.0579 3284 lanmanserver - ok
10:50:28.0642 3284 [ E1F27CFCD114EC9F1E1F44674B2FF9F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:50:28.0642 3284 lanmanworkstation - ok
10:50:28.0673 3284 lbrtfdc - ok
10:50:28.0720 3284 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:50:28.0736 3284 LmHosts - ok
10:50:28.0783 3284 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
10:50:28.0783 3284 MBAMProtector - ok
10:50:28.0876 3284 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:50:28.0908 3284 MBAMScheduler - ok
10:50:28.0986 3284 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:50:29.0017 3284 MBAMService - ok
10:50:29.0095 3284 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
10:50:29.0126 3284 McComponentHostService - ok
10:50:29.0158 3284 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:50:29.0173 3284 Messenger - ok
10:50:29.0220 3284 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:50:29.0236 3284 mnmdd - ok
10:50:29.0283 3284 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
10:50:29.0283 3284 mnmsrvc - ok
10:50:29.0329 3284 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:50:29.0345 3284 Modem - ok
10:50:29.0376 3284 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
10:50:29.0376 3284 MODEMCSA - ok
10:50:29.0408 3284 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:50:29.0423 3284 Mouclass - ok
10:50:29.0439 3284 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:50:29.0439 3284 mouhid - ok
10:50:29.0470 3284 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:50:29.0486 3284 MountMgr - ok
10:50:29.0564 3284 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:50:29.0579 3284 MozillaMaintenance - ok
10:50:29.0595 3284 mraid35x - ok
10:50:29.0626 3284 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:50:29.0642 3284 MRxDAV - ok
10:50:29.0704 3284 [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:50:29.0736 3284 MRxSmb - ok
10:50:29.0783 3284 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
10:50:29.0783 3284 MSDTC - ok
10:50:29.0829 3284 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:50:29.0829 3284 Msfs - ok
10:50:29.0845 3284 MSIServer - ok
10:50:29.0892 3284 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:50:29.0892 3284 MSKSSRV - ok
10:50:29.0923 3284 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:50:29.0923 3284 MSPCLOCK - ok
10:50:29.0954 3284 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
10:50:29.0970 3284 MSPQM - ok
10:50:30.0001 3284 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:50:30.0001 3284 mssmbios - ok
10:50:30.0033 3284 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:50:30.0033 3284 Mup - ok
10:50:30.0079 3284 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:50:30.0079 3284 NDIS - ok
10:50:30.0142 3284 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:50:30.0142 3284 NdisTapi - ok
10:50:30.0173 3284 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:50:30.0173 3284 Ndisuio - ok
10:50:30.0204 3284 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:50:30.0220 3284 NdisWan - ok
10:50:30.0236 3284 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:50:30.0251 3284 NDProxy - ok
10:50:30.0267 3284 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:50:30.0283 3284 NetBIOS - ok
10:50:30.0329 3284 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:50:30.0345 3284 NetBT - ok
10:50:30.0392 3284 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
10:50:30.0392 3284 NetDDE - ok
10:50:30.0423 3284 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:50:30.0423 3284 NetDDEdsdm - ok
10:50:30.0470 3284 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
10:50:30.0486 3284 Netlogon - ok
10:50:30.0533 3284 [ DAB9E6C7105D2EF49876FE92C524F565 ] Netman C:\WINDOWS\System32\netman.dll
10:50:30.0548 3284 Netman - ok
10:50:30.0626 3284 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:50:30.0642 3284 NetTcpPortSharing - ok
10:50:30.0720 3284 [ 097722F235A1FB698BF9234E01B52637 ] Nla C:\WINDOWS\System32\mswsock.dll
10:50:30.0720 3284 Nla - ok
10:50:30.0767 3284 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:50:30.0767 3284 Npfs - ok
10:50:30.0845 3284 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:50:30.0876 3284 Ntfs - ok
10:50:30.0908 3284 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
10:50:30.0908 3284 NtLmSsp - ok
10:50:30.0986 3284 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:50:31.0017 3284 NtmsSvc - ok
10:50:31.0048 3284 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
10:50:31.0048 3284 Null - ok
10:50:31.0095 3284 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:50:31.0095 3284 NwlnkFlt - ok
10:50:31.0126 3284 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:50:31.0126 3284 NwlnkFwd - ok
10:50:31.0189 3284 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:50:31.0236 3284 ose - ok
10:50:31.0267 3284 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
10:50:31.0283 3284 Parport - ok
10:50:31.0329 3284 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:50:31.0329 3284 PartMgr - ok
10:50:31.0392 3284 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:50:31.0392 3284 ParVdm - ok
10:50:31.0454 3284 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:50:31.0470 3284 PCI - ok
10:50:31.0486 3284 PCIDump - ok
10:50:31.0533 3284 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
10:50:31.0548 3284 PCIIde - ok
10:50:31.0595 3284 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
10:50:31.0595 3284 Pcmcia - ok
10:50:31.0626 3284 PDCOMP - ok
10:50:31.0642 3284 PDFRAME - ok
10:50:31.0658 3284 PDRELI - ok
10:50:31.0673 3284 PDRFRAME - ok
10:50:31.0704 3284 perc2 - ok
10:50:31.0720 3284 perc2hib - ok
10:50:31.0798 3284 [ 37561F8D4160D62DA86D24AE41FAE8DE ] PlugPlay C:\WINDOWS\system32\services.exe
10:50:31.0798 3284 PlugPlay - ok
10:50:31.0814 3284 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:50:31.0814 3284 PolicyAgent - ok
10:50:31.0845 3284 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:50:31.0845 3284 PptpMiniport - ok
10:50:31.0876 3284 [ 0D97D88720A4087EC93AF7DBB303B30A ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
10:50:31.0892 3284 Processor - ok
10:50:31.0908 3284 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:50:31.0908 3284 ProtectedStorage - ok
10:50:31.0939 3284 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:50:31.0954 3284 PSched - ok
10:50:32.0001 3284 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:50:32.0017 3284 Ptilink - ok
10:50:32.0048 3284 [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:50:32.0064 3284 PxHelp20 - ok
10:50:32.0079 3284 ql1080 - ok
10:50:32.0095 3284 Ql10wnt - ok
10:50:32.0111 3284 ql12160 - ok
10:50:32.0126 3284 ql1240 - ok
10:50:32.0158 3284 ql1280 - ok
10:50:32.0173 3284 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:50:32.0189 3284 RasAcd - ok
10:50:32.0236 3284 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:50:32.0251 3284 RasAuto - ok
10:50:32.0283 3284 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:50:32.0283 3284 Rasl2tp - ok
10:50:32.0329 3284 [ 41A3C11E3517C962C9B44893BCEC3B34 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:50:32.0345 3284 RasMan - ok
10:50:32.0376 3284 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:50:32.0392 3284 RasPppoe - ok
10:50:32.0423 3284 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:50:32.0423 3284 Raspti - ok
10:50:32.0470 3284 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:50:32.0486 3284 Rdbss - ok
10:50:32.0533 3284 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:50:32.0533 3284 RDPCDD - ok
10:50:32.0595 3284 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:50:32.0611 3284 RDPWD - ok
10:50:32.0658 3284 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:50:32.0658 3284 RDSessMgr - ok
10:50:32.0704 3284 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:50:32.0704 3284 redbook - ok
10:50:32.0767 3284 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
10:50:32.0767 3284 RemoteAccess - ok
10:50:32.0814 3284 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\System32\locator.exe
10:50:32.0814 3284 RpcLocator - ok
10:50:32.0876 3284 [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] RpcSs C:\WINDOWS\System32\rpcss.dll
10:50:32.0876 3284 RpcSs - ok
10:50:32.0939 3284 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
10:50:32.0954 3284 RSVP - ok
10:50:32.0986 3284 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
10:50:32.0986 3284 SamSs - ok
10:50:33.0048 3284 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:50:33.0048 3284 SCardSvr - ok
10:50:33.0111 3284 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:50:33.0126 3284 Schedule - ok
10:50:33.0173 3284 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:50:33.0189 3284 Secdrv - ok
10:50:33.0220 3284 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
10:50:33.0236 3284 seclogon - ok
10:50:33.0314 3284 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
10:50:33.0361 3284 senfilt - ok
10:50:33.0392 3284 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
10:50:33.0392 3284 SENS - ok
10:50:33.0439 3284 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
10:50:33.0454 3284 serenum - ok
10:50:33.0470 3284 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
10:50:33.0486 3284 Serial - ok
10:50:33.0548 3284 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
10:50:33.0564 3284 Sfloppy - ok
10:50:33.0626 3284 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
10:50:33.0658 3284 SharedAccess - ok
10:50:33.0689 3284 [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:50:33.0689 3284 ShellHWDetection - ok
10:50:33.0704 3284 Simbad - ok
10:50:33.0767 3284 [ C6D9959E493682F872A639B6EC1B4A08 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
10:50:33.0798 3284 smwdm - ok
10:50:33.0814 3284 Sparrow - ok
10:50:33.0845 3284 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
10:50:33.0845 3284 splitter - ok
10:50:33.0908 3284 [ 7435B108B935E42EA92CA94F59C8E717 ] Spooler C:\WINDOWS\system32\spoolsv.exe
10:50:33.0908 3284 Spooler - ok
10:50:33.0939 3284 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:50:33.0954 3284 sr - ok
10:50:33.0986 3284 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
10:50:34.0001 3284 srservice - ok
10:50:34.0079 3284 [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:50:34.0095 3284 Srv - ok
10:50:34.0142 3284 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:50:34.0142 3284 SSDPSRV - ok
10:50:34.0204 3284 [ 1B4052F016BA5E087689ABA536A0A927 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
10:50:34.0220 3284 ssudmdm - ok
10:50:34.0298 3284 [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:50:34.0314 3284 stisvc - ok
10:50:34.0376 3284 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:50:34.0376 3284 swenum - ok
10:50:34.0533 3284 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
10:50:34.0579 3284 SwitchBoard - ok
10:50:34.0626 3284 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
10:50:34.0642 3284 swmidi - ok
10:50:34.0658 3284 SwPrv - ok
10:50:34.0689 3284 symc810 - ok
10:50:34.0704 3284 symc8xx - ok
10:50:34.0720 3284 sym_hi - ok
10:50:34.0751 3284 sym_u3 - ok
10:50:34.0798 3284 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
10:50:34.0798 3284 sysaudio - ok
10:50:34.0861 3284 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:50:34.0861 3284 SysmonLog - ok
10:50:34.0923 3284 [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:50:34.0939 3284 TapiSrv - ok
10:50:35.0017 3284 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:50:35.0048 3284 Tcpip - ok
10:50:35.0095 3284 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:50:35.0095 3284 TDPIPE - ok
10:50:35.0126 3284 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:50:35.0142 3284 TDTCP - ok
10:50:35.0173 3284 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:50:35.0173 3284 TermDD - ok
10:50:35.0251 3284 [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService C:\WINDOWS\System32\termsrv.dll
10:50:35.0267 3284 TermService - ok
10:50:35.0314 3284 [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes C:\WINDOWS\System32\shsvcs.dll
10:50:35.0329 3284 Themes - ok
10:50:35.0361 3284 TosIde - ok
10:50:35.0392 3284 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:50:35.0392 3284 TrkWks - ok
10:50:35.0439 3284 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:50:35.0454 3284 Udfs - ok
10:50:35.0470 3284 ultra - ok
10:50:35.0517 3284 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
10:50:35.0533 3284 Update - ok
10:50:35.0564 3284 [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost C:\WINDOWS\System32\upnphost.dll
10:50:35.0579 3284 upnphost - ok
10:50:35.0626 3284 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
10:50:35.0642 3284 UPS - ok
10:50:35.0689 3284 [ 5C2BDC152BBAB34F36473DEAF7713F22 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
10:50:35.0689 3284 USBAAPL - ok
10:50:35.0736 3284 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:50:35.0736 3284 usbccgp - ok
10:50:35.0798 3284 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:50:35.0798 3284 usbehci - ok
10:50:35.0861 3284 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:50:35.0861 3284 usbhub - ok
10:50:35.0908 3284 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:50:35.0908 3284 usbscan - ok
10:50:35.0954 3284 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:50:35.0954 3284 USBSTOR - ok
10:50:35.0986 3284 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:50:36.0001 3284 usbuhci - ok
10:50:36.0033 3284 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:50:36.0033 3284 VgaSave - ok
10:50:36.0048 3284 ViaIde - ok
10:50:36.0095 3284 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:50:36.0111 3284 VolSnap - ok
10:50:36.0173 3284 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
10:50:36.0189 3284 VSS - ok
10:50:36.0236 3284 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll
10:50:36.0267 3284 W32Time - ok
10:50:36.0298 3284 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:50:36.0314 3284 Wanarp - ok
10:50:36.0329 3284 WDICA - ok
10:50:36.0376 3284 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
10:50:36.0392 3284 wdmaud - ok
10:50:36.0439 3284 [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] WebClient C:\WINDOWS\System32\webclnt.dll
10:50:36.0439 3284 WebClient - ok
10:50:36.0533 3284 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:50:36.0548 3284 winmgmt - ok
10:50:36.0642 3284 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
10:50:36.0658 3284 WmdmPmSN - ok
10:50:36.0720 3284 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
10:50:36.0736 3284 WmiApSrv - ok
10:50:36.0767 3284 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
10:50:36.0783 3284 WpdUsb - ok
10:50:36.0829 3284 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:50:36.0861 3284 WS2IFSL - ok
10:50:36.0908 3284 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
10:50:36.0923 3284 wscsvc - ok
10:50:36.0939 3284 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
10:50:36.0954 3284 wuauserv - ok
10:50:37.0017 3284 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:50:37.0017 3284 WudfPf - ok
10:50:37.0064 3284 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:50:37.0064 3284 WudfRd - ok
10:50:37.0111 3284 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
10:50:37.0111 3284 WudfSvc - ok
10:50:37.0189 3284 [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:50:37.0220 3284 WZCSVC - ok
10:50:37.0251 3284 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:50:37.0283 3284 xmlprov - ok
10:50:37.0298 3284 ================ Scan global ===============================
10:50:37.0345 3284 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
10:50:37.0376 3284 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
10:50:37.0423 3284 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
10:50:37.0454 3284 [ 37561F8D4160D62DA86D24AE41FAE8DE ] C:\WINDOWS\system32\services.exe
10:50:37.0454 3284 [Global] - ok
10:50:37.0470 3284 ================ Scan MBR ==================================
10:50:37.0501 3284 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
10:50:37.0704 3284 \Device\Harddisk0\DR0 - ok
10:50:37.0767 3284 [ 35C6B2FCDE68FACBEFE0A4A7200BAE58 ] \Device\Harddisk1\DR1
10:50:42.0767 3284 \Device\Harddisk1\DR1 - ok
10:50:42.0783 3284 ================ Scan VBR ==================================
10:50:42.0783 3284 [ 36035A80F015B7F49B6B64FF8D9C98D1 ] \Device\Harddisk0\DR0\Partition1
10:50:42.0783 3284 \Device\Harddisk0\DR0\Partition1 - ok
10:50:42.0845 3284 [ 3399B501092ACD343184BE3409C26120 ] \Device\Harddisk1\DR1\Partition1
10:50:42.0845 3284 \Device\Harddisk1\DR1\Partition1 - ok
10:50:42.0845 3284 ============================================================
10:50:42.0845 3284 Scan finished
10:50:42.0845 3284 ============================================================
10:50:42.0892 3128 Detected object count: 1
10:50:42.0892 3128 Actual detected object count: 1
10:51:16.0454 3128 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
10:51:16.0454 3128 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
10:51:29.0611 5180 ============================================================
10:51:29.0611 5180 Scan started
10:51:29.0611 5180 Mode: Manual;
10:51:29.0611 5180 ============================================================
10:51:29.0954 5180 ================ Scan system memory ========================
10:51:29.0954 5180 System memory - ok
10:51:29.0970 5180 ================ Scan services =============================
10:51:30.0095 5180 Abiosdsk - ok
10:51:30.0111 5180 abp480n5 - ok
10:51:30.0173 5180 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:51:30.0173 5180 ACPI - ok
10:51:30.0220 5180 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
10:51:30.0236 5180 ACPIEC - ok
10:51:30.0251 5180 adpu160m - ok
10:51:30.0298 5180 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
10:51:30.0298 5180 aec - ok
10:51:30.0361 5180 [ 55E6E1C51B6D30E54335750955453702 ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:51:30.0361 5180 AFD - ok
10:51:30.0392 5180 Aha154x - ok
10:51:30.0408 5180 aic78u2 - ok
10:51:30.0423 5180 aic78xx - ok
10:51:30.0783 5180 [ E1B1F152C4E82C85E846D25C9E6E6CC8 ] Akamai c:\program files\common files\akamai/netsession_win_b5e8a4c.dll
10:51:30.0783 5180 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_b5e8a4c.dll. md5: E1B1F152C4E82C85E846D25C9E6E6CC8
10:51:30.0814 5180 Akamai ( HiddenFile.Multi.Generic ) - warning
10:51:30.0814 5180 Akamai - detected HiddenFile.Multi.Generic (1)
10:51:30.0861 5180 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:51:30.0861 5180 Alerter - ok
10:51:30.0892 5180 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
10:51:30.0892 5180 ALG - ok
10:51:30.0923 5180 AliIde - ok
10:51:30.0939 5180 amsint - ok
10:51:31.0079 5180 [ 5AA788D5A2C6737BB9C45933985BC1B8 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:51:31.0079 5180 Apple Mobile Device - ok
10:51:31.0095 5180 AppMgmt - ok
10:51:31.0126 5180 asc - ok
10:51:31.0142 5180 asc3350p - ok
10:51:31.0158 5180 asc3550 - ok
10:51:31.0283 5180 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:51:31.0298 5180 aspnet_state - ok
10:51:31.0345 5180 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:51:31.0345 5180 AsyncMac - ok
10:51:31.0376 5180 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:51:31.0376 5180 atapi - ok
10:51:31.0392 5180 Atdisk - ok
10:51:31.0423 5180 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:51:31.0423 5180 Atmarpc - ok
10:51:31.0486 5180 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:51:31.0486 5180 AudioSrv - ok
10:51:31.0517 5180 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:51:31.0517 5180 audstub - ok
10:51:31.0579 5180 AVP - ok
10:51:31.0642 5180 [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
10:51:31.0642 5180 bcm4sbxp - ok
10:51:31.0736 5180 [ 2D39D498108C4810EF8CC1103A2A5B73 ] BCMModem C:\WINDOWS\system32\DRIVERS\BCMDM.sys
10:51:31.0751 5180 BCMModem - ok
10:51:31.0798 5180 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:51:31.0798 5180 Beep - ok
10:51:31.0845 5180 [ F3A9A056410F3AA82180050252BB4573 ] BeTwinKeyboard C:\WINDOWS\system32\drivers\BeTwinKF.sys
10:51:31.0861 5180 BeTwinKeyboard - ok
10:51:31.0876 5180 [ F34DA056766C77C8A11BCAA7E86E5657 ] BeTwinMouse C:\WINDOWS\system32\drivers\BeTwinMF.sys
10:51:31.0876 5180 BeTwinMouse - ok
10:51:31.0908 5180 [ AA2137DFFF4E61DA14C9032C5F929C4D ] BeTwinSystem C:\WINDOWS\system32\Drivers\BeTwinSystem.sys
10:51:31.0923 5180 BeTwinSystem - ok
10:51:31.0954 5180 [ 940B33E7DD9CD3D41C854E77A831DCC9 ] BeTwinVideo C:\WINDOWS\system32\drivers\BeTwinVF.sys
10:51:31.0954 5180 BeTwinVideo - ok
10:51:32.0064 5180 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll
10:51:32.0079 5180 BITS - ok
10:51:32.0173 5180 [ 673CF4F6BB1FBE09331B526802FBB892 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:51:32.0173 5180 Bonjour Service - ok
10:51:32.0236 5180 [ 34F2F5B6A6D28B8FB872DFD57C5323AC ] Brother XP spl Service C:\WINDOWS\system32\brsvc01a.exe
10:51:32.0236 5180 Brother XP spl Service - ok
10:51:32.0298 5180 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll
10:51:32.0298 5180 Browser - ok
10:51:32.0329 5180 [ 2FE6D5BE0629F706197B30C0AA05DE30 ] BrPar C:\WINDOWS\System32\drivers\BrPar.sys
10:51:32.0329 5180 BrPar - ok
10:51:32.0345 5180 catchme - ok
10:51:32.0392 5180 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:51:32.0408 5180 cbidf2k - ok
10:51:32.0423 5180 cd20xrnt - ok
10:51:32.0470 5180 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:51:32.0470 5180 Cdaudio - ok
10:51:32.0533 5180 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:51:32.0533 5180 Cdfs - ok
10:51:32.0579 5180 [ 7B53584D94E9D8716B2DE91D5F1CB42D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:51:32.0579 5180 Cdrom - ok
10:51:32.0595 5180 Changer - ok
10:51:32.0658 5180 [ 3192BD04D032A9C4A85A3278C268A13A ] cisvc C:\WINDOWS\system32\cisvc.exe
10:51:32.0658 5180 cisvc - ok
10:51:32.0689 5180 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:51:32.0689 5180 ClipSrv - ok
10:51:32.0736 5180 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:51:32.0736 5180 clr_optimization_v2.0.50727_32 - ok
10:51:32.0751 5180 CmdIde - ok
10:51:32.0783 5180 COMSysApp - ok
10:51:32.0814 5180 Cpqarray - ok
10:51:32.0861 5180 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:51:32.0861 5180 CryptSvc - ok
10:51:32.0908 5180 [ CB6FF7012BB5D59D7C12350DB795CE1F ] ctxusbm C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
10:51:32.0908 5180 ctxusbm - ok
10:51:32.0923 5180 dac2w2k - ok
10:51:32.0954 5180 dac960nt - ok
10:51:33.0095 5180 [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:51:33.0111 5180 DcomLaunch - ok
10:51:33.0173 5180 [ D8522960163FA593694E441194A9A574 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
10:51:33.0173 5180 dg_ssudbus - ok
10:51:33.0220 5180 [ CB6CA3E5261D65F6F809EED23BF167AA ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:51:33.0236 5180 Dhcp - ok
10:51:33.0283 5180 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:51:33.0283 5180 Disk - ok
10:51:33.0298 5180 dmadmin - ok
10:51:33.0376 5180 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:51:33.0392 5180 dmboot - ok
10:51:33.0423 5180 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:51:33.0439 5180 dmio - ok
10:51:33.0470 5180 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:51:33.0470 5180 dmload - ok
10:51:33.0517 5180 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
10:51:33.0517 5180 dmserver - ok
10:51:33.0564 5180 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:51:33.0564 5180 DMusic - ok
10:51:33.0595 5180 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:51:33.0595 5180 Dnscache - ok
10:51:33.0611 5180 dpti2o - ok
10:51:33.0642 5180 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
10:51:33.0642 5180 drmkaud - ok
10:51:33.0689 5180 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:51:33.0689 5180 ERSvc - ok
10:51:33.0736 5180 [ 37561F8D4160D62DA86D24AE41FAE8DE ] Eventlog C:\WINDOWS\system32\services.exe
10:51:33.0751 5180 Eventlog - ok
10:51:33.0798 5180 [ 60D1A6342238378BFB7545C81EE3606C ] EventSystem C:\WINDOWS\System32\es.dll
10:51:33.0814 5180 EventSystem - ok
10:51:33.0845 5180 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:51:33.0845 5180 Fastfat - ok
10:51:33.0908 5180 [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:51:33.0908 5180 FastUserSwitchingCompatibility - ok
10:51:33.0939 5180 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
10:51:33.0939 5180 Fdc - ok
10:51:34.0001 5180 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:51:34.0001 5180 Fips - ok
10:51:34.0064 5180 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:51:34.0064 5180 Flpydisk - ok
10:51:34.0142 5180 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
10:51:34.0142 5180 FltMgr - ok
10:51:34.0251 5180 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:51:34.0251 5180 FontCache3.0.0.0 - ok
10:51:34.0267 5180 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:51:34.0267 5180 Fs_Rec - ok
10:51:34.0298 5180 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:51:34.0298 5180 Ftdisk - ok
10:51:34.0345 5180 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:51:34.0345 5180 GEARAspiWDM - ok
10:51:34.0392 5180 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:51:34.0392 5180 Gpc - ok
10:51:34.0486 5180 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
10:51:34.0501 5180 gupdate - ok
10:51:34.0517 5180 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
10:51:34.0517 5180 gupdatem - ok
10:51:34.0579 5180 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:51:34.0579 5180 gusvc - ok
10:51:34.0658 5180 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:51:34.0658 5180 helpsvc - ok
10:51:34.0704 5180 [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ C:\WINDOWS\System32\hidserv.dll
10:51:34.0704 5180 HidServ - ok
10:51:34.0736 5180 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:51:34.0736 5180 HidUsb - ok
10:51:34.0751 5180 hpn - ok
10:51:34.0783 5180 hpt3xx - ok
10:51:34.0829 5180 [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:51:34.0845 5180 HTTP - ok
10:51:34.0892 5180 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:51:34.0892 5180 HTTPFilter - ok
10:51:34.0923 5180 i2omgmt - ok
10:51:34.0939 5180 i2omp - ok
10:51:34.0970 5180 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:51:34.0986 5180 i8042prt - ok
10:51:35.0095 5180 [ 0ACEBB31989CBF9A5663FE4A33D28D21 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
10:51:35.0111 5180 ialm - ok
10:51:35.0283 5180 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:51:35.0298 5180 idsvc - ok
10:51:35.0345 5180 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\drivers\Imapi.sys
10:51:35.0345 5180 Imapi - ok
10:51:35.0408 5180 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
10:51:35.0408 5180 ImapiService - ok
10:51:35.0439 5180 ini910u - ok
10:51:35.0470 5180 IntelIde - ok
10:51:35.0533 5180 [ 279FB78702454DFF2BB445F238C048D2 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:51:35.0533 5180 intelppm - ok
10:51:35.0579 5180 [ 4448006B6BC60E6C027932CFC38D6855 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
10:51:35.0579 5180 ip6fw - ok
10:51:35.0626 5180 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:51:35.0626 5180 IpFilterDriver - ok
10:51:35.0658 5180 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:51:35.0658 5180 IpInIp - ok
10:51:35.0704 5180 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:51:35.0720 5180 IpNat - ok
10:51:35.0814 5180 [ 8E5E5A8CC84DA3F683E3BBC045138D52 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:51:35.0829 5180 iPod Service - ok
10:51:35.0861 5180 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:51:35.0861 5180 IPSec - ok
10:51:35.0892 5180 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:51:35.0908 5180 IRENUM - ok
10:51:35.0954 5180 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:51:35.0954 5180 isapnp - ok
10:51:36.0048 5180 [ 5E06A9D23727DAF96FAA796F1135FDCD ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
10:51:36.0048 5180 JavaQuickStarterService - ok
10:51:36.0095 5180 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:51:36.0095 5180 Kbdclass - ok
10:51:36.0111 5180 [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:51:36.0111 5180 kbdhid - ok
10:51:36.0158 5180 [ EA26CB00F83686856F2C79673C00C686 ] kl1 C:\WINDOWS\system32\DRIVERS\kl1.sys
10:51:36.0158 5180 kl1 - ok
10:51:36.0251 5180 [ F21864277CCF9E997CE6296E556F21F6 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
10:51:36.0267 5180 KLIF - ok
10:51:36.0314 5180 [ 05E5504E5E06F75F18BBEA7291601FE2 ] klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys
10:51:36.0314 5180 klim5 - ok
10:51:36.0361 5180 [ 7BE035A9C20F357DC765D6C7FDCDC964 ] klkbdflt C:\WINDOWS\system32\DRIVERS\klkbdflt.sys
10:51:36.0361 5180 klkbdflt - ok
10:51:36.0392 5180 [ A8234A8F67B0565F74753FE88A7BF03D ] klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys
10:51:36.0392 5180 klmouflt - ok
10:51:36.0439 5180 [ B20DB17BC4E54B78EAB16D15B058E75B ] kltdi C:\WINDOWS\system32\DRIVERS\kltdi.sys
10:51:36.0439 5180 kltdi - ok
10:51:36.0501 5180 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
10:51:36.0517 5180 kmixer - ok
10:51:36.0564 5180 [ 71A38C123600172511C26BFABD0EF579 ] kneps C:\WINDOWS\system32\DRIVERS\kneps.sys
10:51:36.0564 5180 kneps - ok
10:51:36.0626 5180 [ 674D3E5A593475915DC6643317192403 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:51:36.0626 5180 KSecDD - ok
10:51:36.0673 5180 [ 93D32468D34E000CB3407947D1D6E22A ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
10:51:36.0673 5180 lanmanserver - ok
10:51:36.0736 5180 [ E1F27CFCD114EC9F1E1F44674B2FF9F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:51:36.0751 5180 lanmanworkstation - ok
10:51:36.0767 5180 lbrtfdc - ok
10:51:36.0814 5180 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:51:36.0814 5180 LmHosts - ok
10:51:36.0876 5180 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
10:51:36.0876 5180 MBAMProtector - ok
10:51:36.0970 5180 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:51:36.0970 5180 MBAMScheduler - ok
10:51:37.0095 5180 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:51:37.0095 5180 MBAMService - ok
10:51:37.0189 5180 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
10:51:37.0189 5180 McComponentHostService - ok
10:51:37.0236 5180 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:51:37.0236 5180 Messenger - ok
10:51:37.0283 5180 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:51:37.0283 5180 mnmdd - ok
10:51:37.0329 5180 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
10:51:37.0329 5180 mnmsrvc - ok
10:51:37.0392 5180 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:51:37.0392 5180 Modem - ok
10:51:37.0423 5180 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
10:51:37.0423 5180 MODEMCSA - ok
10:51:37.0470 5180 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:51:37.0470 5180 Mouclass - ok
10:51:37.0517 5180 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:51:37.0517 5180 mouhid - ok
10:51:37.0548 5180 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:51:37.0548 5180 MountMgr - ok
10:51:37.0611 5180 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:51:37.0611 5180 MozillaMaintenance - ok
10:51:37.0626 5180 mraid35x - ok
10:51:37.0658 5180 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:51:37.0658 5180 MRxDAV - ok
10:51:37.0736 5180 [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:51:37.0736 5180 MRxSmb - ok
10:51:37.0783 5180 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
10:51:37.0783 5180 MSDTC - ok
10:51:37.0814 5180 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:51:37.0829 5180 Msfs - ok
10:51:37.0845 5180 MSIServer - ok
10:51:37.0892 5180 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:51:37.0892 5180 MSKSSRV - ok
10:51:37.0908 5180 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:51:37.0908 5180 MSPCLOCK - ok
10:51:37.0939 5180 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
10:51:37.0939 5180 MSPQM - ok
10:51:37.0986 5180 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:51:37.0986 5180 mssmbios - ok
10:51:38.0033 5180 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:51:38.0033 5180 Mup - ok
10:51:38.0095 5180 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:51:38.0095 5180 NDIS - ok
10:51:38.0158 5180 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:51:38.0158 5180 NdisTapi - ok
10:51:38.0189 5180 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:51:38.0189 5180 Ndisuio - ok
10:51:38.0220 5180 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:51:38.0220 5180 NdisWan - ok
10:51:38.0251 5180 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:51:38.0251 5180 NDProxy - ok
10:51:38.0283 5180 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:51:38.0283 5180 NetBIOS - ok
10:51:38.0314 5180 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:51:38.0314 5180 NetBT - ok
10:51:38.0376 5180 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
10:51:38.0376 5180 NetDDE - ok
10:51:38.0408 5180 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:51:38.0408 5180 NetDDEdsdm - ok
10:51:38.0454 5180 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
10:51:38.0454 5180 Netlogon - ok
10:51:38.0517 5180 [ DAB9E6C7105D2EF49876FE92C524F565 ] Netman C:\WINDOWS\System32\netman.dll
10:51:38.0517 5180 Netman - ok
10:51:38.0595 5180 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:51:38.0595 5180 NetTcpPortSharing - ok
10:51:38.0658 5180 [ 097722F235A1FB698BF9234E01B52637 ] Nla C:\WINDOWS\System32\mswsock.dll
10:51:38.0673 5180 Nla - ok
10:51:38.0704 5180 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:51:38.0704 5180 Npfs - ok
10:51:38.0798 5180 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:51:38.0798 5180 Ntfs - ok
10:51:38.0829 5180 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
10:51:38.0829 5180 NtLmSsp - ok
10:51:38.0908 5180 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:51:38.0923 5180 NtmsSvc - ok
10:51:38.0954 5180 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
10:51:38.0954 5180 Null - ok
10:51:39.0033 5180 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:51:39.0033 5180 NwlnkFlt - ok
10:51:39.0064 5180 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:51:39.0064 5180 NwlnkFwd - ok
10:51:39.0126 5180 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:51:39.0126 5180 ose - ok
10:51:39.0173 5180 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
10:51:39.0173 5180 Parport - ok
10:51:39.0236 5180 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:51:39.0236 5180 PartMgr - ok
10:51:39.0283 5180 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:51:39.0283 5180 ParVdm - ok
10:51:39.0329 5180 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:51:39.0329 5180 PCI - ok
10:51:39.0345 5180 PCIDump - ok
10:51:39.0408 5180 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
10:51:39.0408 5180 PCIIde - ok
10:51:39.0454 5180 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
10:51:39.0454 5180 Pcmcia - ok
10:51:39.0470 5180 PDCOMP - ok
10:51:39.0486 5180 PDFRAME - ok
10:51:39.0501 5180 PDRELI - ok
10:51:39.0533 5180 PDRFRAME - ok
10:51:39.0548 5180 perc2 - ok
10:51:39.0564 5180 perc2hib - ok
10:51:39.0642 5180 [ 37561F8D4160D62DA86D24AE41FAE8DE ] PlugPlay C:\WINDOWS\system32\services.exe
10:51:39.0642 5180 PlugPlay - ok
10:51:39.0673 5180 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:51:39.0673 5180 PolicyAgent - ok
10:51:39.0704 5180 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:51:39.0704 5180 PptpMiniport - ok
10:51:39.0751 5180 [ 0D97D88720A4087EC93AF7DBB303B30A ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
10:51:39.0751 5180 Processor - ok
10:51:39.0767 5180 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:51:39.0767 5180 ProtectedStorage - ok
10:51:39.0798 5180 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:51:39.0798 5180 PSched - ok
10:51:39.0845 5180 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:51:39.0845 5180 Ptilink - ok
10:51:39.0892 5180 [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:51:39.0892 5180 PxHelp20 - ok
10:51:39.0923 5180 ql1080 - ok
10:51:39.0939 5180 Ql10wnt - ok
10:51:39.0954 5180 ql12160 - ok
10:51:39.0986 5180 ql1240 - ok
10:51:40.0001 5180 ql1280 - ok
10:51:40.0033 5180 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:51:40.0033 5180 RasAcd - ok
10:51:40.0095 5180 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:51:40.0095 5180 RasAuto - ok
10:51:40.0142 5180 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:51:40.0142 5180 Rasl2tp - ok
10:51:40.0204 5180 [ 41A3C11E3517C962C9B44893BCEC3B34 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:51:40.0204 5180 RasMan - ok
10:51:40.0251 5180 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:51:40.0251 5180 RasPppoe - ok
10:51:40.0283 5180 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:51:40.0283 5180 Raspti - ok
10:51:40.0345 5180 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:51:40.0345 5180 Rdbss - ok
10:51:40.0376 5180 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:51:40.0376 5180 RDPCDD - ok
10:51:40.0423 5180 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:51:40.0423 5180 RDPWD - ok
10:51:40.0454 5180 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:51:40.0470 5180 RDSessMgr - ok
10:51:40.0517 5180 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:51:40.0517 5180 redbook - ok
10:51:40.0564 5180 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
10:51:40.0564 5180 RemoteAccess - ok
10:51:40.0595 5180 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\System32\locator.exe
10:51:40.0595 5180 RpcLocator - ok
10:51:40.0658 5180 [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] RpcSs C:\WINDOWS\System32\rpcss.dll
10:51:40.0658 5180 RpcSs - ok
10:51:40.0704 5180 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
10:51:40.0720 5180 RSVP - ok
10:51:40.0751 5180 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
10:51:40.0751 5180 SamSs - ok
10:51:40.0798 5180 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:51:40.0814 5180 SCardSvr - ok
10:51:40.0861 5180 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:51:40.0876 5180 Schedule - ok
10:51:40.0923 5180 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:51:40.0923 5180 Secdrv - ok
10:51:40.0954 5180 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
10:51:40.0970 5180 seclogon - ok
10:51:41.0079 5180 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
10:51:41.0079 5180 senfilt - ok
10:51:41.0126 5180 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
10:51:41.0126 5180 SENS - ok
10:51:41.0189 5180 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
10:51:41.0189 5180 serenum - ok
10:51:41.0220 5180 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
10:51:41.0220 5180 Serial - ok
10:51:41.0283 5180 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
10:51:41.0283 5180 Sfloppy - ok
10:51:41.0361 5180 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
10:51:41.0361 5180 SharedAccess - ok
10:51:41.0392 5180 [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:51:41.0408 5180 ShellHWDetection - ok
10:51:41.0423 5180 Simbad - ok
10:51:41.0861 5180 [ C6D9959E493682F872A639B6EC1B4A08 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
10:51:41.0861 5180 smwdm - ok
10:51:41.0892 5180 Sparrow - ok
10:51:41.0923 5180 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
10:51:41.0923 5180 splitter - ok
10:51:41.0986 5180 [ 7435B108B935E42EA92CA94F59C8E717 ] Spooler C:\WINDOWS\system32\spoolsv.exe
10:51:41.0986 5180 Spooler - ok
10:51:42.0033 5180 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:51:42.0033 5180 sr - ok
10:51:42.0095 5180 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
10:51:42.0095 5180 srservice - ok
10:51:42.0173 5180 [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:51:42.0189 5180 Srv - ok
10:51:42.0220 5180 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:51:42.0220 5180 SSDPSRV - ok
10:51:42.0267 5180 [ 1B4052F016BA5E087689ABA536A0A927 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
10:51:42.0267 5180 ssudmdm - ok
10:51:42.0329 5180 [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:51:42.0345 5180 stisvc - ok
10:51:42.0392 5180 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:51:42.0392 5180 swenum - ok
10:51:42.0548 5180 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
10:51:42.0548 5180 SwitchBoard - ok
10:51:42.0611 5180 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
10:51:42.0611 5180 swmidi - ok
10:51:42.0626 5180 SwPrv - ok
10:51:42.0658 5180 symc810 - ok
10:51:42.0673 5180 symc8xx - ok
10:51:42.0704 5180 sym_hi - ok
10:51:42.0720 5180 sym_u3 - ok
10:51:42.0751 5180 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
10:51:42.0751 5180 sysaudio - ok
10:51:42.0814 5180 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:51:42.0814 5180 SysmonLog - ok
10:51:42.0876 5180 [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:51:42.0876 5180 TapiSrv - ok
10:51:42.0954 5180 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:51:42.0954 5180 Tcpip - ok
10:51:43.0017 5180 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:51:43.0017 5180 TDPIPE - ok
10:51:43.0064 5180 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:51:43.0064 5180 TDTCP - ok
10:51:43.0126 5180 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:51:43.0126 5180 TermDD - ok
10:51:43.0189 5180 [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService C:\WINDOWS\System32\termsrv.dll
10:51:43.0204 5180 TermService - ok
10:51:43.0236 5180 [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes C:\WINDOWS\System32\shsvcs.dll
10:51:43.0236 5180 Themes - ok
10:51:43.0267 5180 TosIde - ok
10:51:43.0314 5180 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:51:43.0314 5180 TrkWks - ok
10:51:43.0361 5180 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:51:43.0361 5180 Udfs - ok
10:51:43.0376 5180 ultra - ok
10:51:43.0423 5180 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
10:51:43.0439 5180 Update - ok
10:51:43.0454 5180 [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost C:\WINDOWS\System32\upnphost.dll
10:51:43.0470 5180 upnphost - ok
10:51:43.0533 5180 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
10:51:43.0533 5180 UPS - ok
10:51:43.0595 5180 [ 5C2BDC152BBAB34F36473DEAF7713F22 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
10:51:43.0595 5180 USBAAPL - ok
10:51:43.0642 5180 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:51:43.0642 5180 usbccgp - ok
10:51:43.0689 5180 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:51:43.0689 5180 usbehci - ok
10:51:43.0736 5180 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:51:43.0736 5180 usbhub - ok
10:51:43.0783 5180 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:51:43.0798 5180 usbscan - ok
10:51:43.0845 5180 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:51:43.0845 5180 USBSTOR - ok
10:51:43.0876 5180 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:51:43.0876 5180 usbuhci - ok
10:51:43.0892 5180 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:51:43.0908 5180 VgaSave - ok
10:51:43.0923 5180 ViaIde - ok
10:51:43.0970 5180 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:51:43.0970 5180 VolSnap - ok
10:51:44.0079 5180 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
10:51:44.0079 5180 VSS - ok
10:51:44.0142 5180 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll
10:51:44.0158 5180 W32Time - ok
10:51:44.0189 5180 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:51:44.0189 5180 Wanarp - ok
10:51:44.0220 5180 WDICA - ok
10:51:44.0267 5180 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
10:51:44.0267 5180 wdmaud - ok
10:51:44.0298 5180 [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] WebClient C:\WINDOWS\System32\webclnt.dll
10:51:44.0298 5180 WebClient - ok
10:51:44.0392 5180 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:51:44.0392 5180 winmgmt - ok
10:51:44.0486 5180 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
10:51:44.0486 5180 WmdmPmSN - ok
10:51:44.0548 5180 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
10:51:44.0564 5180 WmiApSrv - ok
10:51:44.0595 5180 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
10:51:44.0595 5180 WpdUsb - ok
10:51:44.0658 5180 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:51:44.0658 5180 WS2IFSL - ok
10:51:44.0704 5180 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
10:51:44.0720 5180 wscsvc - ok
10:51:44.0736 5180 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
10:51:44.0751 5180 wuauserv - ok
10:51:44.0783 5180 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:51:44.0783 5180 WudfPf - ok
10:51:44.0829 5180 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:51:44.0829 5180 WudfRd - ok
10:51:44.0876 5180 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
10:51:44.0876 5180 WudfSvc - ok
10:51:44.0954 5180 [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:51:44.0970 5180 WZCSVC - ok
10:51:45.0033 5180 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:51:45.0033 5180 xmlprov - ok
10:51:45.0064 5180 ================ Scan global ===============================
10:51:45.0126 5180 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
10:51:45.0173 5180 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
10:51:45.0204 5180 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
10:51:45.0236 5180 [ 37561F8D4160D62DA86D24AE41FAE8DE ] C:\WINDOWS\system32\services.exe
10:51:45.0251 5180 [Global] - ok
10:51:45.0251 5180 ================ Scan MBR ==================================
10:51:45.0283 5180 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
10:51:45.0454 5180 \Device\Harddisk0\DR0 - ok
10:51:45.0501 5180 [ 35C6B2FCDE68FACBEFE0A4A7200BAE58 ] \Device\Harddisk1\DR1
10:51:50.0751 5180 \Device\Harddisk1\DR1 - ok
10:51:50.0767 5180 ================ Scan VBR ==================================
10:51:50.0783 5180 [ 36035A80F015B7F49B6B64FF8D9C98D1 ] \Device\Harddisk0\DR0\Partition1
10:51:50.0783 5180 \Device\Harddisk0\DR0\Partition1 - ok
10:51:50.0829 5180 [ 3399B501092ACD343184BE3409C26120 ] \Device\Harddisk1\DR1\Partition1
10:51:50.0829 5180 \Device\Harddisk1\DR1\Partition1 - ok
10:51:50.0829 5180 ============================================================
10:51:50.0829 5180 Scan finished
10:51:50.0829 5180 ============================================================
10:51:50.0892 2532 Detected object count: 1
10:51:50.0892 2532 Actual detected object count: 1
10:54:32.0783 2532 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
10:54:32.0783 2532 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
  • 0

#13
Groovka
Posted 04 November 2012 - 10:01 AM

Groovka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-11-04 10:58:30
-----------------------------
10:58:30.439 OS Version: Windows 5.1.2600 Service Pack 2
10:58:30.439 Number of processors: 1 586 0x209
10:58:30.439 ComputerName: HOME-HV7662RNXZ UserName: Owner
10:59:14.845 Initialize success
10:59:43.220 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
10:59:43.220 Disk 0 Vendor: WDC_WD800BB-75CAA0 16.06V16 Size: 76293MB BusType: 3
10:59:43.236 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
10:59:43.236 Disk 1 Vendor: WDC_WD3200AAJB-00J3A0 01.03E01 Size: 305245MB BusType: 3
10:59:43.251 Disk 0 MBR read successfully
10:59:43.251 Disk 0 MBR scan
10:59:43.251 Disk 0 Windows XP default MBR code
10:59:43.251 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76285 MB offset 63
10:59:43.267 Disk 0 scanning sectors +156232125
10:59:43.345 Disk 0 scanning C:\WINDOWS\system32\drivers
10:59:52.095 Service scanning
10:59:57.954 Service kl1 C:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 5
10:59:58.111 Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 5
10:59:58.642 Service klkbdflt C:\WINDOWS\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
10:59:59.158 Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 5
10:59:59.204 Service kltdi C:\WINDOWS\system32\DRIVERS\kltdi.sys **LOCKED** 5
10:59:59.267 Service kneps C:\WINDOWS\system32\DRIVERS\kneps.sys **LOCKED** 5
11:00:06.548 Modules scanning
11:00:18.751 Disk 0 trace - called modules:
11:00:18.767 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
11:00:18.767 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a1b8ab8]
11:00:18.783 3 CLASSPNP.SYS[f763805b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a1ba2d0]
11:00:18.783 Scan finished successfully
11:00:31.595 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
11:00:31.626 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
  • 0

#14
gringo_pr
Posted 04 November 2012 - 07:36 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

#15
gringo_pr
Posted 07 November 2012 - 11:12 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP