Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

BITS & Automatic Update services uninstalled

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

BITS & Automatic Update services uninstalled

Unread postby kuboa » August 14th, 2012, 6:12 am

Due to links in Firefox taking a very long time to open, I have recently become engaged in a fairly complicated battle with my machine (Dell, 5-6 years old, Windows XP).

I quickly realized the problem was more than a browser hijack when (a) psychedelic music played randomly despite no audio program being in Task Manager; and (b) Microsoft Security Essentials wouldn't update, leading me to discover that both the BITS and Automatic Update services were being disabled and outright removed at boot.

I have been able to re-register DLLs and restart those services, but they don't stay so. Even after Security Essentials finally updated and found bad DLLs, and Spybot found something, too (sorry, names lost in shuffle), the services keep being killed off, and browsing is like mud (I thus uninstalled Spybot). Now explorer.exe is taking up 98% CPU cycles.

Since beginning my response, I have installed Windows XP SP 3 and upgraded to Firefox 14. After the Spybot seeming near-miss, I tried the a full scan by the free version of Spyware Terminator, which found (but not obviously quarantine?!) Trojan.Downloader.JS.Psyme.Ano. Alas, services mentioned above gone from even being listed in Computer Management again... submitted this report. Will uninstall Spyware Terminator.

Please advise. Any/ all help appreciated!

~Rob




DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_33
Run by Admin at 2:45:43 on 2012-08-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1251 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
svchost.exe
C:\Program Files\Spyware Terminator\st_rsser.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\clclean.0001
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
"C:\WINDOWS\System32\svchost.exe" -k LocalServiceDns
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - c:\program files\freecordertoolbar\vmntemplateX.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - c:\program files\freecordertoolbar\vmntemplateX.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [PowerPanel Personal Edition User Interaction] "c:\program files\cyberpower powerpanel personal edition\pppeuser.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SpywareTerminatorShield] c:\program files\spyware terminator\SpywareTerminatorShield.exe
mRun: [SpywareTerminatorUpdater] c:\program files\spyware terminator\SpywareTerminatorUpdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftup ... 1983546703
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwar ... TSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 1983537141
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF}
DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF}
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwar ... /CTPID.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{EA9DF2EB-A861-4BA4-B611-C0C5A79B9D99} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin\application data\mozilla\firefox\profiles\gqczuag7.default\
FF - plugin: c:\documents and settings\admin\application data\mozilla\firefox\profiles\gqczuag7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13122.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13128.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [2012-2-23 32768]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-9-15 88576]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\spyware terminator\st_rsser.exe [2012-8-14 483024]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2011-12-25 30576]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-12 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2012-2-12 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 113120]
S3 Normandy;Normandy SR2; [x]
S4 Kinetic Books License Service;Kinetic Books License Service;"c:\program files\common files\kinetic books shared\service\kineticbookslicenseservice.exe" --> c:\program files\common files\kinetic books shared\service\KineticBooksLicenseService.exe [?]
.
=============== Created Last 30 ================
.
2012-08-14 07:58:16 -------- d-----w- c:\documents and settings\admin\application data\Spyware Terminator
2012-08-14 07:58:15 -------- d-----w- c:\documents and settings\all users\application data\Spyware Terminator
2012-08-14 07:55:01 -------- d-----w- c:\program files\Spyware Terminator
2012-08-13 19:38:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-13 19:38:56 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-13 07:40:55 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5cc0b48e-259e-4217-805a-16531a7e61e2}\mpengine.dll
2012-08-13 07:38:58 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-13 07:00:30 9728 ------w- c:\windows\system32\rwnh.dll
2012-08-13 07:00:30 10752 ------w- c:\windows\system32\smtpapi.dll
2012-08-13 07:00:28 1327320 ------w- c:\program files\msn\msncorefiles\install\msnsusii.exe
2012-08-13 07:00:27 884712 ------w- c:\program files\msn\msncorefiles\install\msn9components\digcore.exe
2012-08-13 07:00:20 11053008 ------w- c:\program files\msn\msncorefiles\install\msn9components\msncli.exe
2012-08-13 07:00:17 229376 ------w- c:\program files\msn\msncorefiles\oobe\obelog.dll
2012-08-13 07:00:16 966656 ------w- c:\program files\msn\msncorefiles\oobe\obemetal.dll
2012-08-13 07:00:16 86016 ------w- c:\program files\msn\msncorefiles\oobe\obepopc.dll
2012-08-13 07:00:16 77824 ------w- c:\program files\msn\msncorefiles\oobe\obemtllc.dll
2012-08-13 06:59:21 19569 ----a-w- c:\windows\000001_.tmp
2012-08-13 05:43:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-08-13 05:43:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-08-13 05:43:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-08-13 05:30:39 -------- d-----w- c:\documents and settings\all users\application data\Windows Codecs
2012-08-13 05:30:26 -------- d-----w- c:\program files\Mega Codec Pack
.
==================== Find3M ====================
.
2012-08-13 19:38:31 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-10 21:49:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-10 21:49:12 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-25 23:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
1998-12-09 10:53:54 99840 -c--a-w- c:\program files\common files\IRAABOUT.DLL
1998-12-09 10:53:54 70144 -c--a-w- c:\program files\common files\IRAMDMTR.DLL
1998-12-09 10:53:54 48640 -c--a-w- c:\program files\common files\IRALPTTR.DLL
1998-12-09 10:53:54 31744 -c--a-w- c:\program files\common files\IRAWEBTR.DLL
1998-12-09 10:53:54 186368 -c--a-w- c:\program files\common files\IRAREG.DLL
1998-12-09 10:53:54 17920 -c--a-w- c:\program files\common files\IRASRIAL.DLL
.
============= FINISH: 2:47:15.15 ===============

Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 7/6/2006 5:23:11 PM
System Uptime: 8/14/2012 2:22:16 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0JC474
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 7.487 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 57 GiB total, 16.554 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Photosmart D110 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: D110,192.168.1.122
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP569: 8/12/2012 3:51:25 PM - System Checkpoint
RP570: 8/12/2012 10:41:39 PM - Installed QuickTime
RP571: 8/13/2012 12:32:26 AM - Installed Windows XP KB2618444.
RP572: 8/13/2012 12:37:13 PM - Removed Java(TM) 6 Update 31
RP573: 8/13/2012 12:38:16 PM - Installed Java(TM) 6 Update 33
RP574: 8/13/2012 12:39:17 PM - Installed Java Runtime Environment
RP575: 8/13/2012 1:10:20 PM - Installed Microsoft Fix it 50102
RP576: 8/13/2012 4:03:30 PM - Installed Microsoft Fix it 50884
RP577: 8/14/2012 1:02:58 AM - Removed Microsoft Silverlight
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Illustrator 8.0
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11
AiO_Scan
AOLIcon
Apple Application Support
Apple Software Update
Applian FLV Player
BufferChm
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CarbonPoker
Corel Paint Shop Pro X
Corel Photo Album 6
Coupon Printer for Windows
Creative Jukebox Driver
Creative Mass Storage Drivers
Creative MediaSource
Creative System Information
CyberPower PowerPanel Personal Edition
D110
Dell Driver Reset Tool
Destinations
DeviceDiscovery
Doxillion Document Converter
DVD Decrypter (Remove Only)
ELIcon
Enterprise
FirstClass® Client
FormatFactory 2.80
Free M4a to MP3 Converter 5.9
Free RAR Extract Frog
Freecorder 5
Freecorder Toolbar
Full Tilt Poker
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
GraphCalc v4.0.1
Hewlett-Packard ACLM.NET v1.1.0.0
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
HP Product Detection
HP PSC & Officejet 4.2 Corporate Edition
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPAppStudio
HPDiagnosticAlert
HPProductAssistant
HTC BMP USB Driver
HTC Driver Installer
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Java Auto Updater
Java(TM) 6 Update 33
Junk Mail filter update
Kyodai Mahjongg 2006 v1.21
MarketResearch
MCU
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Security Client
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MIT MathML Fonts 1.0
MixPad Audio Mixer
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
Mp3tag v2.49
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
Network
Oracle JInitiator 1.3.1.22
Oracle JInitiator 1.3.1.28
Papercut
PhotoStage Slideshow Producer
Poker Tracker Omaha Version 1.12.00
Poker Tracker Version 2.16.03d
PokerStove version 1.21
Prism Video File Converter
PS_AIO_07_D110_SW_Min
QFolder
QuickTime
QuickTransfer
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Samsung PC Studio for SGH-D807
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
SigmaTel Audio
Skype™ 5.10
SmartWebPrinting
SolutionCenter
Sonic Activation Module
Sonic Advanced Decoder
Sonic Encoders
Sonic Update Manager
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
Spyware Terminator 2012
Status
Switch Sound File Converter
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 2.0.1
WavePad Sound Editor
WebFldrs XP
WebReg
Winamp
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
WinZip
Xvid 1.2.2 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
8/14/2012 2:34:56 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1930.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
8/14/2012 12:55:52 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1930.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
8/14/2012 1:18:53 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1930.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
8/14/2012 1:08:06 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm Lbd MpFilter sp_rsdrv2 StarOpen
8/13/2012 4:28:37 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1930.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
8/13/2012 4:28:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/13/2012 4:22:03 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1930.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80004002 Error description: No such interface supported
8/13/2012 3:47:26 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1930.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
8/13/2012 12:41:37 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1930.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
8/13/2012 12:40:19 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
8/12/2012 3:03:34 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800f0102: Security Update for Windows XP (KB2592799).
8/12/2012 11:47:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/12/2012 11:31:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/12/2012 11:19:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm Lbd MpFilter StarOpen
8/12/2012 11:18:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/12/2012 11:06:24 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
8/12/2012 11:06:24 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
8/12/2012 11:02:04 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
8/12/2012 1:49:03 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'bnts.dll' on the volume 'HarddiskVolume3'. It has stopped monitoring the volume.
8/11/2012 3:23:39 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0016763F6D3D has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/10/2012 12:52:28 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
.
==== End Of File ===========================
kuboa
Regular Member
 
Posts: 29
Joined: March 27th, 2011, 9:59 pm
Advertisement
Register to Remove

Re: BITS & Automatic Update services uninstalled

Unread postby deltalima » August 15th, 2012, 11:25 am

checking your post - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: BITS & Automatic Update services uninstalled

Unread postby deltalima » August 15th, 2012, 11:30 am

Hi kuboa,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: BITS & Automatic Update services uninstalled

Unread postby kuboa » August 15th, 2012, 6:45 pm

1) OTL.txt:

OTL logfile created on: 8/15/2012 9:22:52 AM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 58.12% Memory free
2.58 Gb Paging File | 1.80 Gb Available in Paging File | 69.94% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.83 Gb Total Space | 9.34 Gb Free Space | 13.37% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 57.27 Gb Total Space | 16.55 Gb Free Space | 28.91% Space Free | Partition Type: NTFS

Computer Name: ROLARAUS | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Admin\Local Settings\temp\clclean.0001 (Macrovision Europe Ltd.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
PRC - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe ()
PRC - C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe ()
PRC - C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe (Musicmatch, Inc.)
PRC - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe (Musicmatch, Inc.)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\MDM.EXE (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\Admin\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp ()
MOD - C:\Documents and Settings\All Users\Application Data\Windows Codecs\Data\hd19_module.dat ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Mega Codec Pack\Filters\Haali\mmfinfo.dll ()
MOD - C:\Program Files\Mega Codec Pack\Filters\Haali\mkunicode.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - \\?\globalroot\systemroot\system32\mswsock.dll ()
MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\msjetoledb40.dll ()
MOD - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe ()
MOD - C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe ()
MOD - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmgit.dll ()
MOD - C:\WINDOWS\system32\CTMBHA.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (Kinetic Books License Service) -- C:\Program Files\Common Files\Kinetic Books Shared\Service\KineticBooksLicenseService.exe File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (ppped) -- C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe ()


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (tbhsd) -- system32\drivers\tbhsd.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (Normandy) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys File not found
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (MSHUSBVideo) -- C:\WINDOWS\system32\drivers\nx6000.sys (Microsoft Corporation)
DRV - (htcnprot) -- C:\WINDOWS\system32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV - (HTCAND32) -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (Jukebox3) -- C:\WINDOWS\system32\drivers\ctpdusb.sys (Creative Technology Ltd.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (CTUSFSYN) -- C:\WINDOWS\system32\drivers\CTUSFSYN.SYS (Creative Technology Ltd.)
DRV - (sigfilt) -- C:\WINDOWS\system32\drivers\sigfilt.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\CTOSS2K.SYS (Creative Technology Ltd.)
DRV - (ndiscm) -- C:\WINDOWS\system32\drivers\NetMotCM.sys (Motorola Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=del ... channel=us
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/sear ... rome_us&p={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... channel=us
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... channel=us
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-135093510-1491057928-3733135767-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-135093510-1491057928-3733135767-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-135093510-1491057928-3733135767-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-135093510-1491057928-3733135767-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-135093510-1491057928-3733135767-1005\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-135093510-1491057928-3733135767-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-135093510-1491057928-3733135767-1005\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://supertoolbar.ask.com/redirect?cl ... src=crm&q={searchTerms}&locale={locale.underscore}
IE - HKU\S-1-5-21-135093510-1491057928-3733135767-1005\..\SearchScopes\{34A4C194-D742-47C6-A26E-D34854917A6B}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-135093510-1491057928-3733135767-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-135093510-1491057928-3733135767-1005\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/sear ... rome_us&p={searchTerms}
IE - HKU\S-1-5-21-135093510-1491057928-3733135767-1005\..\SearchScopes\{FB48B168-84BB-CCE3-D32D-94102F37C5B0}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z149&form=ZGAIDF&install_date=20111218&iesrc={referrer:source}
IE - HKU\S-1-5-21-135093510-1491057928-3733135767-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========



FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/20 11:30:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/13 01:46:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/13 12:38:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/20 11:30:32 | 000,000,000 | ---D | M]

[2008/08/28 18:11:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2012/07/06 11:07:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\gqczuag7.default\extensions
[2010/05/15 21:21:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\gqczuag7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/17 18:10:35 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\gqczuag7.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}
[2012/06/27 19:46:01 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\gqczuag7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012/06/09 09:28:06 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\gqczuag7.default\extensions\anttoolbar@ant.com
[2011/05/01 08:51:56 | 000,000,000 | ---D | M] (Dictionary) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\gqczuag7.default\extensions\dictionary@adarsh.tp
[2012/07/06 11:07:01 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\gqczuag7.default\extensions\donottrackplus@abine.com
[2009/12/07 20:27:55 | 000,002,235 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\gqczuag7.default\searchplugins\askcom.xml
[2012/08/10 13:14:49 | 000,001,596 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\gqczuag7.default\searchplugins\rollyo-1-188115.xml
[2012/08/13 12:39:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/13 12:39:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2011/07/19 08:26:27 | 000,097,169 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GQCZUAG7.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
[2012/02/07 20:59:56 | 000,246,025 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GQCZUAG7.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI
[2012/02/22 23:00:09 | 000,164,722 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GQCZUAG7.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI
[2011/12/17 18:17:19 | 000,061,854 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GQCZUAG7.DEFAULT\EXTENSIONS\YTVDW@PGPORT.COM.XPI
[2012/08/13 12:38:38 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/07/13 17:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2004/11/12 20:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2009/11/06 09:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2005/04/05 04:38:20 | 000,053,355 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\NPJinit13122.dll
[2006/09/28 05:45:46 | 000,053,355 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\NPJinit13128.dll
[2007/02/03 11:39:19 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2009/11/06 09:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/07/13 17:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/29 20:59:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/07/13 17:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/08/13 14:18:24 | 000,443,264 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15251 more lines...
O2 - BHO: (Freecorder Toolbar) - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files\freecordertoolbar\vmntemplateX.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files\freecordertoolbar\vmntemplateX.dll ()
O3 - HKU\S-1-5-21-135093510-1491057928-3733135767-1005\..\Toolbar\ShellBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-135093510-1491057928-3733135767-1005..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-135093510-1491057928-3733135767-1005..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe ()
O4 - HKU\S-1-5-21-135093510-1491057928-3733135767-1005..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-135093510-1491057928-3733135767-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-135093510-1491057928-3733135767-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-135093510-1491057928-3733135767-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-135093510-1491057928-3733135767-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-135093510-1491057928-3733135767-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftup ... 1983546703 (WUWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwar ... TSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 1983537141 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.22)
O16 - DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.28)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA9DF2EB-A861-4BA4-B611-C0C5A79B9D99}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Personal\Designs\Desktop\Prism Chip.BMP
O24 - Desktop BackupWallPaper: C:\Personal\Designs\Desktop\Prism Chip.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: dcomager - (C:\WINDOWS\system32\dfrgnsvr.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/15 09:20:38 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2012/08/15 02:49:20 | 009,826,504 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2012/08/14 15:57:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2012/08/14 06:39:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\Malware
[2012/08/14 00:55:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\My Documents\My Videos
[2012/08/14 00:55:22 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/08/14 00:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2012/08/13 12:38:57 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/08/13 12:38:56 | 000,476,976 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/08/13 12:38:54 | 000,157,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/08/13 12:38:54 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/08/13 12:38:54 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/08/13 00:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/13 00:22:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/08/13 00:00:30 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2012/08/13 00:00:30 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2012/08/13 00:00:16 | 000,000,000 | ---D | C] -- C:\Program Files\msn
[2012/08/12 22:46:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\FFOutput
[2012/08/12 22:42:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/08/12 22:42:28 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/08/12 22:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/08/12 22:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/08/12 22:30:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Codecs
[2012/08/12 22:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mega Codec Pack
[2012/07/22 10:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/07/22 10:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[1998/12/09 03:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL
[1998/12/09 03:53:54 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL
[1998/12/09 03:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL
[1998/12/09 03:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL
[1998/12/09 03:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL
[1998/12/09 03:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/15 09:27:55 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/15 09:20:50 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2012/08/15 09:08:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/15 08:49:10 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/15 03:00:00 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2012/08/15 02:49:27 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/15 02:49:27 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/08/15 02:49:21 | 009,826,504 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2012/08/14 22:08:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/14 17:06:33 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/08/14 16:56:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/14 16:56:22 | 2137,149,440 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/14 13:05:54 | 000,000,452 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\spider.sav
[2012/08/13 14:18:24 | 000,443,264 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/08/13 12:38:33 | 000,157,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/08/13 12:38:33 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/08/13 12:38:33 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/08/13 12:38:33 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/08/13 12:38:31 | 000,476,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/08/13 12:38:31 | 000,472,880 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/08/13 02:06:32 | 000,200,144 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/13 02:05:16 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2012/08/13 01:46:24 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mudfuzza.lnk
[2012/08/13 01:46:24 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/08/13 00:41:24 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/08/13 00:38:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/12 22:32:39 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2012/08/12 22:32:19 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\prismShakeIcon.job
[2012/08/12 01:25:25 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Yer Mammy.lnk
[2012/08/11 20:45:10 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\photostageShakeIcon.job
[2012/08/11 20:45:09 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\photostageDowngrade.job
[2012/08/11 15:17:54 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Shortcut to Best.lnk
[2012/07/22 10:11:46 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/07/16 21:54:26 | 000,000,393 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Shortcut to Personal.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/14 16:56:22 | 2137,149,440 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/13 02:05:16 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2012/08/13 01:46:24 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mudfuzza.lnk
[2012/08/13 00:49:19 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/08/13 00:39:21 | 000,001,708 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/12 23:31:43 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/08/12 23:31:42 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/08/12 22:40:48 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/08/12 22:32:39 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2012/08/12 22:32:18 | 000,000,268 | ---- | C] () -- C:\WINDOWS\tasks\prismShakeIcon.job
[2012/08/11 22:56:33 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\VLC media player.lnk
[2012/08/11 15:17:54 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Shortcut to Best.lnk
[2012/08/11 14:57:22 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\photostageShakeIcon.job
[2012/08/10 13:50:23 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\photostageDowngrade.job
[2012/07/22 10:11:46 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/07/16 21:54:57 | 000,000,393 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Shortcut to Personal.lnk
[2012/02/23 19:26:23 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2012/02/15 21:59:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/25 12:37:56 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/20 20:04:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/20 20:04:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/20 20:04:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/20 20:04:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/20 20:04:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/18 17:10:03 | 000,016,420 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\lhjohf7i0pnb3slf3dkr6l000l3k
[2011/12/11 10:03:38 | 000,015,360 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\kkkyie8v2dkr8ipq7ofa1g307g6b
[2011/11/20 11:18:58 | 000,206,918 | ---- | C] () -- C:\WINDOWS\hpoins46.dat
[2011/11/20 11:18:58 | 000,000,574 | ---- | C] () -- C:\WINDOWS\hpomdl46.dat
[2011/03/27 19:27:50 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/26 17:08:45 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\mhncache.dat
[2010/10/09 12:53:42 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2008/08/20 14:05:59 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\Admin\jinitiator13128.trace
[2008/03/19 19:05:53 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/13 11:44:10 | 000,001,502 | ---- | C] () -- C:\Documents and Settings\Admin\jinitiator13122.trace
[2007/09/01 15:41:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2006/10/03 12:45:13 | 000,000,149 | ---- | C] () -- C:\Documents and Settings\Admin\webct_upload_applet.properties
[2006/07/08 10:37:31 | 001,136,574 | ---- | C] () -- C:\Documents and Settings\Admin\Commingle.BMP

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB59126$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 12620 bytes -> C:\Documents and Settings\Admin\Commingle.BMP:Q30lsldxJoudresxAaaqpcawXc

< End of report >




OTL Extras logfile created on: 8/15/2012 9:23:19 AM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 58.12% Memory free
2.58 Gb Paging File | 1.80 Gb Available in Paging File | 69.94% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.83 Gb Total Space | 9.34 Gb Free Space | 13.37% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 57.27 Gb Total Space | 16.55 Gb Free Space | 28.91% Space Free | Partition Type: NTFS

Computer Name: ROLARAUS | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-135093510-1491057928-3733135767-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{2869279D-7AE2-4A13-96B8-46078BA3F75B}" = FirstClass® Client
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{293527DF-10C0-468F-9034-4615CEDD5698}" = Papercut
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Sonic Advanced Decoder
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52D97366-9779-43AB-98A2-91600DCD9102}" = Enterprise
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass® Client
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{6165536A-3F9D-46FF-8E4F-993DDB4C7DCD}" = CyberPower PowerPanel Personal Edition
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.21
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{91D3AD6F-09CD-4695-9FA3-8FB15429BE97}" = D110
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC1314E7-D28C-40A1-B322-80D2868D35CE}" = HP PSC & Officejet 4.2 Corporate Edition
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B3CFD1BB-4ED2-4F3F-AD23-ACD12F21E62B}" = Samsung PC Studio for SGH-D807
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6E52B1B-9905-469A-B8CD-399FDFA98873}" = MIT MathML Fonts 1.0
"{CAFECAFE-0013-0001-0122-ABCDEFABCDEF}" = Oracle JInitiator 1.3.1.22
"{CAFECAFE-0013-0001-0128-ABCDEFABCDEF}" = Oracle JInitiator 1.3.1.28
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}" = HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Illustrator 8.0" = Adobe Illustrator 8.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Applian FLV Player2.0.24" = Applian FLV Player
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Creative Jukebox Driver" = Creative Jukebox Driver
"Creative Mass Storage Drivers" = Creative Mass Storage Drivers
"CSCLIB" = Canon Camera Support Core Library
"Doxillion" = Doxillion Document Converter
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"EOS Utility" = Canon Utilities EOS Utility
"FormatFactory" = FormatFactory 2.80
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 5.9
"Free RAR Extract Frog" = Free RAR Extract Frog
"freecordertoolbar" = Freecorder Toolbar
"GraphCalc v4.0.1_is1" = GraphCalc v4.0.1
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Kyodai Mahjongg 2006_is1" = Kyodai Mahjongg 2006 v1.21
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MixPad" = MixPad Audio Mixer
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MuVo Driver" = Creative Mass Storage Drivers
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoStage" = PhotoStage Slideshow Producer
"PhotoStitch" = Canon Utilities PhotoStitch
"Poker Tracker Omaha Version 1.12.00_is1" = Poker Tracker Omaha Version 1.12.00
"Poker Tracker Version 2.16.03d_is1" = Poker Tracker Version 2.16.03d
"Prism" = Prism Video File Converter
"PROSet" = Intel(R) PRO Network Connections Drivers
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Product Registration
"Switch" = Switch Sound File Converter
"SysInfo" = Creative System Information
"VLC media player" = VLC media player 2.0.1
"WavePad" = WavePad Sound Editor
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-135093510-1491057928-3733135767-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CarbonPoker" = CarbonPoker

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/15/2012 6:39:03 AM | Computer Name = ROLARAUS | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 8/15/2012 7:05:37 AM | Computer Name = ROLARAUS | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 8/15/2012 7:08:10 AM | Computer Name = ROLARAUS | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 8/15/2012 7:10:22 AM | Computer Name = ROLARAUS | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 8/15/2012 7:13:00 AM | Computer Name = ROLARAUS | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 8/15/2012 7:15:43 AM | Computer Name = ROLARAUS | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 8/15/2012 8:25:04 AM | Computer Name = ROLARAUS | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 8/15/2012 8:29:16 AM | Computer Name = ROLARAUS | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 8/15/2012 11:54:42 AM | Computer Name = ROLARAUS | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 8/15/2012 11:55:47 AM | Computer Name = ROLARAUS | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

[ System Events ]
Error - 8/15/2012 10:44:59 AM | Computer Name = ROLARAUS | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 8/15/2012 11:05:55 AM | Computer Name = ROLARAUS | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 8/15/2012 11:15:31 AM | Computer Name = ROLARAUS | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 8/15/2012 11:20:32 AM | Computer Name = ROLARAUS | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 8/15/2012 11:38:30 AM | Computer Name = ROLARAUS | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 8/15/2012 11:44:28 AM | Computer Name = ROLARAUS | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 8/15/2012 11:49:44 AM | Computer Name = ROLARAUS | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 8/15/2012 12:05:44 PM | Computer Name = ROLARAUS | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 8/15/2012 12:15:53 PM | Computer Name = ROLARAUS | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 8/15/2012 12:25:22 PM | Computer Name = ROLARAUS | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127


< End of report >




3) GMER results (run in Safe Mode):

Ended with a popup reading: "WARNING!!! GMER has found system modification caused by ROOTKIT activity." I clicked OK.

The direction 'When completed, click on the Copy button', however, could not be followed because I could find no Copy button on the Rootkit/ Malware tab (because I am in Safe Mode, I cannot reset Display properties to see where this button is, but I doubt it's even on that tab). If I am not in error, please consider editing the instruction for future victims.

Meanwhile, thank you!

~Rob
kuboa
Regular Member
 
Posts: 29
Joined: March 27th, 2011, 9:59 pm

Re: BITS & Automatic Update services uninstalled

Unread postby deltalima » August 15th, 2012, 7:03 pm

Hi kuboa,

Rootkit Warning
Your computer has multiple infections, including a rootkit.
A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

You are strongly advised to do the following:
  1. Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  2. Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts.
    If you don't mind the hassle, change all your account numbers.
  3. From a clean computer, change all your passwords
    (Internet login, your email address(es), financial accounts, PayPal, eBay, Amazon...any online activities you carry out which require a username and password).
    Do NOT change your passwords from this computer, the attacker can still get all the new passwords and transaction records.
  4. Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.

Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again.
Many experts in the security community believe that once infected with this type of Trojan,
the best course of action would be to do a reformat and re-installation of the operating system (OS).
This decision will have to be made by you...


We can attempt to clean this machine but we will not guarantee that it won't still be compromised, afterwards.
Please let me know how you wish to proceed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: BITS & Automatic Update services uninstalled

Unread postby kuboa » August 15th, 2012, 8:13 pm

I would like to at least attempt to clean this machine. I will take the other precautions.

Thank you.
kuboa
Regular Member
 
Posts: 29
Joined: March 27th, 2011, 9:59 pm

Re: BITS & Automatic Update services uninstalled

Unread postby deltalima » August 16th, 2012, 8:11 am

Hi kuboa,

TDSSKiller

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Important!: Run this fix once and once only.
  • Double click the TDSSKiller icon on you're desktop then click Start scan.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found click Cure > Continue > Reboot now.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: BITS & Automatic Update services uninstalled

Unread postby kuboa » August 16th, 2012, 12:41 pm

>> Browsing already seems quicker!

09:33:31.0459 0444 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
09:33:32.0381 0444 ============================================================
09:33:32.0381 0444 Current date / time: 2012/08/16 09:33:32.0381
09:33:32.0381 0444 SystemInfo:
09:33:32.0381 0444
09:33:32.0381 0444 OS Version: 5.1.2600 ServicePack: 3.0
09:33:32.0381 0444 Product type: Workstation
09:33:32.0381 0444 ComputerName: ROLARAUS
09:33:32.0381 0444 UserName: Admin
09:33:32.0381 0444 Windows directory: C:\WINDOWS
09:33:32.0381 0444 System windows directory: C:\WINDOWS
09:33:32.0381 0444 Processor architecture: Intel x86
09:33:32.0381 0444 Number of processors: 1
09:33:32.0381 0444 Page size: 0x1000
09:33:32.0381 0444 Boot type: Normal boot
09:33:32.0381 0444 ============================================================
09:33:34.0678 0444 Drive \Device\Harddisk0\DR0 - Size: 0xE51424000 (57.27 Gb), SectorSize: 0x200, Cylinders: 0x1D34, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:33:34.0693 0444 Drive \Device\Harddisk1\DR1 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:33:34.0709 0444 ============================================================
09:33:34.0709 0444 \Device\Harddisk0\DR0:
09:33:34.0709 0444 MBR partitions:
09:33:34.0709 0444 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7289BF5
09:33:34.0709 0444 \Device\Harddisk1\DR1:
09:33:34.0709 0444 MBR partitions:
09:33:34.0709 0444 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x7D82, BlocksNum 0x8BAA09C
09:33:34.0709 0444 ============================================================
09:33:34.0740 0444 C: <-> \Device\Harddisk1\DR1\Partition1
09:33:34.0756 0444 E: <-> \Device\Harddisk0\DR0\Partition1
09:33:34.0756 0444 ============================================================
09:33:34.0756 0444 Initialize success
09:33:34.0756 0444 ============================================================
09:33:42.0178 2564 ============================================================
09:33:42.0178 2564 Scan started
09:33:42.0178 2564 Mode: Manual;
09:33:42.0178 2564 ============================================================
09:33:43.0318 2564 ================ Scan services =============================
09:33:43.0506 2564 Abiosdsk - ok
09:33:43.0553 2564 [ 6abb91494fe6c59089b9336452ab2ea3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:33:43.0553 2564 abp480n5 - ok
09:33:43.0584 2564 [ 8fd99680a539792a30e97944fdaecf17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:33:43.0584 2564 ACPI - ok
09:33:43.0615 2564 [ 9859c0f6936e723e4892d7141b1327d5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
09:33:43.0631 2564 ACPIEC - ok
09:33:43.0740 2564 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:33:43.0756 2564 AdobeFlashPlayerUpdateSvc - ok
09:33:43.0787 2564 [ 9a11864873da202c996558b2106b0bbc ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:33:43.0787 2564 adpu160m - ok
09:33:43.0865 2564 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys
09:33:43.0881 2564 aec - ok
09:33:43.0912 2564 [ 355556d9e580915118cd7ef736653a89 ] AFD C:\WINDOWS\System32\drivers\afd.sys
09:33:43.0943 2564 AFD - ok
09:33:44.0006 2564 [ 08fd04aa961bdc77fb983f328334e3d7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
09:33:44.0021 2564 agp440 - ok
09:33:44.0053 2564 [ 03a7e0922acfe1b07d5db2eeb0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:33:44.0053 2564 agpCPQ - ok
09:33:44.0084 2564 [ c23ea9b5f46c7f7910db3eab648ff013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:33:44.0115 2564 Aha154x - ok
09:33:44.0131 2564 [ 19dd0fb48b0c18892f70e2e7d61a1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:33:44.0131 2564 aic78u2 - ok
09:33:44.0131 2564 [ b7fe594a7468aa0132deb03fb8e34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:33:44.0146 2564 aic78xx - ok
09:33:44.0162 2564 [ a9a3daa780ca6c9671a19d52456705b4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
09:33:44.0193 2564 Alerter - ok
09:33:44.0224 2564 [ 8c515081584a38aa007909cd02020b3d ] ALG C:\WINDOWS\System32\alg.exe
09:33:44.0224 2564 ALG - ok
09:33:44.0256 2564 [ 1140ab9938809700b46bb88e46d72a96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
09:33:44.0256 2564 AliIde - ok
09:33:44.0271 2564 [ cb08aed0de2dd889a8a820cd8082d83c ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:33:44.0271 2564 alim1541 - ok
09:33:44.0271 2564 [ 95b4fb835e28aa1336ceeb07fd5b9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:33:44.0271 2564 amdagp - ok
09:33:44.0303 2564 [ 79f5add8d24bd6893f2903a3e2f3fad6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
09:33:44.0303 2564 amsint - ok
09:33:44.0381 2564 [ d8849f77c0b66226335a59d26cb4edc6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
09:33:44.0381 2564 AppMgmt - ok
09:33:44.0412 2564 [ 62d318e9a0c8fc9b780008e724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
09:33:44.0412 2564 asc - ok
09:33:44.0428 2564 [ 69eb0cc7714b32896ccbfd5edcbea447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:33:44.0459 2564 asc3350p - ok
09:33:44.0490 2564 [ 5d8de112aa0254b907861e9e9c31d597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:33:44.0490 2564 asc3550 - ok
09:33:44.0724 2564 [ 0e5e4957549056e2bf2c49f4f6b601ad ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:33:44.0881 2564 aspnet_state - ok
09:33:44.0928 2564 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:33:44.0959 2564 AsyncMac - ok
09:33:44.0990 2564 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
09:33:44.0990 2564 atapi - ok
09:33:44.0990 2564 Atdisk - ok
09:33:45.0037 2564 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:33:45.0037 2564 Atmarpc - ok
09:33:45.0068 2564 [ def7a7882bec100fe0b2ce2549188f9d ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
09:33:45.0084 2564 AudioSrv - ok
09:33:45.0099 2564 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
09:33:45.0099 2564 audstub - ok
09:33:45.0115 2564 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
09:33:45.0115 2564 Beep - ok
09:33:45.0146 2564 [ a06ce3399d16db864f55faeb1f1927a9 ] Browser C:\WINDOWS\System32\browser.dll
09:33:45.0146 2564 Browser - ok
09:33:45.0271 2564 catchme - ok
09:33:45.0318 2564 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:33:45.0318 2564 cbidf - ok
09:33:45.0318 2564 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
09:33:45.0318 2564 cbidf2k - ok
09:33:45.0443 2564 [ 8ef654045e518ac00e52e7a1e2d3ad70 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
09:33:45.0443 2564 CCALib8 - ok
09:33:45.0490 2564 [ 0be5aef125be881c4f854c554f2b025c ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:33:45.0490 2564 CCDECODE - ok
09:33:45.0521 2564 [ f3ec03299634490e97bbce94cd2954c7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:33:45.0521 2564 cd20xrnt - ok
09:33:45.0537 2564 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
09:33:45.0537 2564 Cdaudio - ok
09:33:45.0568 2564 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
09:33:45.0568 2564 Cdfs - ok
09:33:45.0615 2564 [ 1f4260cc5b42272d71f79e570a27a4fe ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:33:45.0615 2564 Cdrom - ok
09:33:45.0615 2564 Changer - ok
09:33:45.0646 2564 [ 1cfe720eb8d93a7158a4ebc3ab178bde ] CiSvc C:\WINDOWS\system32\cisvc.exe
09:33:45.0662 2564 CiSvc - ok
09:33:45.0693 2564 [ 34cbe729f38138217f9c80212a2a0c82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
09:33:45.0709 2564 ClipSrv - ok
09:33:45.0756 2564 [ d87acaed61e417bba546ced5e7e36d9c ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:33:45.0865 2564 clr_optimization_v2.0.50727_32 - ok
09:33:45.0881 2564 [ e5dcb56c533014ecbc556a8357c929d5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:33:45.0881 2564 CmdIde - ok
09:33:45.0896 2564 [ 6e4c9f21f0fae8940661144f41b13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:33:45.0896 2564 Compbatt - ok
09:33:45.0912 2564 COMSysApp - ok
09:33:45.0943 2564 [ 3ee529119eed34cd212a215e8c40d4b6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:33:45.0943 2564 Cpqarray - ok
09:33:46.0006 2564 [ 7db5e3f44d797bd38b8e336ccc2e49d5 ] Creative Labs Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
09:33:46.0006 2564 Creative Labs Licensing Service - ok
09:33:46.0037 2564 [ 3c8b6609712f4ff78e521f6dcfc4032b ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe
09:33:46.0053 2564 Creative Service for CDROM Access - ok
09:33:46.0068 2564 [ 3d4e199942e29207970e04315d02ad3b ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
09:33:46.0068 2564 CryptSvc - ok
09:33:46.0115 2564 [ 8db84de3aab34a8b4c2f644eff41cd76 ] ctsfm2k C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
09:33:46.0115 2564 ctsfm2k - ok
09:33:46.0131 2564 [ 4ee8822adb764edd28ce44e808097995 ] CTUSFSYN C:\WINDOWS\system32\drivers\ctusfsyn.sys
09:33:46.0131 2564 CTUSFSYN - ok
09:33:46.0146 2564 [ e550e7418984b65a78299d248f0a7f36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:33:46.0146 2564 dac2w2k - ok
09:33:46.0162 2564 [ 683789caa3864eb46125ae86ff677d34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:33:46.0162 2564 dac960nt - ok
09:33:46.0193 2564 [ 6b27a5c03dfb94b4245739065431322c ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
09:33:46.0209 2564 DcomLaunch - ok
09:33:46.0240 2564 [ 5e38d7684a49cacfb752b046357e0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
09:33:46.0240 2564 Dhcp - ok
09:33:46.0271 2564 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
09:33:46.0271 2564 Disk - ok
09:33:46.0318 2564 [ e2d0de31442390c35e3163c87cb6a9eb ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
09:33:46.0365 2564 DLABOIOM - ok
09:33:46.0381 2564 [ d979bebcf7edcc9c9ee1857d1a68c67b ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
09:33:46.0381 2564 DLACDBHM - ok
09:33:46.0396 2564 [ 83545593e297f50a8e2524b4c071a153 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
09:33:46.0428 2564 DLADResN - ok
09:33:46.0443 2564 [ 96e01d901cdc98c7817155cc057001bf ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
09:33:46.0553 2564 DLAIFS_M - ok
09:33:46.0568 2564 [ 0a60a39cc5e767980a31ca5d7238dfa9 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
09:33:46.0631 2564 DLAOPIOM - ok
09:33:46.0646 2564 [ 9fe2b72558fc808357f427fd83314375 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
09:33:46.0662 2564 DLAPoolM - ok
09:33:46.0678 2564 [ 7ee0852ae8907689df25049dcd2342e8 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
09:33:46.0678 2564 DLARTL_N - ok
09:33:46.0693 2564 [ f08e1dafac457893399e03430a6a1397 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
09:33:46.0740 2564 DLAUDFAM - ok
09:33:46.0756 2564 [ e7d105ed1e694449d444a9933df8e060 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
09:33:46.0803 2564 DLAUDF_M - ok
09:33:46.0803 2564 dmadmin - ok
09:33:46.0849 2564 [ d992fe1274bde0f84ad826acae022a41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
09:33:46.0865 2564 dmboot - ok
09:33:46.0881 2564 [ 7c824cf7bbde77d95c08005717a95f6f ] dmio C:\WINDOWS\system32\drivers\dmio.sys
09:33:46.0881 2564 dmio - ok
09:33:46.0912 2564 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys
09:33:46.0912 2564 dmload - ok
09:33:46.0959 2564 [ 57edec2e5f59f0335e92f35184bc8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
09:33:46.0959 2564 dmserver - ok
09:33:46.0974 2564 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
09:33:46.0974 2564 DMusic - ok
09:33:47.0006 2564 [ 5f7e24fa9eab896051ffb87f840730d2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
09:33:47.0006 2564 Dnscache - ok
09:33:47.0053 2564 [ 0f0f6e687e5e15579ef4da8dd6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
09:33:47.0053 2564 Dot3svc - ok
09:33:47.0068 2564 [ 40f3b93b4e5b0126f2f5c0a7a5e22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:33:47.0068 2564 dpti2o - ok
09:33:47.0099 2564 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
09:33:47.0099 2564 drmkaud - ok
09:33:47.0115 2564 [ fd0f95981fef9073659d8ec58e40aa3c ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
09:33:47.0115 2564 DRVMCDB - ok
09:33:47.0131 2564 [ b4869d320428cdc5ec4d7f5e808e99b5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
09:33:47.0131 2564 DRVNDDM - ok
09:33:47.0162 2564 [ 95974e66d3de4951d29e28e8bc0b644c ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:33:47.0178 2564 E100B - ok
09:33:47.0209 2564 [ 2187855a7703adef0cef9ee4285182cc ] EapHost C:\WINDOWS\System32\eapsvc.dll
09:33:47.0209 2564 EapHost - ok
09:33:47.0271 2564 [ 5d1347aa5ae6e2f77d7f4f8372d95ac9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
09:33:47.0271 2564 ehRecvr - ok
09:33:47.0318 2564 [ a53243709439ac2a4c216b817f8d7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
09:33:47.0318 2564 ehSched - ok
09:33:47.0334 2564 [ bc93b4a066477954555966d77fec9ecb ] ERSvc C:\WINDOWS\System32\ersvc.dll
09:33:47.0334 2564 ERSvc - ok
09:33:47.0365 2564 [ 65df52f5b8b6e9bbd183505225c37315 ] Eventlog C:\WINDOWS\system32\services.exe
09:33:47.0381 2564 Eventlog - ok
09:33:47.0412 2564 [ d4991d98f2db73c60d042f1aef79efae ] EventSystem C:\WINDOWS\system32\es.dll
09:33:47.0412 2564 EventSystem - ok
09:33:47.0428 2564 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
09:33:47.0428 2564 Fastfat - ok
09:33:47.0474 2564 [ 99bc0b50f511924348be19c7c7313bbf ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:33:47.0490 2564 FastUserSwitchingCompatibility - ok
09:33:47.0521 2564 [ e97d6a8684466df94ff3bc24fb787a07 ] Fax C:\WINDOWS\system32\fxssvc.exe
09:33:47.0521 2564 Fax - ok
09:33:47.0568 2564 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
09:33:47.0584 2564 Fdc - ok
09:33:47.0615 2564 [ d45926117eb9fa946a6af572fbe1caa3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
09:33:47.0615 2564 Fips - ok
09:33:47.0631 2564 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:33:47.0646 2564 Flpydisk - ok
09:33:47.0678 2564 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
09:33:47.0678 2564 FltMgr - ok
09:33:47.0756 2564 [ 8ba7c024070f2b7fdd98ed8a4ba41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:33:47.0771 2564 FontCache3.0.0.0 - ok
09:33:47.0803 2564 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:33:47.0803 2564 Fs_Rec - ok
09:33:47.0834 2564 [ 6ac26732762483366c3969c9e4d2259d ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:33:47.0834 2564 Ftdisk - ok
09:33:47.0865 2564 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:33:47.0881 2564 Gpc - ok
09:33:48.0568 2564 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
09:33:48.0568 2564 gupdate - ok
09:33:48.0584 2564 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
09:33:48.0584 2564 gupdatem - ok
09:33:48.0615 2564 [ cc839e8d766cc31a7710c9f38cf3e375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:33:48.0631 2564 gusvc - ok
09:33:48.0662 2564 [ 573c7d0a32852b48f3058cfd8026f511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:33:48.0662 2564 HDAudBus - ok
09:33:48.0740 2564 [ 4fcca060dfe0c51a09dd5c3843888bcd ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:33:48.0740 2564 helpsvc - ok
09:33:48.0771 2564 [ 748031ff4fe45ccc47546294905feab8 ] HidBatt C:\WINDOWS\system32\DRIVERS\HidBatt.sys
09:33:48.0771 2564 HidBatt - ok
09:33:48.0787 2564 HidServ - ok
09:33:48.0818 2564 [ ccf82c5ec8a7326c3066de870c06daf1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:33:48.0818 2564 HidUsb - ok
09:33:48.0865 2564 [ 8878bd685e490239777bfe51320b88e9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
09:33:48.0865 2564 hkmsvc - ok
09:33:48.0912 2564 [ b028377dea0546a5fcfba928a8aefae0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
09:33:48.0912 2564 hpn - ok
09:33:48.0990 2564 [ 5da42d24712e00728cea2342a65009b2 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
09:33:49.0006 2564 hpqcxs08 - ok
09:33:49.0037 2564 [ d86a39bf100069444d026d22d9a6e555 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
09:33:49.0037 2564 hpqddsvc - ok
09:33:49.0084 2564 [ a04f4ac48895774a2cf9d1c9eaaacef0 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
09:33:49.0099 2564 HPSLPSVC - ok
09:33:49.0131 2564 [ 5faba4775d4c61e55ec669d643ffc71f ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
09:33:49.0131 2564 HPZid412 - ok
09:33:49.0162 2564 [ a3c43980ee1f1beac778b44ea65dbdd4 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
09:33:49.0162 2564 HPZipr12 - ok
09:33:49.0209 2564 [ 2906949bd4e206f2bb0dd1896ce9f66f ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
09:33:49.0209 2564 HPZius12 - ok
09:33:49.0240 2564 [ 77e4ff0b73bc0aeaaf39bf0c8104231f ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
09:33:49.0256 2564 HSFHWBS2 - ok
09:33:49.0318 2564 [ 60e1604729a15ef4a3b05f298427b3b1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
09:33:49.0334 2564 HSF_DP - ok
09:33:49.0365 2564 [ cbd09ed9cf6822177ee85aea4d8816a2 ] HTCAND32 C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
09:33:49.0381 2564 HTCAND32 - ok
09:33:49.0428 2564 [ 04e3b3554076b8192a668efe88a682a1 ] htcnprot C:\WINDOWS\system32\DRIVERS\htcnprot.sys
09:33:49.0428 2564 htcnprot - ok
09:33:49.0459 2564 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
09:33:49.0474 2564 HTTP - ok
09:33:49.0506 2564 [ 6100a808600f44d999cebdef8841c7a3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
09:33:49.0506 2564 HTTPFilter - ok
09:33:49.0553 2564 [ 9368670bd426ebea5e8b18a62416ec28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
09:33:49.0553 2564 i2omgmt - ok
09:33:49.0584 2564 [ f10863bf1ccc290babd1a09188ae49e0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:33:49.0584 2564 i2omp - ok
09:33:49.0584 2564 [ 4a0b06aa8943c1e332520f7440c0aa30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:33:49.0584 2564 i8042prt - ok
09:33:49.0646 2564 [ 5a8e05f1d5c36abd58cffa111eb325ea ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:33:49.0662 2564 ialm - ok
09:33:49.0740 2564 [ c01ac32dc5c03076cfb852cb5da5229c ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:33:49.0771 2564 idsvc - ok
09:33:49.0818 2564 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
09:33:49.0818 2564 Imapi - ok
09:33:49.0865 2564 [ 30deaf54a9755bb8546168cfe8a6b5e1 ] ImapiService C:\WINDOWS\system32\imapi.exe
09:33:49.0865 2564 ImapiService - ok
09:33:49.0896 2564 [ 4a40e045faee58631fd8d91afc620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:33:49.0896 2564 ini910u - ok
09:33:49.0928 2564 [ b5466a9250342a7aa0cd1fba13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
09:33:49.0928 2564 IntelIde - ok
09:33:49.0943 2564 [ 8c953733d8f36eb2133f5bb58808b66b ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:33:49.0943 2564 intelppm - ok
09:33:49.0974 2564 [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
09:33:49.0990 2564 Ip6Fw - ok
09:33:50.0006 2564 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:33:50.0006 2564 IpFilterDriver - ok
09:33:50.0053 2564 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:33:50.0068 2564 IpInIp - ok
09:33:50.0115 2564 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:33:50.0115 2564 IpNat - ok
09:33:50.0131 2564 [ 23c74d75e36e7158768dd63d92789a91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:33:50.0131 2564 IPSec - ok
09:33:50.0162 2564 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
09:33:50.0162 2564 IRENUM - ok
09:33:50.0209 2564 [ 05a299ec56e52649b1cf2fc52d20f2d7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:33:50.0209 2564 isapnp - ok
09:33:50.0303 2564 [ 28e8a9984ba1297efe44b6138d2ca51e ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
09:33:50.0303 2564 JavaQuickStarterService - ok
09:33:50.0334 2564 [ 6c24d3878f44c271d94ea6cab1acd739 ] Jukebox3 C:\WINDOWS\system32\DRIVERS\ctpdusb.sys
09:33:50.0349 2564 Jukebox3 - ok
09:33:50.0381 2564 [ 463c1ec80cd17420a542b7f36a36f128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:33:50.0381 2564 Kbdclass - ok
09:33:50.0396 2564 [ 9ef487a186dea361aa06913a75b3fa99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:33:50.0396 2564 kbdhid - ok
09:33:50.0412 2564 Kinetic Books License Service - ok
09:33:50.0443 2564 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
09:33:50.0443 2564 kmixer - ok
09:33:50.0474 2564 [ b467646c54cc746128904e1654c750c1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
09:33:50.0474 2564 KSecDD - ok
09:33:50.0506 2564 [ 3a7c3cbe5d96b8ae96ce81f0b22fb527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
09:33:50.0506 2564 lanmanserver - ok
09:33:50.0537 2564 [ a8888a5327621856c0cec4e385f69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
09:33:50.0537 2564 lanmanworkstation - ok
09:33:50.0537 2564 Lavasoft Kernexplorer - ok
09:33:50.0553 2564 Lbd - ok
09:33:50.0553 2564 lbrtfdc - ok
09:33:50.0584 2564 [ a7db739ae99a796d91580147e919cc59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
09:33:50.0584 2564 LmHosts - ok
09:33:50.0631 2564 [ df0a511f38f16016bf658fca0090cb87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
09:33:50.0631 2564 McrdSvc - ok
09:33:50.0646 2564 [ eeaea6514ba7c9d273b5e87c4e1aab30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:33:50.0646 2564 mdmxsdk - ok
09:33:50.0678 2564 [ 986b1ff5814366d71e0ac5755c88f2d3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
09:33:50.0693 2564 Messenger - ok
09:33:50.0724 2564 [ b7521f69c0a9b29d356157229376fb21 ] MHN C:\WINDOWS\System32\mhn.dll
09:33:50.0724 2564 MHN - ok
09:33:50.0756 2564 [ 7f2f1d2815a6449d346fcccbc569fbd6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
09:33:50.0756 2564 MHNDRV - ok
09:33:50.0771 2564 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
09:33:50.0771 2564 mnmdd - ok
09:33:50.0818 2564 [ d18f1f0c101d06a1c1adf26eed16fcdd ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
09:33:50.0818 2564 mnmsrvc - ok
09:33:50.0849 2564 [ dfcbad3cec1c5f964962ae10e0bcc8e1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
09:33:50.0865 2564 Modem - ok
09:33:50.0881 2564 [ 1992e0d143b09653ab0f9c5e04b0fd65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
09:33:50.0896 2564 MODEMCSA - ok
09:33:50.0896 2564 [ 35c9e97194c8cfb8430125f8dbc34d04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:33:50.0912 2564 Mouclass - ok
09:33:50.0959 2564 [ b1c303e17fb9d46e87a98e4ba6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:33:50.0959 2564 mouhid - ok
09:33:50.0974 2564 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
09:33:50.0974 2564 MountMgr - ok
09:33:51.0037 2564 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:33:51.0037 2564 MozillaMaintenance - ok
09:33:51.0068 2564 [ d993bea500e7382dc4e760bf4f35efcb ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
09:33:51.0084 2564 MpFilter - ok
09:33:51.0178 2564 [ a69630d039c38018689190234f866d77 ] MpKsle3c78dd4 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5CC0B48E-259E-4217-805A-16531A7E61E2}\MpKsle3c78dd4.sys
09:33:51.0178 2564 MpKsle3c78dd4 - ok
09:33:51.0209 2564 [ 3f4bb95e5a44f3be34824e8e7caf0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:33:51.0209 2564 mraid35x - ok
09:33:51.0224 2564 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:33:51.0240 2564 MRxDAV - ok
09:33:51.0271 2564 [ 6542397110b9528c3f8e539dc8458148 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:33:51.0287 2564 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mrxsmb.sys. Real md5: 6542397110b9528c3f8e539dc8458148, Fake md5: 7d304a5eb4344ebeeab53a2fe3ffb9f0
09:33:51.0287 2564 MRxSmb ( Virus.Win32.ZAccess.k ) - infected
09:33:51.0287 2564 MRxSmb - detected Virus.Win32.ZAccess.k (0)
09:33:51.0334 2564 [ b03e3f64b70f8031e65eb26da23de91a ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
09:33:51.0334 2564 MSCamSvc - ok
09:33:51.0365 2564 [ a137f1470499a205abbb9aafb3b6f2b1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
09:33:51.0365 2564 MSDTC - ok
09:33:51.0381 2564 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
09:33:51.0381 2564 Msfs - ok
09:33:51.0412 2564 [ 7a0f9cbdbdb135113b9a3c138e20c85d ] MSHUSBVideo C:\WINDOWS\system32\Drivers\nx6000.sys
09:33:51.0412 2564 MSHUSBVideo - ok
09:33:51.0428 2564 MSIServer - ok
09:33:51.0459 2564 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:33:51.0459 2564 MSKSSRV - ok
09:33:51.0506 2564 [ 24516bf4e12a46cb67302e2cdcb8cddf ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
09:33:51.0506 2564 MsMpSvc - ok
09:33:51.0537 2564 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:33:51.0537 2564 MSPCLOCK - ok
09:33:51.0553 2564 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
09:33:51.0553 2564 MSPQM - ok
09:33:51.0584 2564 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:33:51.0584 2564 mssmbios - ok
09:33:51.0631 2564 [ e53736a9e30c45fa9e7b5eac55056d1d ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
09:33:51.0631 2564 MSTEE - ok
09:33:51.0662 2564 [ de6a75f5c270e756c5508d94b6cf68f5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
09:33:51.0662 2564 Mup - ok
09:33:51.0709 2564 [ 5b50f1b2a2ed47d560577b221da734db ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:33:51.0709 2564 NABTSFEC - ok
09:33:51.0771 2564 [ 0102140028fad045756796e1c685d695 ] napagent C:\WINDOWS\System32\qagentrt.dll
09:33:51.0771 2564 napagent - ok
09:33:51.0787 2564 [ 1df7f42665c94b825322fae71721130d ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
09:33:51.0787 2564 NDIS - ok
09:33:51.0849 2564 [ b797ee2ef919c95561dee78b72b33e5b ] ndiscm C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
09:33:51.0849 2564 ndiscm - ok
09:33:51.0896 2564 [ 7ff1f1fd8609c149aa432f95a8163d97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:33:51.0896 2564 NdisIP - ok
09:33:51.0943 2564 [ 0109c4f3850dfbab279542515386ae22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:33:51.0943 2564 NdisTapi - ok
09:33:51.0959 2564 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:33:51.0959 2564 Ndisuio - ok
09:33:51.0974 2564 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:33:51.0974 2564 NdisWan - ok
09:33:51.0990 2564 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
09:33:51.0990 2564 NDProxy - ok
09:33:52.0021 2564 [ a081cb6fb9a12668f233eb5414be3a0e ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
09:33:52.0021 2564 Net Driver HPZ12 - ok
09:33:52.0037 2564 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
09:33:52.0037 2564 NetBIOS - ok
09:33:52.0068 2564 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
09:33:52.0068 2564 NetBT - ok
09:33:52.0115 2564 [ b857ba82860d7ff85ae29b095645563b ] NetDDE C:\WINDOWS\system32\netdde.exe
09:33:52.0115 2564 NetDDE - ok
09:33:52.0131 2564 [ b857ba82860d7ff85ae29b095645563b ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
09:33:52.0131 2564 NetDDEdsdm - ok
09:33:52.0162 2564 [ bf2466b3e18e970d8a976fb95fc1ca85 ] Netlogon C:\WINDOWS\system32\lsass.exe
09:33:52.0162 2564 Netlogon - ok
09:33:52.0193 2564 [ 13e67b55b3abd7bf3fe7aae5a0f9a9de ] Netman C:\WINDOWS\System32\netman.dll
09:33:52.0193 2564 Netman - ok
09:33:52.0318 2564 [ 9da26b773bd04b867a8e9f427cd048fc ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
09:33:52.0631 2564 NetSvc - ok
09:33:52.0662 2564 [ d34612c5d02d026535b3095d620626ae ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:33:52.0678 2564 NetTcpPortSharing - ok
09:33:52.0709 2564 [ 943337d786a56729263071623bbb9de5 ] Nla C:\WINDOWS\System32\mswsock.dll
09:33:52.0709 2564 Nla - ok
09:33:52.0724 2564 Normandy - ok
09:33:52.0756 2564 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
09:33:52.0756 2564 Npfs - ok
09:33:52.0787 2564 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
09:33:52.0803 2564 Ntfs - ok
09:33:52.0803 2564 [ bf2466b3e18e970d8a976fb95fc1ca85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
09:33:52.0818 2564 NtLmSsp - ok
09:33:52.0865 2564 [ 156f64a3345bd23c600655fb4d10bc08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
09:33:52.0881 2564 NtmsSvc - ok
09:33:52.0896 2564 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\WINDOWS\system32\drivers\Null.sys
09:33:52.0896 2564 Null - ok
09:33:52.0990 2564 [ 2b298519edbfcf451d43e0f1e8f1006d ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:33:53.0037 2564 nv - ok
09:33:53.0068 2564 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:33:53.0068 2564 NwlnkFlt - ok
09:33:53.0084 2564 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:33:53.0084 2564 NwlnkFwd - ok
09:33:53.0115 2564 [ 103a9b117a7d9903111955cdafe65ac6 ] ossrv C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
09:33:53.0115 2564 ossrv - ok
09:33:53.0162 2564 [ 5575faf8f97ce5e713d108c2a58d7c7c ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
09:33:53.0162 2564 Parport - ok
09:33:53.0193 2564 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
09:33:53.0209 2564 PartMgr - ok
09:33:53.0240 2564 [ 70e98b3fd8e963a6a46a2e6247e0bea1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
09:33:53.0240 2564 ParVdm - ok
09:33:53.0287 2564 [ 39b9dcd7040654c2e57d7396736c718e ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
09:33:53.0287 2564 PassThru Service - ok
09:33:53.0318 2564 [ a219903ccf74233761d92bef471a07b1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
09:33:53.0318 2564 PCI - ok
09:33:53.0334 2564 PCIDump - ok
09:33:53.0349 2564 [ ccf5f451bb1a5a2a522a76e670000ff0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
09:33:53.0349 2564 PCIIde - ok
09:33:53.0412 2564 [ 9e89ef60e9ee05e3f2eef2da7397f1c1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
09:33:53.0412 2564 Pcmcia - ok
09:33:53.0428 2564 PDCOMP - ok
09:33:53.0428 2564 PDFRAME - ok
09:33:53.0443 2564 PDRELI - ok
09:33:53.0443 2564 PDRFRAME - ok
09:33:53.0490 2564 [ 6c14b9c19ba84f73d3a86dba11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
09:33:53.0490 2564 perc2 - ok
09:33:53.0506 2564 [ f50f7c27f131afe7beba13e14a3b9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:33:53.0506 2564 perc2hib - ok
09:33:53.0537 2564 [ 65df52f5b8b6e9bbd183505225c37315 ] PlugPlay C:\WINDOWS\system32\services.exe
09:33:53.0537 2564 PlugPlay - ok
09:33:53.0568 2564 [ 65bc271f337637731d3c71455ae1f476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
09:33:53.0568 2564 Pml Driver HPZ12 - ok
09:33:53.0584 2564 [ bf2466b3e18e970d8a976fb95fc1ca85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
09:33:53.0584 2564 PolicyAgent - ok
09:33:53.0615 2564 [ 3adfecb5ce0b7196282f0c0da695b508 ] ppped C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
09:33:53.0631 2564 ppped - ok
09:33:53.0662 2564 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:33:53.0662 2564 PptpMiniport - ok
09:33:53.0662 2564 [ bf2466b3e18e970d8a976fb95fc1ca85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:33:53.0678 2564 ProtectedStorage - ok
09:33:53.0678 2564 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
09:33:53.0678 2564 PSched - ok
09:33:53.0709 2564 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:33:53.0709 2564 Ptilink - ok
09:33:53.0740 2564 [ e42e3433dbb4cffe8fdd91eab29aea8e ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:33:53.0740 2564 PxHelp20 - ok
09:33:53.0756 2564 [ 0a63fb54039eb5662433caba3b26dba7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:33:53.0756 2564 ql1080 - ok
09:33:53.0771 2564 [ 6503449e1d43a0ff0201ad5cb1b8c706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:33:53.0771 2564 Ql10wnt - ok
09:33:53.0787 2564 [ 156ed0ef20c15114ca097a34a30d8a01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:33:53.0787 2564 ql12160 - ok
09:33:53.0803 2564 [ 70f016bebde6d29e864c1230a07cc5e6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:33:53.0818 2564 ql1240 - ok
09:33:53.0818 2564 [ 907f0aeea6bc451011611e732bd31fcf ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:33:53.0818 2564 ql1280 - ok
09:33:53.0834 2564 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:33:53.0834 2564 RasAcd - ok
09:33:53.0881 2564 [ ad188be7bdf94e8df4ca0a55c00a5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
09:33:53.0881 2564 RasAuto - ok
09:33:53.0912 2564 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:33:53.0912 2564 Rasl2tp - ok
09:33:53.0959 2564 [ 76a9a3cbeadd68cc57cda5e1d7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
09:33:53.0959 2564 RasMan - ok
09:33:53.0974 2564 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:33:53.0974 2564 RasPppoe - ok
09:33:53.0974 2564 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
09:33:53.0974 2564 Raspti - ok
09:33:54.0021 2564 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:33:54.0021 2564 Rdbss - ok
09:33:54.0037 2564 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:33:54.0037 2564 RDPCDD - ok
09:33:54.0053 2564 [ 15cabd0f7c00c47c70124907916af3f1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:33:54.0068 2564 rdpdr - ok
09:33:54.0099 2564 [ 6589db6e5969f8eee594cf71171c5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
09:33:54.0115 2564 RDPWD - ok
09:33:54.0131 2564 [ 3c37bf86641bda977c3bf8a840f3b7fa ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
09:33:54.0131 2564 RDSessMgr - ok
09:33:54.0178 2564 [ f828dd7e1419b6653894a8f97a0094c5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
09:33:54.0178 2564 redbook - ok
09:33:54.0224 2564 [ 7e699ff5f59b5d9de5390e3c34c67cf5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
09:33:54.0224 2564 RemoteAccess - ok
09:33:54.0271 2564 [ 5b19b557b0c188210a56a6b699d90b8f ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
09:33:54.0271 2564 RemoteRegistry - ok
09:33:54.0334 2564 [ aaed593f84afa419bbae8572af87cf6a ] RpcLocator C:\WINDOWS\system32\locator.exe
09:33:54.0334 2564 RpcLocator - ok
09:33:54.0381 2564 [ 6b27a5c03dfb94b4245739065431322c ] RpcSs C:\WINDOWS\System32\rpcss.dll
09:33:54.0381 2564 RpcSs - ok
09:33:54.0443 2564 [ 471b3f9741d762abe75e9deea4787e47 ] RSVP C:\WINDOWS\system32\rsvp.exe
09:33:54.0443 2564 RSVP - ok
09:33:54.0490 2564 [ bf2466b3e18e970d8a976fb95fc1ca85 ] SamSs C:\WINDOWS\system32\lsass.exe
09:33:54.0490 2564 SamSs - ok
09:33:54.0537 2564 [ 86d007e7a654b9a71d1d7d856b104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
09:33:54.0537 2564 SCardSvr - ok
09:33:54.0584 2564 [ 0a9a7365a1ca4319aa7c1d6cd8e4eafa ] Schedule C:\WINDOWS\system32\schedsvc.dll
09:33:54.0584 2564 Schedule - ok
09:33:54.0646 2564 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:33:54.0646 2564 Secdrv - ok
09:33:54.0678 2564 [ cbe612e2bb6a10e3563336191eda1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
09:33:54.0678 2564 seclogon - ok
09:33:54.0709 2564 [ 7fdd5d0684eca8c1f68b4d99d124dcd0 ] SENS C:\WINDOWS\system32\sens.dll
09:33:54.0724 2564 SENS - ok
09:33:54.0756 2564 [ 0f29512ccd6bead730039fb4bd2c85ce ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
09:33:54.0756 2564 serenum - ok
09:33:54.0787 2564 [ cca207a8896d4c6a0c9ce29a4ae411a7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
09:33:54.0787 2564 Serial - ok
09:33:54.0834 2564 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
09:33:54.0834 2564 Sfloppy - ok
09:33:54.0865 2564 [ 83f41d0d89645d7235c051ab1d9523ac ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
09:33:54.0865 2564 SharedAccess - ok
09:33:54.0896 2564 [ 99bc0b50f511924348be19c7c7313bbf ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:33:54.0896 2564 ShellHWDetection - ok
09:33:54.0959 2564 [ 6bd3976b881888ac9a0ed3eb94e7fd38 ] sigfilt C:\WINDOWS\system32\drivers\sigfilt.sys
09:33:54.0990 2564 sigfilt - ok
09:33:54.0990 2564 Simbad - ok
09:33:55.0021 2564 [ 6b33d0ebd30db32e27d1d78fe946a754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:33:55.0021 2564 sisagp - ok
09:33:55.0053 2564 [ f07af60b152221472fbdb2fecec4896d ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
09:33:55.0068 2564 SkypeUpdate - ok
09:33:55.0115 2564 [ 866d538ebe33709a5c9f5c62b73b7d14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:33:55.0115 2564 SLIP - ok
09:33:55.0146 2564 [ 83c0f71f86d3bdaf915685f3d568b20e ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:33:55.0162 2564 Sparrow - ok
09:33:55.0193 2564 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\WINDOWS\system32\drivers\splitter.sys
09:33:55.0193 2564 splitter - ok
09:33:55.0224 2564 [ 60784f891563fb1b767f70117fc2428f ] Spooler C:\WINDOWS\system32\spoolsv.exe
09:33:55.0224 2564 Spooler - ok
09:33:55.0240 2564 [ 76bb022c2fb6902fd5bdd4f78fc13a5d ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
09:33:55.0240 2564 sr - ok
09:33:55.0271 2564 [ 3805df0ac4296a34ba4bf93b346cc378 ] srservice C:\WINDOWS\system32\srsvc.dll
09:33:55.0287 2564 srservice - ok
09:33:55.0318 2564 [ 47ddfc2f003f7f9f0592c6874962a2e7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
09:33:55.0318 2564 Srv - ok
09:33:55.0349 2564 [ 0a5679b3714edab99e357057ee88fca6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
09:33:55.0349 2564 SSDPSRV - ok
09:33:55.0381 2564 [ 306521935042fc0a6988d528643619b3 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
09:33:55.0381 2564 StarOpen - ok
09:33:55.0396 2564 [ b95480c92c4c9c311be47b8a1ad73770 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
09:33:55.0412 2564 STHDA - ok
09:33:55.0428 2564 [ a9573045baa16eab9b1085205b82f1ed ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
09:33:55.0443 2564 StillCam - ok
09:33:55.0474 2564 [ 8bad69cbac032d4bbacfce0306174c30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
09:33:55.0474 2564 stisvc - ok
09:33:55.0506 2564 [ 77813007ba6265c4b6098187e6ed79d2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:33:55.0521 2564 streamip - ok
09:33:55.0553 2564 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
09:33:55.0553 2564 swenum - ok
09:33:55.0584 2564 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
09:33:55.0584 2564 swmidi - ok
09:33:55.0599 2564 SwPrv - ok
09:33:55.0615 2564 [ 1ff3217614018630d0a6758630fc698c ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
09:33:55.0615 2564 symc810 - ok
09:33:55.0631 2564 [ 070e001d95cf725186ef8b20335f933c ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:33:55.0631 2564 symc8xx - ok
09:33:55.0662 2564 [ 80ac1c4abbe2df3b738bf15517a51f2c ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:33:55.0678 2564 sym_hi - ok
09:33:55.0678 2564 [ bf4fab949a382a8e105f46ebb4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:33:55.0678 2564 sym_u3 - ok
09:33:55.0693 2564 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
09:33:55.0709 2564 sysaudio - ok
09:33:55.0740 2564 [ c7abbc59b43274b1109df6b24d617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
09:33:55.0740 2564 SysmonLog - ok
09:33:55.0787 2564 [ 3cb78c17bb664637787c9a1c98f79c38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
09:33:55.0787 2564 TapiSrv - ok
09:33:55.0803 2564 tbhsd - ok
09:33:55.0834 2564 [ 9aefa14bd6b182d61e3119fa5f436d3d ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:33:55.0849 2564 Tcpip - ok
09:33:55.0881 2564 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
09:33:55.0881 2564 TDPIPE - ok
09:33:55.0943 2564 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
09:33:55.0943 2564 TDTCP - ok
09:33:55.0990 2564 [ 88155247177638048422893737429d9e ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
09:33:55.0990 2564 TermDD - ok
09:33:56.0037 2564 [ ff3477c03be7201c294c35f684b3479f ] TermService C:\WINDOWS\System32\termsrv.dll
09:33:56.0037 2564 TermService - ok
09:33:56.0068 2564 [ 99bc0b50f511924348be19c7c7313bbf ] Themes C:\WINDOWS\System32\shsvcs.dll
09:33:56.0068 2564 Themes - ok
09:33:56.0099 2564 [ db7205804759ff62c34e3efd8a4cc76a ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
09:33:56.0115 2564 TlntSvr - ok
09:33:56.0146 2564 [ f2790f6af01321b172aa62f8e1e187d9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
09:33:56.0146 2564 TosIde - ok
09:33:56.0162 2564 [ 55bca12f7f523d35ca3cb833c725f54e ] TrkWks C:\WINDOWS\system32\trkwks.dll
09:33:56.0178 2564 TrkWks - ok
09:33:56.0209 2564 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
09:33:56.0224 2564 Udfs - ok
09:33:56.0256 2564 [ 1b698a51cd528d8da4ffaed66dfc51b9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
09:33:56.0256 2564 ultra - ok
09:33:56.0303 2564 [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
09:33:56.0303 2564 Update - ok
09:33:56.0365 2564 [ 1ebafeb9a3fbdc41b8d9c7f0f687ad91 ] upnphost C:\WINDOWS\System32\upnphost.dll
09:33:56.0365 2564 upnphost - ok
09:33:56.0428 2564 [ 05365fb38fca1e98f7a566aaaf5d1815 ] UPS C:\WINDOWS\System32\ups.exe
09:33:56.0428 2564 UPS - ok
09:33:56.0474 2564 [ e919708db44ed8543a7c017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
09:33:56.0490 2564 usbaudio - ok
09:33:56.0506 2564 [ 173f317ce0db8e21322e71b7e60a27e8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:33:56.0506 2564 usbccgp - ok
09:33:56.0537 2564 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:33:56.0537 2564 usbehci - ok
09:33:56.0568 2564 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:33:56.0568 2564 usbhub - ok
09:33:56.0615 2564 [ a717c8721046828520c9edf31288fc00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:33:56.0615 2564 usbprint - ok
09:33:56.0662 2564 [ a0b8cf9deb1184fbdd20784a58fa75d4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:33:56.0662 2564 usbscan - ok
09:33:56.0709 2564 [ a32426d9b14a089eaa1d922e0c5801a9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:33:56.0709 2564 USBSTOR - ok
09:33:56.0724 2564 [ 26496f9dee2d787fc3e61ad54821ffe6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:33:56.0724 2564 usbuhci - ok
09:33:56.0756 2564 [ 63bbfca7f390f4c49ed4b96bfb1633e0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
09:33:56.0756 2564 usbvideo - ok
09:33:56.0787 2564 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
09:33:56.0787 2564 VgaSave - ok
09:33:56.0803 2564 [ 754292ce5848b3738281b4f3607eaef4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:33:56.0818 2564 viaagp - ok
09:33:56.0834 2564 [ 3b3efcda263b8ac14fdf9cbdd0791b2e ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
09:33:56.0849 2564 ViaIde - ok
09:33:56.0849 2564 [ 4c8fcb5cc53aab716d810740fe59d025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
09:33:56.0849 2564 VolSnap - ok
09:33:56.0896 2564 [ 7a9db3a67c333bf0bd42e42b8596854b ] VSS C:\WINDOWS\System32\vssvc.exe
09:33:56.0912 2564 VSS - ok
09:33:56.0943 2564 [ 54af4b1d5459500ef0937f6d33b1914f ] w32time C:\WINDOWS\system32\w32time.dll
09:33:56.0959 2564 w32time - ok
09:33:56.0990 2564 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:33:56.0990 2564 Wanarp - ok
09:33:56.0990 2564 wanatw - ok
09:33:57.0037 2564 [ 4769596d7cc0f5fa447d2babc239672a ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
09:33:57.0053 2564 Wdf01000 - ok
09:33:57.0053 2564 WDICA - ok
09:33:57.0084 2564 [ 6768acf64b18196494413695f0c3a00f ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
09:33:57.0084 2564 wdmaud - ok
09:33:57.0115 2564 [ 77a354e28153ad2d5e120a5a8687bc06 ] WebClient C:\WINDOWS\System32\webclnt.dll
09:33:57.0115 2564 WebClient - ok
09:33:57.0162 2564 [ f59ed5a43b988a18ef582bb07b2327a7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:33:57.0178 2564 winachsf - ok
09:33:57.0256 2564 [ 2d0e4ed081963804ccc196a0929275b5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
09:33:57.0256 2564 winmgmt - ok
09:33:57.0381 2564 [ 5144ae67d60ec653f97ddf3feed29e77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:33:57.0412 2564 wlidsvc - ok
09:33:57.0443 2564 [ c51b4a5c05a5475708e3c81c7765b71d ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
09:33:57.0443 2564 WmdmPmSN - ok
09:33:57.0506 2564 [ e76f8807070ed04e7408a86d6d3a6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
09:33:57.0521 2564 Wmi - ok
09:33:57.0568 2564 [ e0673f1106e62a68d2257e376079f821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:33:57.0568 2564 WmiApSrv - ok
09:33:57.0662 2564 [ f74e3d9a7fa9556c3bbb14d4e5e63d3b ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
09:33:57.0678 2564 WMPNetworkSvc - ok
09:33:57.0709 2564 [ cf4def1bf66f06964dc0d91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
09:33:57.0724 2564 WpdUsb - ok
09:33:57.0756 2564 [ 6abe6e225adb5a751622a9cc3bc19ce8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:33:57.0756 2564 WS2IFSL - ok
09:33:57.0787 2564 [ 7c278e6408d1dce642230c0585a854d5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
09:33:57.0787 2564 wscsvc - ok
09:33:57.0818 2564 [ c98b39829c2bbd34e454150633c62c78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:33:57.0818 2564 WSTCODEC - ok
09:33:57.0849 2564 [ f15feafffbb3644ccc80c5da584e6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:33:57.0865 2564 WudfPf - ok
09:33:57.0881 2564 [ 28b524262bce6de1f7ef9f510ba3985b ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:33:57.0881 2564 WudfRd - ok
09:33:57.0928 2564 [ 05231c04253c5bc30b26cbaae680ed89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
09:33:57.0928 2564 WudfSvc - ok
09:33:57.0959 2564 [ 81dc3f549f44b1c1fff022dec9ecf30b ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
09:33:57.0974 2564 WZCSVC - ok
09:33:58.0006 2564 [ 295d21f14c335b53cb8154e5b1f892b9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
09:33:58.0021 2564 xmlprov - ok
09:33:58.0037 2564 ================ Scan global ===============================
09:33:58.0084 2564 (42f1f4c0afb08410e5f02d4b13ebb623) C:\WINDOWS\system32\basesrv.dll
09:33:58.0115 2564 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
09:33:58.0131 2564 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
09:33:58.0146 2564 (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:33:58.0146 2564 [Global] - ok
09:33:58.0162 2564 ================ Scan MBR ==================================
09:33:58.0178 2564 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk0\DR0
09:33:58.0521 2564 \Device\Harddisk0\DR0 - ok
09:33:58.0537 2564 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk1\DR1
09:33:58.0787 2564 \Device\Harddisk1\DR1 - ok
09:33:58.0787 2564 ================ Scan VBR ==================================
09:33:58.0787 2564 Boot (0x1200) (df7afb452d18cbc73bd50896009e53c6) \Device\Harddisk0\DR0\Partition1
09:33:58.0787 2564 \Device\Harddisk0\DR0\Partition1 - ok
09:33:58.0803 2564 Boot (0x1200) (c7dbc572d074aaf3098be3d7cb77dcc3) \Device\Harddisk1\DR1\Partition1
09:33:58.0803 2564 \Device\Harddisk1\DR1\Partition1 - ok
09:33:58.0803 2564 ============================================================
09:33:58.0803 2564 Scan finished
09:33:58.0803 2564 ============================================================
09:33:58.0818 1412 Detected object count: 1
09:33:58.0818 1412 Actual detected object count: 1
09:34:11.0443 1412 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - copied to quarantine
09:34:14.0693 1412 C:\WINDOWS\$NtUninstallKB59126$\3619434826\@ - copied to quarantine
09:34:14.0724 1412 C:\WINDOWS\$NtUninstallKB59126$\3619434826\Desktop.ini - copied to quarantine
09:34:14.0959 1412 C:\WINDOWS\$NtUninstallKB59126$\3619434826\L\00000004.@ - copied to quarantine
09:34:14.0974 1412 C:\WINDOWS\$NtUninstallKB59126$\3619434826\L\201d3dde - copied to quarantine
09:34:15.0084 1412 C:\WINDOWS\$NtUninstallKB59126$\3619434826\L\pdmzmplg - copied to quarantine
09:34:15.0131 1412 C:\WINDOWS\$NtUninstallKB59126$\3619434826\U\00000004.@ - copied to quarantine
09:34:15.0256 1412 C:\WINDOWS\$NtUninstallKB59126$\3619434826\U\00000008.@ - copied to quarantine
09:34:15.0303 1412 C:\WINDOWS\$NtUninstallKB59126$\3619434826\U\000000cb.@ - copied to quarantine
09:34:15.0349 1412 C:\WINDOWS\$NtUninstallKB59126$\3619434826\U\80000000.@ - copied to quarantine
09:34:15.0584 1412 C:\WINDOWS\$NtUninstallKB59126$\3619434826\U\80000032.@ - copied to quarantine
09:34:23.0474 1412 Backup copy found, using it..
09:34:23.0568 1412 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - will be cured on reboot
09:34:23.0631 1412 C:\WINDOWS\$NtUninstallKB59126$\3439611228 - will be deleted on reboot
09:34:23.0631 1412 C:\WINDOWS\$NtUninstallKB59126$\3619434826\@ - will be deleted on reboot
09:34:23.0631 1412 C:\WINDOWS\$NtUninstallKB59126$\3619434826\Desktop.ini - will be deleted on reboot
09:34:24.0115 1412 C:\WINDOWS\$NtUninstallKB59126$\3619434826\U\00000004.@ - will be deleted on reboot
09:34:24.0115 1412 C:\WINDOWS\$NtUninstallKB59126$\3619434826\U\00000008.@ - will be deleted on reboot
09:34:24.0115 1412 C:\WINDOWS\$NtUninstallKB59126$\3619434826\U\000000cb.@ - will be deleted on reboot
09:34:24.0115 1412 C:\WINDOWS\$NtUninstallKB59126$\3619434826\U\80000000.@ - will be deleted on reboot
09:34:24.0115 1412 C:\WINDOWS\$NtUninstallKB59126$\3619434826\U\80000032.@ - will be deleted on reboot
09:34:24.0131 1412 MRxSmb ( Virus.Win32.ZAccess.k ) - User select action: Cure
09:34:32.0021 3196 Deinitialize success
kuboa
Regular Member
 
Posts: 29
Joined: March 27th, 2011, 9:59 pm

Re: BITS & Automatic Update services uninstalled

Unread postby deltalima » August 16th, 2012, 1:59 pm

Hi kuboa,

Malwarebytes Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you wish)
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: BITS & Automatic Update services uninstalled

Unread postby kuboa » August 16th, 2012, 3:04 pm

MBAM log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.16.10

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Admin :: ROLARAUS [administrator]

8/16/2012 11:43:29 AM
mbam-log-2012-08-16 (11-43-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234933
Time elapsed: 5 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)







So far so great! But when I noticed that the issue of services not starting persisted, I thought they might just need one last manual restart. I used the commands below, rebooted, and found them back in the list of services. That said, I still get an error trying to update Security Essentials (0x8024400a). Do I need to update Security Essentials +/or the services themselves?

%windir%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %windir%\inf\au.inf
%windir%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %windir%\inf\qmgr.inf
kuboa
Regular Member
 
Posts: 29
Joined: March 27th, 2011, 9:59 pm

Re: BITS & Automatic Update services uninstalled

Unread postby deltalima » August 16th, 2012, 3:07 pm

Do I need to update Security Essentials +/or the services themselves?


I suggest that you uninstall then reinstall Security Essentials then check that updates work.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: BITS & Automatic Update services uninstalled

Unread postby kuboa » August 17th, 2012, 1:50 pm

Alas, reinstall did not fix Security Essentials, error 0x8024400a remains.

Overall status...

GOOD:
* Services running properly

BAD:
* Explorer taking up 99% of CPU
* Browsing quite slow (again), though only once browser has been open a few minutes
* Security Essentials unable to update
kuboa
Regular Member
 
Posts: 29
Joined: March 27th, 2011, 9:59 pm

Re: BITS & Automatic Update services uninstalled

Unread postby deltalima » August 17th, 2012, 3:10 pm

Hi kuboa,

reinstall did not fix Security Essentials, error 0x8024400a remains


Let's check that the rootkit has not returned.

Please run a new scan with DDS and post only the DDS.txt log, also please run a new scan with TDSSKiller and post the latest log.

We may need to reinstall SP3 so please download

Windows XP Service Pack 3 Network Installation Package for IT Professionals and Developers from here
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: BITS & Automatic Update services uninstalled

Unread postby kuboa » August 17th, 2012, 3:18 pm

DDS.txt now, TDSSKiller log coming soon.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_33
Run by Admin at 12:14:35 on 2012-08-17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.730 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\clclean.0001
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\MDM.EXE
C:\Program Files\Windows Live\Mail\wlmail.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - c:\program files\freecordertoolbar\vmntemplateX.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - c:\program files\freecordertoolbar\vmntemplateX.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [PowerPanel Personal Edition User Interaction] "c:\program files\cyberpower powerpanel personal edition\pppeuser.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftup ... 1983546703
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwar ... TSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 1983537141
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF}
DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF}
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwar ... /CTPID.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{EA9DF2EB-A861-4BA4-B611-C0C5A79B9D99} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin\application data\mozilla\firefox\profiles\gqczuag7.default\
FF - plugin: c:\documents and settings\admin\application data\mozilla\firefox\profiles\gqczuag7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13122.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13128.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-9-15 88576]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2011-12-25 30576]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-12 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2012-2-12 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-16 22344]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 113120]
S3 Normandy;Normandy SR2; [x]
S4 Kinetic Books License Service;Kinetic Books License Service;"c:\program files\common files\kinetic books shared\service\kineticbookslicenseservice.exe" --> c:\program files\common files\kinetic books shared\service\KineticBooksLicenseService.exe [?]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-16 655944]
.
=============== Created Last 30 ================
.
2012-08-16 22:30:05 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aaf8dfaf-63d6-4271-9385-e0b33c91c726}\mpengine.dll
2012-08-16 22:27:40 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-16 18:41:10 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-16 18:41:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-16 18:28:49 -------- d-----w- c:\program files\CCleaner
2012-08-16 16:34:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-15 09:49:20 9826504 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-08-13 19:38:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-13 19:38:56 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-13 07:00:30 9728 ------w- c:\windows\system32\rwnh.dll
2012-08-13 07:00:30 10752 ------w- c:\windows\system32\smtpapi.dll
2012-08-13 07:00:28 1327320 ------w- c:\program files\msn\msncorefiles\install\msnsusii.exe
2012-08-13 07:00:27 884712 ------w- c:\program files\msn\msncorefiles\install\msn9components\digcore.exe
2012-08-13 07:00:20 11053008 ------w- c:\program files\msn\msncorefiles\install\msn9components\msncli.exe
2012-08-13 07:00:17 229376 ------w- c:\program files\msn\msncorefiles\oobe\obelog.dll
2012-08-13 07:00:16 966656 ------w- c:\program files\msn\msncorefiles\oobe\obemetal.dll
2012-08-13 07:00:16 86016 ------w- c:\program files\msn\msncorefiles\oobe\obepopc.dll
2012-08-13 07:00:16 77824 ------w- c:\program files\msn\msncorefiles\oobe\obemtllc.dll
2012-08-13 05:43:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-08-13 05:43:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-08-13 05:43:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-08-13 05:30:39 -------- d-----w- c:\documents and settings\all users\application data\Windows Codecs
2012-08-13 05:30:26 -------- d-----w- c:\program files\Mega Codec Pack
2012-07-27 20:51:30 184248 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-07-27 20:51:30 184248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-08-16 16:35:46 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-08-15 09:49:27 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 09:49:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-13 19:38:31 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-25 23:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
1998-12-09 10:53:54 99840 -c--a-w- c:\program files\common files\IRAABOUT.DLL
1998-12-09 10:53:54 70144 -c--a-w- c:\program files\common files\IRAMDMTR.DLL
1998-12-09 10:53:54 48640 -c--a-w- c:\program files\common files\IRALPTTR.DLL
1998-12-09 10:53:54 31744 -c--a-w- c:\program files\common files\IRAWEBTR.DLL
1998-12-09 10:53:54 186368 -c--a-w- c:\program files\common files\IRAREG.DLL
1998-12-09 10:53:54 17920 -c--a-w- c:\program files\common files\IRASRIAL.DLL
.
============= FINISH: 12:16:47.16 ===============
kuboa
Regular Member
 
Posts: 29
Joined: March 27th, 2011, 9:59 pm

Re: BITS & Automatic Update services uninstalled

Unread postby kuboa » August 17th, 2012, 3:32 pm

TDSSKiller log:

12:29:33.0226 1700 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
12:29:34.0226 1700 ============================================================
12:29:34.0226 1700 Current date / time: 2012/08/17 12:29:34.0226
12:29:34.0226 1700 SystemInfo:
12:29:34.0226 1700
12:29:34.0226 1700 OS Version: 5.1.2600 ServicePack: 3.0
12:29:34.0226 1700 Product type: Workstation
12:29:34.0257 1700 ComputerName: ROLARAUS
12:29:34.0257 1700 UserName: Admin
12:29:34.0257 1700 Windows directory: C:\WINDOWS
12:29:34.0257 1700 System windows directory: C:\WINDOWS
12:29:34.0257 1700 Processor architecture: Intel x86
12:29:34.0257 1700 Number of processors: 1
12:29:34.0257 1700 Page size: 0x1000
12:29:34.0257 1700 Boot type: Normal boot
12:29:34.0288 1700 ============================================================
12:29:38.0694 1700 Drive \Device\Harddisk0\DR0 - Size: 0xE51424000 (57.27 Gb), SectorSize: 0x200, Cylinders: 0x1D34, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:29:38.0710 1700 Drive \Device\Harddisk1\DR1 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:29:39.0085 1700 ============================================================
12:29:39.0085 1700 \Device\Harddisk0\DR0:
12:29:39.0085 1700 MBR partitions:
12:29:39.0085 1700 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7289BF5
12:29:39.0085 1700 \Device\Harddisk1\DR1:
12:29:39.0085 1700 MBR partitions:
12:29:39.0085 1700 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x7D82, BlocksNum 0x8BAA09C
12:29:39.0085 1700 ============================================================
12:29:39.0116 1700 C: <-> \Device\Harddisk1\DR1\Partition1
12:29:39.0132 1700 E: <-> \Device\Harddisk0\DR0\Partition1
12:29:39.0132 1700 ============================================================
12:29:39.0132 1700 Initialize success
12:29:39.0132 1700 ============================================================
12:29:43.0788 3908 ============================================================
12:29:43.0788 3908 Scan started
12:29:43.0788 3908 Mode: Manual;
12:29:43.0788 3908 ============================================================
12:29:45.0991 3908 ================ Scan services =============================
12:29:46.0444 3908 Abiosdsk - ok
12:29:46.0507 3908 [ 6abb91494fe6c59089b9336452ab2ea3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:29:46.0507 3908 abp480n5 - ok
12:29:46.0569 3908 [ 8fd99680a539792a30e97944fdaecf17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:29:46.0569 3908 ACPI - ok
12:29:46.0601 3908 [ 9859c0f6936e723e4892d7141b1327d5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
12:29:46.0616 3908 ACPIEC - ok
12:29:46.0694 3908 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:29:46.0694 3908 AdobeFlashPlayerUpdateSvc - ok
12:29:46.0726 3908 [ 9a11864873da202c996558b2106b0bbc ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:29:46.0726 3908 adpu160m - ok
12:29:46.0773 3908 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:29:46.0804 3908 aec - ok
12:29:46.0835 3908 [ 355556d9e580915118cd7ef736653a89 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:29:46.0944 3908 AFD - ok
12:29:46.0976 3908 [ 08fd04aa961bdc77fb983f328334e3d7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
12:29:47.0007 3908 agp440 - ok
12:29:47.0007 3908 [ 03a7e0922acfe1b07d5db2eeb0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:29:47.0007 3908 agpCPQ - ok
12:29:47.0023 3908 [ c23ea9b5f46c7f7910db3eab648ff013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:29:47.0023 3908 Aha154x - ok
12:29:47.0085 3908 [ 19dd0fb48b0c18892f70e2e7d61a1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:29:47.0085 3908 aic78u2 - ok
12:29:47.0116 3908 [ b7fe594a7468aa0132deb03fb8e34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:29:47.0116 3908 aic78xx - ok
12:29:47.0179 3908 [ a9a3daa780ca6c9671a19d52456705b4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:29:47.0179 3908 Alerter - ok
12:29:47.0226 3908 [ 8c515081584a38aa007909cd02020b3d ] ALG C:\WINDOWS\System32\alg.exe
12:29:47.0226 3908 ALG - ok
12:29:47.0241 3908 [ 1140ab9938809700b46bb88e46d72a96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
12:29:47.0241 3908 AliIde - ok
12:29:47.0257 3908 [ cb08aed0de2dd889a8a820cd8082d83c ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:29:47.0257 3908 alim1541 - ok
12:29:47.0273 3908 [ 95b4fb835e28aa1336ceeb07fd5b9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:29:47.0273 3908 amdagp - ok
12:29:47.0288 3908 [ 79f5add8d24bd6893f2903a3e2f3fad6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
12:29:47.0288 3908 amsint - ok
12:29:47.0366 3908 [ d8849f77c0b66226335a59d26cb4edc6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:29:47.0398 3908 AppMgmt - ok
12:29:47.0429 3908 [ 62d318e9a0c8fc9b780008e724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
12:29:47.0429 3908 asc - ok
12:29:47.0444 3908 [ 69eb0cc7714b32896ccbfd5edcbea447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:29:47.0444 3908 asc3350p - ok
12:29:47.0444 3908 [ 5d8de112aa0254b907861e9e9c31d597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:29:47.0444 3908 asc3550 - ok
12:29:47.0616 3908 [ 0e5e4957549056e2bf2c49f4f6b601ad ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:29:47.0710 3908 aspnet_state - ok
12:29:47.0757 3908 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:29:47.0804 3908 AsyncMac - ok
12:29:47.0835 3908 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:29:47.0835 3908 atapi - ok
12:29:47.0851 3908 Atdisk - ok
12:29:47.0866 3908 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:29:47.0882 3908 Atmarpc - ok
12:29:47.0913 3908 [ def7a7882bec100fe0b2ce2549188f9d ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:29:47.0944 3908 AudioSrv - ok
12:29:47.0991 3908 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:29:48.0007 3908 audstub - ok
12:29:48.0054 3908 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:29:48.0069 3908 Beep - ok
12:29:48.0132 3908 [ 574738f61fca2935f5265dc4e5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
12:29:48.0210 3908 BITS - ok
12:29:48.0226 3908 [ a06ce3399d16db864f55faeb1f1927a9 ] Browser C:\WINDOWS\System32\browser.dll
12:29:48.0226 3908 Browser - ok
12:29:48.0444 3908 catchme - ok
12:29:48.0460 3908 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:29:48.0460 3908 cbidf - ok
12:29:48.0476 3908 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:29:48.0476 3908 cbidf2k - ok
12:29:48.0616 3908 [ 8ef654045e518ac00e52e7a1e2d3ad70 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
12:29:48.0616 3908 CCALib8 - ok
12:29:48.0663 3908 [ 0be5aef125be881c4f854c554f2b025c ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:29:48.0679 3908 CCDECODE - ok
12:29:48.0710 3908 [ f3ec03299634490e97bbce94cd2954c7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:29:48.0710 3908 cd20xrnt - ok
12:29:48.0726 3908 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:29:48.0741 3908 Cdaudio - ok
12:29:48.0757 3908 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:29:48.0773 3908 Cdfs - ok
12:29:48.0804 3908 [ 1f4260cc5b42272d71f79e570a27a4fe ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:29:48.0835 3908 Cdrom - ok
12:29:48.0866 3908 Changer - ok
12:29:48.0898 3908 [ 1cfe720eb8d93a7158a4ebc3ab178bde ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:29:48.0944 3908 CiSvc - ok
12:29:48.0944 3908 [ 34cbe729f38138217f9c80212a2a0c82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:29:48.0976 3908 ClipSrv - ok
12:29:49.0038 3908 [ d87acaed61e417bba546ced5e7e36d9c ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:29:49.0257 3908 clr_optimization_v2.0.50727_32 - ok
12:29:49.0257 3908 [ e5dcb56c533014ecbc556a8357c929d5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:29:49.0257 3908 CmdIde - ok
12:29:49.0273 3908 [ 6e4c9f21f0fae8940661144f41b13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:29:49.0273 3908 Compbatt - ok
12:29:49.0288 3908 COMSysApp - ok
12:29:49.0444 3908 [ 3ee529119eed34cd212a215e8c40d4b6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:29:49.0444 3908 Cpqarray - ok
12:29:49.0538 3908 [ 7db5e3f44d797bd38b8e336ccc2e49d5 ] Creative Labs Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
12:29:49.0538 3908 Creative Labs Licensing Service - ok
12:29:49.0585 3908 [ 3c8b6609712f4ff78e521f6dcfc4032b ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe
12:29:49.0585 3908 Creative Service for CDROM Access - ok
12:29:49.0601 3908 [ 3d4e199942e29207970e04315d02ad3b ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:29:49.0601 3908 CryptSvc - ok
12:29:49.0648 3908 [ 8db84de3aab34a8b4c2f644eff41cd76 ] ctsfm2k C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
12:29:49.0648 3908 ctsfm2k - ok
12:29:49.0679 3908 [ 4ee8822adb764edd28ce44e808097995 ] CTUSFSYN C:\WINDOWS\system32\drivers\ctusfsyn.sys
12:29:49.0679 3908 CTUSFSYN - ok
12:29:49.0679 3908 [ e550e7418984b65a78299d248f0a7f36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:29:49.0694 3908 dac2w2k - ok
12:29:49.0710 3908 [ 683789caa3864eb46125ae86ff677d34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:29:49.0710 3908 dac960nt - ok
12:29:49.0741 3908 [ 6b27a5c03dfb94b4245739065431322c ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:29:49.0757 3908 DcomLaunch - ok
12:29:49.0773 3908 [ 5e38d7684a49cacfb752b046357e0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:29:49.0788 3908 Dhcp - ok
12:29:49.0804 3908 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:29:49.0835 3908 Disk - ok
12:29:49.0898 3908 [ e2d0de31442390c35e3163c87cb6a9eb ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
12:29:49.0976 3908 DLABOIOM - ok
12:29:50.0007 3908 [ d979bebcf7edcc9c9ee1857d1a68c67b ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
12:29:50.0007 3908 DLACDBHM - ok
12:29:50.0023 3908 [ 83545593e297f50a8e2524b4c071a153 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
12:29:50.0148 3908 DLADResN - ok
12:29:50.0179 3908 [ 96e01d901cdc98c7817155cc057001bf ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
12:29:50.0523 3908 DLAIFS_M - ok
12:29:50.0523 3908 [ 0a60a39cc5e767980a31ca5d7238dfa9 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
12:29:50.0913 3908 DLAOPIOM - ok
12:29:51.0023 3908 [ 9fe2b72558fc808357f427fd83314375 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
12:29:51.0132 3908 DLAPoolM - ok
12:29:51.0179 3908 [ 7ee0852ae8907689df25049dcd2342e8 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
12:29:51.0179 3908 DLARTL_N - ok
12:29:51.0210 3908 [ f08e1dafac457893399e03430a6a1397 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
12:29:51.0398 3908 DLAUDFAM - ok
12:29:51.0429 3908 [ e7d105ed1e694449d444a9933df8e060 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
12:29:51.0569 3908 DLAUDF_M - ok
12:29:51.0601 3908 dmadmin - ok
12:29:51.0632 3908 [ d992fe1274bde0f84ad826acae022a41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:29:51.0663 3908 dmboot - ok
12:29:51.0694 3908 [ 7c824cf7bbde77d95c08005717a95f6f ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:29:51.0694 3908 dmio - ok
12:29:51.0726 3908 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:29:51.0726 3908 dmload - ok
12:29:51.0788 3908 [ 57edec2e5f59f0335e92f35184bc8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:29:51.0788 3908 dmserver - ok
12:29:51.0819 3908 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:29:51.0819 3908 DMusic - ok
12:29:51.0866 3908 [ 5f7e24fa9eab896051ffb87f840730d2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:29:51.0898 3908 Dnscache - ok
12:29:51.0944 3908 [ 0f0f6e687e5e15579ef4da8dd6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:29:51.0960 3908 Dot3svc - ok
12:29:51.0960 3908 [ 40f3b93b4e5b0126f2f5c0a7a5e22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:29:51.0960 3908 dpti2o - ok
12:29:51.0991 3908 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:29:51.0991 3908 drmkaud - ok
12:29:52.0023 3908 [ fd0f95981fef9073659d8ec58e40aa3c ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
12:29:52.0023 3908 DRVMCDB - ok
12:29:52.0054 3908 [ b4869d320428cdc5ec4d7f5e808e99b5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
12:29:52.0069 3908 DRVNDDM - ok
12:29:52.0101 3908 [ 95974e66d3de4951d29e28e8bc0b644c ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:29:52.0116 3908 E100B - ok
12:29:52.0132 3908 [ 2187855a7703adef0cef9ee4285182cc ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:29:52.0163 3908 EapHost - ok
12:29:52.0257 3908 [ 5d1347aa5ae6e2f77d7f4f8372d95ac9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
12:29:52.0257 3908 ehRecvr - ok
12:29:52.0304 3908 [ a53243709439ac2a4c216b817f8d7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
12:29:52.0304 3908 ehSched - ok
12:29:52.0319 3908 [ bc93b4a066477954555966d77fec9ecb ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:29:52.0319 3908 ERSvc - ok
12:29:52.0351 3908 [ 65df52f5b8b6e9bbd183505225c37315 ] Eventlog C:\WINDOWS\system32\services.exe
12:29:52.0366 3908 Eventlog - ok
12:29:52.0382 3908 [ d4991d98f2db73c60d042f1aef79efae ] EventSystem C:\WINDOWS\system32\es.dll
12:29:52.0398 3908 EventSystem - ok
12:29:52.0444 3908 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:29:52.0491 3908 Fastfat - ok
12:29:52.0538 3908 [ 99bc0b50f511924348be19c7c7313bbf ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:29:52.0554 3908 FastUserSwitchingCompatibility - ok
12:29:52.0616 3908 [ e97d6a8684466df94ff3bc24fb787a07 ] Fax C:\WINDOWS\system32\fxssvc.exe
12:29:52.0648 3908 Fax - ok
12:29:52.0694 3908 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
12:29:52.0710 3908 Fdc - ok
12:29:52.0757 3908 [ d45926117eb9fa946a6af572fbe1caa3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:29:52.0773 3908 Fips - ok
12:29:52.0804 3908 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:29:52.0866 3908 Flpydisk - ok
12:29:52.0898 3908 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
12:29:52.0898 3908 FltMgr - ok
12:29:52.0991 3908 [ 8ba7c024070f2b7fdd98ed8a4ba41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:29:53.0007 3908 FontCache3.0.0.0 - ok
12:29:53.0023 3908 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:29:53.0038 3908 Fs_Rec - ok
12:29:53.0054 3908 [ 6ac26732762483366c3969c9e4d2259d ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:29:53.0101 3908 Ftdisk - ok
12:29:53.0132 3908 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:29:53.0163 3908 Gpc - ok
12:29:53.0241 3908 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:29:53.0241 3908 gupdate - ok
12:29:53.0273 3908 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:29:53.0273 3908 gupdatem - ok
12:29:53.0335 3908 [ cc839e8d766cc31a7710c9f38cf3e375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:29:53.0335 3908 gusvc - ok
12:29:53.0366 3908 [ 573c7d0a32852b48f3058cfd8026f511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:29:53.0366 3908 HDAudBus - ok
12:29:53.0444 3908 [ 4fcca060dfe0c51a09dd5c3843888bcd ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:29:53.0444 3908 helpsvc - ok
12:29:53.0491 3908 [ 748031ff4fe45ccc47546294905feab8 ] HidBatt C:\WINDOWS\system32\DRIVERS\HidBatt.sys
12:29:53.0523 3908 HidBatt - ok
12:29:53.0523 3908 HidServ - ok
12:29:53.0569 3908 [ ccf82c5ec8a7326c3066de870c06daf1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:29:53.0601 3908 HidUsb - ok
12:29:53.0648 3908 [ 8878bd685e490239777bfe51320b88e9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:29:53.0663 3908 hkmsvc - ok
12:29:53.0710 3908 [ b028377dea0546a5fcfba928a8aefae0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
12:29:53.0710 3908 hpn - ok
12:29:53.0835 3908 [ 5da42d24712e00728cea2342a65009b2 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
12:29:53.0835 3908 hpqcxs08 - ok
12:29:53.0898 3908 [ d86a39bf100069444d026d22d9a6e555 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
12:29:53.0898 3908 hpqddsvc - ok
12:29:53.0944 3908 [ a04f4ac48895774a2cf9d1c9eaaacef0 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
12:29:53.0976 3908 HPSLPSVC - ok
12:29:54.0007 3908 [ 5faba4775d4c61e55ec669d643ffc71f ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:29:54.0038 3908 HPZid412 - ok
12:29:54.0085 3908 [ a3c43980ee1f1beac778b44ea65dbdd4 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:29:54.0132 3908 HPZipr12 - ok
12:29:54.0163 3908 [ 2906949bd4e206f2bb0dd1896ce9f66f ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:29:54.0163 3908 HPZius12 - ok
12:29:54.0194 3908 [ 77e4ff0b73bc0aeaaf39bf0c8104231f ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
12:29:54.0226 3908 HSFHWBS2 - ok
12:29:54.0288 3908 [ 60e1604729a15ef4a3b05f298427b3b1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
12:29:54.0366 3908 HSF_DP - ok
12:29:54.0413 3908 [ cbd09ed9cf6822177ee85aea4d8816a2 ] HTCAND32 C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
12:29:54.0476 3908 HTCAND32 - ok
12:29:54.0554 3908 [ 04e3b3554076b8192a668efe88a682a1 ] htcnprot C:\WINDOWS\system32\DRIVERS\htcnprot.sys
12:29:54.0601 3908 htcnprot - ok
12:29:54.0632 3908 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:29:54.0632 3908 HTTP - ok
12:29:54.0710 3908 [ 6100a808600f44d999cebdef8841c7a3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:29:54.0757 3908 HTTPFilter - ok
12:29:54.0788 3908 [ 9368670bd426ebea5e8b18a62416ec28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
12:29:54.0835 3908 i2omgmt - ok
12:29:54.0882 3908 [ f10863bf1ccc290babd1a09188ae49e0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:29:54.0913 3908 i2omp - ok
12:29:54.0913 3908 [ 4a0b06aa8943c1e332520f7440c0aa30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:29:54.0944 3908 i8042prt - ok
12:29:55.0007 3908 [ 5a8e05f1d5c36abd58cffa111eb325ea ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
12:29:55.0038 3908 ialm - ok
12:29:55.0132 3908 [ c01ac32dc5c03076cfb852cb5da5229c ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:29:55.0226 3908 idsvc - ok
12:29:55.0257 3908 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:29:55.0273 3908 Imapi - ok
12:29:55.0335 3908 [ 30deaf54a9755bb8546168cfe8a6b5e1 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:29:55.0366 3908 ImapiService - ok
12:29:55.0398 3908 [ 4a40e045faee58631fd8d91afc620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:29:55.0398 3908 ini910u - ok
12:29:55.0413 3908 [ b5466a9250342a7aa0cd1fba13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
12:29:55.0413 3908 IntelIde - ok
12:29:55.0444 3908 [ 8c953733d8f36eb2133f5bb58808b66b ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:29:55.0476 3908 intelppm - ok
12:29:55.0507 3908 [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
12:29:55.0538 3908 Ip6Fw - ok
12:29:55.0569 3908 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:29:55.0632 3908 IpFilterDriver - ok
12:29:55.0663 3908 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:29:55.0694 3908 IpInIp - ok
12:29:55.0726 3908 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:29:55.0726 3908 IpNat - ok
12:29:55.0741 3908 [ 23c74d75e36e7158768dd63d92789a91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:29:55.0741 3908 IPSec - ok
12:29:55.0819 3908 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:29:55.0851 3908 IRENUM - ok
12:29:55.0898 3908 [ 05a299ec56e52649b1cf2fc52d20f2d7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:29:55.0913 3908 isapnp - ok
12:29:56.0007 3908 [ 28e8a9984ba1297efe44b6138d2ca51e ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
12:29:56.0007 3908 JavaQuickStarterService - ok
12:29:56.0054 3908 [ 6c24d3878f44c271d94ea6cab1acd739 ] Jukebox3 C:\WINDOWS\system32\DRIVERS\ctpdusb.sys
12:29:56.0069 3908 Jukebox3 - ok
12:29:56.0085 3908 [ 463c1ec80cd17420a542b7f36a36f128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:29:56.0132 3908 Kbdclass - ok
12:29:56.0163 3908 [ 9ef487a186dea361aa06913a75b3fa99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:29:56.0194 3908 kbdhid - ok
12:29:56.0194 3908 Kinetic Books License Service - ok
12:29:56.0226 3908 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:29:56.0226 3908 kmixer - ok
12:29:56.0257 3908 [ b467646c54cc746128904e1654c750c1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:29:56.0257 3908 KSecDD - ok
12:29:56.0288 3908 [ 3a7c3cbe5d96b8ae96ce81f0b22fb527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
12:29:56.0288 3908 lanmanserver - ok
12:29:56.0319 3908 [ a8888a5327621856c0cec4e385f69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:29:56.0382 3908 lanmanworkstation - ok
12:29:56.0382 3908 Lavasoft Kernexplorer - ok
12:29:56.0413 3908 Lbd - ok
12:29:56.0413 3908 lbrtfdc - ok
12:29:56.0444 3908 [ a7db739ae99a796d91580147e919cc59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:29:56.0460 3908 LmHosts - ok
12:29:56.0523 3908 [ 6dfe7f2e8e8a337263aa5c92a215f161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
12:29:56.0554 3908 MBAMProtector - ok
12:29:56.0616 3908 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:29:56.0648 3908 MBAMService - ok
12:29:56.0710 3908 [ df0a511f38f16016bf658fca0090cb87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
12:29:56.0710 3908 McrdSvc - ok
12:29:56.0726 3908 [ eeaea6514ba7c9d273b5e87c4e1aab30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
12:29:56.0726 3908 mdmxsdk - ok
12:29:56.0757 3908 [ 986b1ff5814366d71e0ac5755c88f2d3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:29:56.0788 3908 Messenger - ok
12:29:56.0819 3908 [ b7521f69c0a9b29d356157229376fb21 ] MHN C:\WINDOWS\System32\mhn.dll
12:29:56.0851 3908 MHN - ok
12:29:56.0866 3908 [ 7f2f1d2815a6449d346fcccbc569fbd6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
12:29:56.0882 3908 MHNDRV - ok
12:29:56.0913 3908 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:29:56.0944 3908 mnmdd - ok
12:29:56.0991 3908 [ d18f1f0c101d06a1c1adf26eed16fcdd ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:29:57.0085 3908 mnmsrvc - ok
12:29:57.0116 3908 [ dfcbad3cec1c5f964962ae10e0bcc8e1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:29:57.0116 3908 Modem - ok
12:29:57.0163 3908 [ 1992e0d143b09653ab0f9c5e04b0fd65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
12:29:57.0194 3908 MODEMCSA - ok
12:29:57.0226 3908 [ 35c9e97194c8cfb8430125f8dbc34d04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:29:57.0257 3908 Mouclass - ok
12:29:57.0304 3908 [ b1c303e17fb9d46e87a98e4ba6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:29:57.0304 3908 mouhid - ok
12:29:57.0335 3908 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:29:57.0335 3908 MountMgr - ok
12:29:57.0398 3908 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:29:57.0413 3908 MozillaMaintenance - ok
12:29:57.0460 3908 [ d993bea500e7382dc4e760bf4f35efcb ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
12:29:57.0476 3908 MpFilter - ok
12:29:57.0632 3908 [ a69630d039c38018689190234f866d77 ] MpKsl2caeef84 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AAF8DFAF-63D6-4271-9385-E0B33C91C726}\MpKsl2caeef84.sys
12:29:57.0632 3908 MpKsl2caeef84 - ok
12:29:57.0694 3908 [ 3f4bb95e5a44f3be34824e8e7caf0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:29:57.0694 3908 mraid35x - ok
12:29:57.0741 3908 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:29:57.0757 3908 MRxDAV - ok
12:29:57.0788 3908 [ 7d304a5eb4344ebeeab53a2fe3ffb9f0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:29:57.0804 3908 MRxSmb - ok
12:29:57.0851 3908 [ b03e3f64b70f8031e65eb26da23de91a ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
12:29:57.0851 3908 MSCamSvc - ok
12:29:57.0882 3908 [ a137f1470499a205abbb9aafb3b6f2b1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:29:57.0898 3908 MSDTC - ok
12:29:57.0944 3908 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:29:57.0944 3908 Msfs - ok
12:29:57.0976 3908 [ 7a0f9cbdbdb135113b9a3c138e20c85d ] MSHUSBVideo C:\WINDOWS\system32\Drivers\nx6000.sys
12:29:58.0007 3908 MSHUSBVideo - ok
12:29:58.0023 3908 MSIServer - ok
12:29:58.0054 3908 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:29:58.0069 3908 MSKSSRV - ok
12:29:58.0163 3908 [ 24516bf4e12a46cb67302e2cdcb8cddf ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
12:29:58.0194 3908 MsMpSvc - ok
12:29:58.0288 3908 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:29:58.0319 3908 MSPCLOCK - ok
12:29:58.0444 3908 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:29:59.0007 3908 MSPQM - ok
12:29:59.0038 3908 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:29:59.0038 3908 mssmbios - ok
12:29:59.0085 3908 [ e53736a9e30c45fa9e7b5eac55056d1d ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
12:29:59.0116 3908 MSTEE - ok
12:29:59.0194 3908 [ de6a75f5c270e756c5508d94b6cf68f5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:29:59.0194 3908 Mup - ok
12:29:59.0241 3908 [ 5b50f1b2a2ed47d560577b221da734db ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:29:59.0257 3908 NABTSFEC - ok
12:29:59.0319 3908 [ 0102140028fad045756796e1c685d695 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:29:59.0351 3908 napagent - ok
12:29:59.0413 3908 [ 1df7f42665c94b825322fae71721130d ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:29:59.0444 3908 NDIS - ok
12:29:59.0491 3908 [ b797ee2ef919c95561dee78b72b33e5b ] ndiscm C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
12:29:59.0523 3908 ndiscm - ok
12:29:59.0569 3908 [ 7ff1f1fd8609c149aa432f95a8163d97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:29:59.0585 3908 NdisIP - ok
12:29:59.0632 3908 [ 0109c4f3850dfbab279542515386ae22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:29:59.0663 3908 NdisTapi - ok
12:29:59.0663 3908 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:29:59.0679 3908 Ndisuio - ok
12:29:59.0710 3908 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:29:59.0773 3908 NdisWan - ok
12:29:59.0804 3908 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:29:59.0835 3908 NDProxy - ok
12:29:59.0851 3908 [ a081cb6fb9a12668f233eb5414be3a0e ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
12:29:59.0851 3908 Net Driver HPZ12 - ok
12:29:59.0866 3908 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:29:59.0882 3908 NetBIOS - ok
12:29:59.0913 3908 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:29:59.0944 3908 NetBT - ok
12:29:59.0976 3908 [ b857ba82860d7ff85ae29b095645563b ] NetDDE C:\WINDOWS\system32\netdde.exe
12:30:00.0007 3908 NetDDE - ok
12:30:00.0007 3908 [ b857ba82860d7ff85ae29b095645563b ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:30:00.0007 3908 NetDDEdsdm - ok
12:30:00.0038 3908 [ bf2466b3e18e970d8a976fb95fc1ca85 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:30:00.0054 3908 Netlogon - ok
12:30:00.0085 3908 [ 13e67b55b3abd7bf3fe7aae5a0f9a9de ] Netman C:\WINDOWS\System32\netman.dll
12:30:00.0085 3908 Netman - ok
12:30:00.0226 3908 [ 9da26b773bd04b867a8e9f427cd048fc ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
12:30:01.0179 3908 NetSvc - ok
12:30:01.0226 3908 [ d34612c5d02d026535b3095d620626ae ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:30:01.0257 3908 NetTcpPortSharing - ok
12:30:01.0288 3908 [ 943337d786a56729263071623bbb9de5 ] Nla C:\WINDOWS\System32\mswsock.dll
12:30:01.0288 3908 Nla - ok
12:30:01.0319 3908 Normandy - ok
12:30:01.0351 3908 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:30:01.0351 3908 Npfs - ok
12:30:01.0382 3908 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:30:01.0413 3908 Ntfs - ok
12:30:01.0460 3908 [ bf2466b3e18e970d8a976fb95fc1ca85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:30:01.0460 3908 NtLmSsp - ok
12:30:01.0507 3908 [ 156f64a3345bd23c600655fb4d10bc08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:30:01.0554 3908 NtmsSvc - ok
12:30:01.0569 3908 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\WINDOWS\system32\drivers\Null.sys
12:30:01.0569 3908 Null - ok
12:30:01.0710 3908 [ 2b298519edbfcf451d43e0f1e8f1006d ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:30:01.0882 3908 nv - ok
12:30:01.0898 3908 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:30:01.0913 3908 NwlnkFlt - ok
12:30:01.0929 3908 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:30:01.0944 3908 NwlnkFwd - ok
12:30:01.0960 3908 [ 103a9b117a7d9903111955cdafe65ac6 ] ossrv C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
12:30:01.0976 3908 ossrv - ok
12:30:02.0007 3908 [ 5575faf8f97ce5e713d108c2a58d7c7c ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
12:30:02.0085 3908 Parport - ok
12:30:02.0101 3908 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:30:02.0116 3908 PartMgr - ok
12:30:02.0132 3908 [ 70e98b3fd8e963a6a46a2e6247e0bea1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:30:02.0132 3908 ParVdm - ok
12:30:02.0194 3908 [ 39b9dcd7040654c2e57d7396736c718e ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
12:30:02.0194 3908 PassThru Service - ok
12:30:02.0226 3908 [ a219903ccf74233761d92bef471a07b1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:30:02.0226 3908 PCI - ok
12:30:02.0226 3908 PCIDump - ok
12:30:02.0257 3908 [ ccf5f451bb1a5a2a522a76e670000ff0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:30:02.0257 3908 PCIIde - ok
12:30:02.0304 3908 [ 9e89ef60e9ee05e3f2eef2da7397f1c1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:30:02.0413 3908 Pcmcia - ok
12:30:02.0444 3908 PDCOMP - ok
12:30:02.0444 3908 PDFRAME - ok
12:30:02.0460 3908 PDRELI - ok
12:30:02.0460 3908 PDRFRAME - ok
12:30:02.0538 3908 [ 6c14b9c19ba84f73d3a86dba11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
12:30:02.0538 3908 perc2 - ok
12:30:02.0585 3908 [ f50f7c27f131afe7beba13e14a3b9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:30:02.0585 3908 perc2hib - ok
12:30:02.0694 3908 [ 65df52f5b8b6e9bbd183505225c37315 ] PlugPlay C:\WINDOWS\system32\services.exe
12:30:02.0694 3908 PlugPlay - ok
12:30:02.0726 3908 [ 65bc271f337637731d3c71455ae1f476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
12:30:02.0726 3908 Pml Driver HPZ12 - ok
12:30:02.0741 3908 [ bf2466b3e18e970d8a976fb95fc1ca85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:30:02.0741 3908 PolicyAgent - ok
12:30:02.0804 3908 [ 3adfecb5ce0b7196282f0c0da695b508 ] ppped C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
12:30:02.0819 3908 ppped - ok
12:30:02.0835 3908 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:30:02.0851 3908 PptpMiniport - ok
12:30:02.0882 3908 [ bf2466b3e18e970d8a976fb95fc1ca85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:30:02.0882 3908 ProtectedStorage - ok
12:30:02.0929 3908 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:30:02.0929 3908 PSched - ok
12:30:02.0944 3908 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:30:02.0976 3908 Ptilink - ok
12:30:03.0023 3908 [ e42e3433dbb4cffe8fdd91eab29aea8e ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:30:03.0023 3908 PxHelp20 - ok
12:30:03.0023 3908 [ 0a63fb54039eb5662433caba3b26dba7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:30:03.0023 3908 ql1080 - ok
12:30:03.0038 3908 [ 6503449e1d43a0ff0201ad5cb1b8c706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:30:03.0038 3908 Ql10wnt - ok
12:30:03.0054 3908 [ 156ed0ef20c15114ca097a34a30d8a01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:30:03.0069 3908 ql12160 - ok
12:30:03.0085 3908 [ 70f016bebde6d29e864c1230a07cc5e6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:30:03.0085 3908 ql1240 - ok
12:30:03.0085 3908 [ 907f0aeea6bc451011611e732bd31fcf ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:30:03.0101 3908 ql1280 - ok
12:30:03.0116 3908 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:30:03.0148 3908 RasAcd - ok
12:30:03.0179 3908 [ ad188be7bdf94e8df4ca0a55c00a5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:30:03.0241 3908 RasAuto - ok
12:30:03.0257 3908 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:30:03.0273 3908 Rasl2tp - ok
12:30:03.0304 3908 [ 76a9a3cbeadd68cc57cda5e1d7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:30:03.0304 3908 RasMan - ok
12:30:03.0319 3908 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:30:03.0319 3908 RasPppoe - ok
12:30:03.0319 3908 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:30:03.0351 3908 Raspti - ok
12:30:03.0413 3908 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:30:03.0444 3908 Rdbss - ok
12:30:03.0444 3908 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:30:03.0476 3908 RDPCDD - ok
12:30:03.0491 3908 [ 15cabd0f7c00c47c70124907916af3f1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:30:03.0491 3908 rdpdr - ok
12:30:03.0538 3908 [ 6589db6e5969f8eee594cf71171c5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:30:03.0569 3908 RDPWD - ok
12:30:03.0632 3908 [ 3c37bf86641bda977c3bf8a840f3b7fa ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:30:03.0663 3908 RDSessMgr - ok
12:30:03.0679 3908 [ f828dd7e1419b6653894a8f97a0094c5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:30:03.0694 3908 redbook - ok
12:30:03.0741 3908 [ 7e699ff5f59b5d9de5390e3c34c67cf5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:30:03.0773 3908 RemoteAccess - ok
12:30:03.0819 3908 [ 5b19b557b0c188210a56a6b699d90b8f ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:30:03.0835 3908 RemoteRegistry - ok
12:30:03.0882 3908 [ aaed593f84afa419bbae8572af87cf6a ] RpcLocator C:\WINDOWS\system32\locator.exe
12:30:03.0898 3908 RpcLocator - ok
12:30:03.0960 3908 [ 6b27a5c03dfb94b4245739065431322c ] RpcSs C:\WINDOWS\System32\rpcss.dll
12:30:03.0960 3908 RpcSs - ok
12:30:04.0007 3908 [ 471b3f9741d762abe75e9deea4787e47 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:30:04.0038 3908 RSVP - ok
12:30:04.0069 3908 [ bf2466b3e18e970d8a976fb95fc1ca85 ] SamSs C:\WINDOWS\system32\lsass.exe
12:30:04.0069 3908 SamSs - ok
12:30:04.0116 3908 [ 86d007e7a654b9a71d1d7d856b104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:30:04.0132 3908 SCardSvr - ok
12:30:04.0179 3908 [ 0a9a7365a1ca4319aa7c1d6cd8e4eafa ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:30:04.0194 3908 Schedule - ok
12:30:04.0241 3908 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:30:04.0257 3908 Secdrv - ok
12:30:04.0288 3908 [ cbe612e2bb6a10e3563336191eda1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:30:04.0288 3908 seclogon - ok
12:30:04.0304 3908 [ 7fdd5d0684eca8c1f68b4d99d124dcd0 ] SENS C:\WINDOWS\system32\sens.dll
12:30:04.0304 3908 SENS - ok
12:30:04.0335 3908 [ 0f29512ccd6bead730039fb4bd2c85ce ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:30:04.0351 3908 serenum - ok
12:30:04.0366 3908 [ cca207a8896d4c6a0c9ce29a4ae411a7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
12:30:04.0382 3908 Serial - ok
12:30:04.0429 3908 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:30:04.0460 3908 Sfloppy - ok
12:30:04.0491 3908 [ 83f41d0d89645d7235c051ab1d9523ac ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:30:04.0523 3908 SharedAccess - ok
12:30:04.0554 3908 [ 99bc0b50f511924348be19c7c7313bbf ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:30:04.0554 3908 ShellHWDetection - ok
12:30:04.0632 3908 [ 6bd3976b881888ac9a0ed3eb94e7fd38 ] sigfilt C:\WINDOWS\system32\drivers\sigfilt.sys
12:30:04.0710 3908 sigfilt - ok
12:30:04.0710 3908 Simbad - ok
12:30:04.0757 3908 [ 6b33d0ebd30db32e27d1d78fe946a754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:30:04.0757 3908 sisagp - ok
12:30:04.0804 3908 [ f07af60b152221472fbdb2fecec4896d ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
12:30:04.0835 3908 SkypeUpdate - ok
12:30:04.0882 3908 [ 866d538ebe33709a5c9f5c62b73b7d14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:30:04.0913 3908 SLIP - ok
12:30:04.0976 3908 [ 83c0f71f86d3bdaf915685f3d568b20e ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:30:04.0976 3908 Sparrow - ok
12:30:04.0991 3908 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:30:04.0991 3908 splitter - ok
12:30:05.0023 3908 [ 60784f891563fb1b767f70117fc2428f ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:30:05.0023 3908 Spooler - ok
12:30:05.0038 3908 [ 76bb022c2fb6902fd5bdd4f78fc13a5d ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:30:05.0069 3908 sr - ok
12:30:05.0085 3908 [ 3805df0ac4296a34ba4bf93b346cc378 ] srservice C:\WINDOWS\system32\srsvc.dll
12:30:05.0101 3908 srservice - ok
12:30:05.0179 3908 [ 47ddfc2f003f7f9f0592c6874962a2e7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:30:05.0210 3908 Srv - ok
12:30:05.0226 3908 [ 0a5679b3714edab99e357057ee88fca6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:30:05.0241 3908 SSDPSRV - ok
12:30:05.0257 3908 [ 306521935042fc0a6988d528643619b3 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
12:30:05.0257 3908 StarOpen - ok
12:30:05.0288 3908 [ b95480c92c4c9c311be47b8a1ad73770 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
12:30:05.0288 3908 STHDA - ok
12:30:05.0335 3908 [ a9573045baa16eab9b1085205b82f1ed ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
12:30:05.0335 3908 StillCam - ok
12:30:05.0366 3908 [ 8bad69cbac032d4bbacfce0306174c30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:30:05.0398 3908 stisvc - ok
12:30:05.0444 3908 [ 77813007ba6265c4b6098187e6ed79d2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:30:05.0460 3908 streamip - ok
12:30:05.0476 3908 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:30:05.0491 3908 swenum - ok
12:30:05.0507 3908 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:30:05.0507 3908 swmidi - ok
12:30:05.0507 3908 SwPrv - ok
12:30:05.0538 3908 [ 1ff3217614018630d0a6758630fc698c ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
12:30:05.0538 3908 symc810 - ok
12:30:05.0601 3908 [ 070e001d95cf725186ef8b20335f933c ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:30:05.0601 3908 symc8xx - ok
12:30:05.0632 3908 [ 80ac1c4abbe2df3b738bf15517a51f2c ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:30:05.0632 3908 sym_hi - ok
12:30:05.0663 3908 [ bf4fab949a382a8e105f46ebb4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:30:05.0663 3908 sym_u3 - ok
12:30:05.0679 3908 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:30:05.0679 3908 sysaudio - ok
12:30:05.0726 3908 [ c7abbc59b43274b1109df6b24d617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:30:05.0757 3908 SysmonLog - ok
12:30:05.0804 3908 [ 3cb78c17bb664637787c9a1c98f79c38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:30:05.0819 3908 TapiSrv - ok
12:30:05.0819 3908 tbhsd - ok
12:30:05.0898 3908 [ 9aefa14bd6b182d61e3119fa5f436d3d ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:30:05.0913 3908 Tcpip - ok
12:30:05.0944 3908 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:30:05.0944 3908 TDPIPE - ok
12:30:05.0960 3908 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:30:05.0976 3908 TDTCP - ok
12:30:05.0991 3908 [ 88155247177638048422893737429d9e ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:30:06.0007 3908 TermDD - ok
12:30:06.0054 3908 [ ff3477c03be7201c294c35f684b3479f ] TermService C:\WINDOWS\System32\termsrv.dll
12:30:06.0054 3908 TermService - ok
12:30:06.0101 3908 [ 99bc0b50f511924348be19c7c7313bbf ] Themes C:\WINDOWS\System32\shsvcs.dll
12:30:06.0101 3908 Themes - ok
12:30:06.0163 3908 [ db7205804759ff62c34e3efd8a4cc76a ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
12:30:06.0194 3908 TlntSvr - ok
12:30:06.0210 3908 [ f2790f6af01321b172aa62f8e1e187d9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
12:30:06.0210 3908 TosIde - ok
12:30:06.0241 3908 [ 55bca12f7f523d35ca3cb833c725f54e ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:30:06.0241 3908 TrkWks - ok
12:30:06.0273 3908 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:30:06.0288 3908 Udfs - ok
12:30:06.0366 3908 [ 1b698a51cd528d8da4ffaed66dfc51b9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
12:30:06.0366 3908 ultra - ok
12:30:06.0444 3908 [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:30:06.0476 3908 Update - ok
12:30:06.0538 3908 [ 1ebafeb9a3fbdc41b8d9c7f0f687ad91 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:30:06.0585 3908 upnphost - ok
12:30:06.0601 3908 [ 05365fb38fca1e98f7a566aaaf5d1815 ] UPS C:\WINDOWS\System32\ups.exe
12:30:06.0616 3908 UPS - ok
12:30:06.0679 3908 [ e919708db44ed8543a7c017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
12:30:06.0694 3908 usbaudio - ok
12:30:06.0726 3908 [ 173f317ce0db8e21322e71b7e60a27e8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:30:06.0757 3908 usbccgp - ok
12:30:06.0788 3908 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:30:06.0819 3908 usbehci - ok
12:30:06.0882 3908 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:30:06.0898 3908 usbhub - ok
12:30:06.0929 3908 [ a717c8721046828520c9edf31288fc00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:30:06.0944 3908 usbprint - ok
12:30:07.0007 3908 [ a0b8cf9deb1184fbdd20784a58fa75d4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:30:07.0007 3908 usbscan - ok
12:30:07.0038 3908 [ a32426d9b14a089eaa1d922e0c5801a9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:30:07.0054 3908 USBSTOR - ok
12:30:07.0069 3908 [ 26496f9dee2d787fc3e61ad54821ffe6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:30:07.0101 3908 usbuhci - ok
12:30:07.0101 3908 [ 63bbfca7f390f4c49ed4b96bfb1633e0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
12:30:07.0132 3908 usbvideo - ok
12:30:07.0148 3908 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:30:07.0148 3908 VgaSave - ok
12:30:07.0179 3908 [ 754292ce5848b3738281b4f3607eaef4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:30:07.0179 3908 viaagp - ok
12:30:07.0210 3908 [ 3b3efcda263b8ac14fdf9cbdd0791b2e ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
12:30:07.0210 3908 ViaIde - ok
12:30:07.0257 3908 [ 4c8fcb5cc53aab716d810740fe59d025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:30:07.0257 3908 VolSnap - ok
12:30:07.0319 3908 [ 7a9db3a67c333bf0bd42e42b8596854b ] VSS C:\WINDOWS\System32\vssvc.exe
12:30:07.0366 3908 VSS - ok
12:30:07.0413 3908 [ 54af4b1d5459500ef0937f6d33b1914f ] w32time C:\WINDOWS\system32\w32time.dll
12:30:07.0413 3908 w32time - ok
12:30:07.0444 3908 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:30:07.0476 3908 Wanarp - ok
12:30:07.0476 3908 wanatw - ok
12:30:07.0523 3908 [ 4769596d7cc0f5fa447d2babc239672a ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
12:30:07.0585 3908 Wdf01000 - ok
12:30:07.0585 3908 WDICA - ok
12:30:07.0663 3908 [ 6768acf64b18196494413695f0c3a00f ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:30:07.0679 3908 wdmaud - ok
12:30:07.0741 3908 [ 77a354e28153ad2d5e120a5a8687bc06 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:30:07.0741 3908 WebClient - ok
12:30:07.0804 3908 [ f59ed5a43b988a18ef582bb07b2327a7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
12:30:07.0898 3908 winachsf - ok
12:30:07.0991 3908 [ 2d0e4ed081963804ccc196a0929275b5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:30:08.0210 3908 winmgmt - ok
12:30:08.0366 3908 [ 5144ae67d60ec653f97ddf3feed29e77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:30:08.0413 3908 wlidsvc - ok
12:30:08.0444 3908 [ c51b4a5c05a5475708e3c81c7765b71d ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:30:08.0491 3908 WmdmPmSN - ok
12:30:08.0569 3908 [ e76f8807070ed04e7408a86d6d3a6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
12:30:08.0585 3908 Wmi - ok
12:30:08.0632 3908 [ e0673f1106e62a68d2257e376079f821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:30:08.0648 3908 WmiApSrv - ok
12:30:08.0757 3908 [ f74e3d9a7fa9556c3bbb14d4e5e63d3b ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:30:08.0851 3908 WMPNetworkSvc - ok
12:30:08.0898 3908 [ cf4def1bf66f06964dc0d91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
12:30:08.0898 3908 WpdUsb - ok
12:30:08.0913 3908 [ 6abe6e225adb5a751622a9cc3bc19ce8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:30:08.0929 3908 WS2IFSL - ok
12:30:08.0960 3908 [ 7c278e6408d1dce642230c0585a854d5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:30:08.0960 3908 wscsvc - ok
12:30:08.0991 3908 [ c98b39829c2bbd34e454150633c62c78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:30:09.0023 3908 WSTCODEC - ok
12:30:09.0069 3908 [ 35321fb577cdc98ce3eb3a3eb9e4610a ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:30:09.0069 3908 wuauserv - ok
12:30:09.0132 3908 [ f15feafffbb3644ccc80c5da584e6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:30:09.0163 3908 WudfPf - ok
12:30:09.0194 3908 [ 28b524262bce6de1f7ef9f510ba3985b ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:30:09.0226 3908 WudfRd - ok
12:30:09.0288 3908 [ 05231c04253c5bc30b26cbaae680ed89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
12:30:09.0319 3908 WudfSvc - ok
12:30:09.0382 3908 [ 81dc3f549f44b1c1fff022dec9ecf30b ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:30:09.0413 3908 WZCSVC - ok
12:30:09.0476 3908 [ 295d21f14c335b53cb8154e5b1f892b9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:30:09.0538 3908 xmlprov - ok
12:30:09.0585 3908 ================ Scan global ===============================
12:30:09.0616 3908 (42f1f4c0afb08410e5f02d4b13ebb623) C:\WINDOWS\system32\basesrv.dll
12:30:09.0679 3908 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
12:30:09.0694 3908 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
12:30:09.0726 3908 (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:30:09.0726 3908 [Global] - ok
12:30:09.0726 3908 ================ Scan MBR ==================================
12:30:09.0741 3908 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk0\DR0
12:30:10.0116 3908 \Device\Harddisk0\DR0 - ok
12:30:10.0132 3908 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk1\DR1
12:30:11.0226 3908 \Device\Harddisk1\DR1 - ok
12:30:11.0226 3908 ================ Scan VBR ==================================
12:30:11.0226 3908 Boot (0x1200) (df7afb452d18cbc73bd50896009e53c6) \Device\Harddisk0\DR0\Partition1
12:30:11.0257 3908 \Device\Harddisk0\DR0\Partition1 - ok
12:30:11.0257 3908 Boot (0x1200) (c7dbc572d074aaf3098be3d7cb77dcc3) \Device\Harddisk1\DR1\Partition1
12:30:11.0257 3908 \Device\Harddisk1\DR1\Partition1 - ok
12:30:11.0257 3908 ============================================================
12:30:11.0257 3908 Scan finished
12:30:11.0257 3908 ============================================================
12:30:11.0273 3604 Detected object count: 0
12:30:11.0273 3604 Actual detected object count: 0
12:30:24.0851 4048 Deinitialize success
kuboa
Regular Member
 
Posts: 29
Joined: March 27th, 2011, 9:59 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 289 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware