View Full Version : Realtek Wave bar automatically moving down - think it's malware
Michelea1976
2012-11-20, 03:24
Hello, I think I have malware on my computer. Recently, I visited a website where my Avast told me it blocked a malicious file. I thought I had told it to delete the file, but I guess not. That's when I noticed the sound would cut off, and realized it was my Realtek Wave bar automatically shutting off. I think it is a malware virus, but my scans proved nothing. Maybe there is something you can see? If not, maybe I need to reload the drivers and it was just one big coincidence. Here are my logs. I followed what you asked. Please let me know if I am missing anything. Spybot did not find anything, and I think that's because I couldn't locate the place to turn of TeaTime. I don't know what version I have, but it's the latest version. Maybe I will need your help on that as well! Thank you for your help!
DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Michele at 17:51:37 on 2012-11-19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.347 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: <No Name>: - LocalServer32 - <no file>
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SynAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [EeeSplendidAgent] c:\program files\asus\epc\eeesplendid\AsAgent.exe
mRun: [LiveUpdate] c:\program files\asus\liveupdate\LiveUpdate.exe auto
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\michel~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://cbia.webex.com/client/WBXclient-T27L10NSP25EP11-14378/event/ieatgpc.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{7896FF03-9763-4ED2-BF51-E8095EF9E354} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\michele acampora\application data\mozilla\firefox\profiles\01tzrdl6.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-5-28 11448]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-25 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-13 361032]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-13 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-13 44808]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-1-7 54752]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-8-28 38912]
S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-1-7 1684736]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2010-1-7 39040]
.
=============== Created Last 30 ================
.
2012-11-14 18:25:33 -------- d-----w- c:\documents and settings\michele acampora\application data\webex
.
==================== Find3M ====================
.
2012-10-30 23:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 23:51:07 41224 ----a-w- c:\windows\avastSS.scr
2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-09 02:47:46 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 02:47:46 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
.
============= FINISH: 17:53:44.71 ===============
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-19 18:21:21
-----------------------------
18:21:21.546 OS Version: Windows 5.1.2600 Service Pack 3
18:21:21.546 Number of processors: 2 586 0x1C02
18:21:21.546 ComputerName: MICHELE UserName:
18:21:23.203 Initialize success
18:21:27.593 AVAST engine defs: 12111900
18:21:29.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:21:29.937 Disk 0 Vendor: ST916031 0303 Size: 152627MB BusType: 3
18:21:29.953 Disk 0 MBR read successfully
18:21:29.953 Disk 0 MBR scan
18:21:29.968 Disk 0 Windows XP default MBR code
18:21:29.984 Disk 0 MBR hidden
18:21:30.234 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 147581 MB offset 63
18:21:30.296 Disk 0 Partition 2 00 1C Hidd FAT32 LBA MSDOS5.0 5004 MB offset 302246910
18:21:30.343 Disk 0 Partition 3 00 EF EFI FAT A1311 39 MB offset 312496380
18:21:30.406 Disk 0 scanning sectors +312576705
18:21:30.531 Disk 0 scanning C:\WINDOWS\system32\drivers
18:21:50.593 Service scanning
18:22:16.765 Modules scanning
18:22:26.500 Disk 0 trace - called modules:
18:22:26.546 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x81e454b1]<<
18:22:26.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b3a030]
18:22:26.578 3 CLASSPNP.SYS[f7618fd7] -> nt!IofCallDriver -> \Device\00000065[0x86bc7158]
18:22:26.593 5 ACPI.sys[f749f620] -> nt!IofCallDriver -> [0x86b76028]
18:22:26.609 \Driver\iaStor[0x85d41da0] -> IRP_MJ_CREATE -> 0x81e454b1
18:22:27.390 AVAST engine scan C:\WINDOWS
18:22:34.156 AVAST engine scan C:\WINDOWS\system32
18:25:52.046 AVAST engine scan C:\WINDOWS\system32\drivers
18:26:08.296 AVAST engine scan C:\Documents and Settings\Michele Acampora
18:26:27.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Michele Acampora\Desktop\MBR.dat"
18:26:27.218 The log file has been saved successfully to "C:\Documents and Settings\Michele Acampora\Desktop\aswMBR.txt"
Jack&Jill
2012-11-26, 03:20
Hello and welcome to Safer Networking.
I am currently assessing your situation and will be back with a fix for your problem as soon as possible.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Thread Tools, then click Subscribe to this Thread. Under the Notification Type: title, make sure it is set to Instant notification by email, then click Add Subscription.
Please be patient with me during this time.
Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 3 days, this topic will be closed.
Michelea1976
2012-11-26, 04:30
Hello Jack&Jill,
Thank you for responding. I appreciate that.
I have new evidence of malware - my Avast anti-virus is blocking this website and a few other sites. I notice these problems happen when I am hooked up to the internet. When I was away for Thanksgiving Holiday, I had no service and the computer worked fine. The wave bar did not go down and I think it has to do with something in the SVCHost.exe file. This is what Avast tells me when the red pop-up tells me it was blocking a malicious site.
Edit -disabled links
Object: http://79.143.186.52/x/
Infection: URL:MAL
Process: C:\WINDOWS\system32\svchost.exe
The Object can also be these two sites:
http://novemberrainx.com
http:://wewillrocknow.com/x/
Hope this helps. I may have to do more logs for you. Once again, thank you so much for your help!!
Jack&Jill
2012-11-26, 07:14
Hello Michelea1976 :),
Welcome to Safer Networking. I am Jack&Jill, and I will be helping you out.
Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.
Please observe and follow these Forum Rules (http://forums.spybot.info/showthread.php?t=288).
Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
Please read the instructions carefully and follow them closely, in the order they are presented to you.
If you have any doubts or problems during the fix, please stop and ask.
All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
If you do not reply within 3 days, this topic will be closed.
If you are agreeable to the above, then everything should go smoothly :) . We may begin.
--------------------
Thanks for the new information. It will help narrow down the problem.
Scan with RogueKiller
Please download RogueKiller© by Tigzy and save it to your desktop. Click here. (http://tigzy.geekstogo.com/roguekiller.php)
Click on the blue button with arrow pointing downwards to the right of Mirror:.
Allow the download if prompted by your security software and please close all your programs.
Double click on RogueKiller.exe to run it. If it does not run, please try a few times.
Wait for PreScan to finish, then click on Scan. Accept the EULA if prompted.
Once completed, a log called RKreport[1].txt will be created on the desktop. It can also be accessed via the Report button.
Please copy and paste the contents of that log in your next reply.
--------------------
Upload file(s) to VirusTotal (VT) for an online scan. Click here. (http://www.virustotal.com)
Click on the Browse button or the white box beside it. A File Upload prompt will open.
Copy and paste the following file and its path to upload:
C:\Documents and Settings\Michele Acampora\Desktop\MBR.dat
Press Open, then Send file. The file will be uploaded for testing.
If there is any indication or prompt that the file has been scanned before, please proceed to have the file rescanned or reanalyzed.
Please wait for all the scanners to finish, then copy the website address at the top of your browser and paste it in your reply.
Alternatively, if VirusTotal is busy or inaccessible, you may try Jotti (http://virusscan.jotti.org/) or VirScan (http://virscan.org/) (VS) with similar steps.
A result from either one of the above scanners would be sufficient.
--------------------
Please close all programs and do not run any others before and during the GMER scan. Do not use the computer for anything else until after the scan is completed.
Please download GMER and save it to your desktop. Click here. (http://www.gmer.net/download.php)
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running GMER. They may cause the computer to freeze.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Double click the .exe file. If asked to allow the gmer driver file with a sys extension to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan, click on No.
In the right panel, you will see several boxes that have been checked (ticked).
Uncheck IAT/EAT
Uncheck All other Drives/Partitions except C:\ (leave C:\ checked)
Uncheck Show All (don't miss this one)
Then click the Scan button and wait for it to finish.
Once done, click on the Save... button and save it as "Gmer.txt" at a convenient location. Post the contents of that report.
Enable back your security softwares as soon as you completed the GMER steps.
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.
If you are having problems running GMER, retry with Devices unchecked as well. If you are still encountering difficulties, please try running GMER in Safe Mode. You can get into Safe Mode using the F8 key during the startup of your computer after a reboot.
--------------------
Please post back:
1. RogueKiller log
2. VT result
3. GMER log
Michelea1976
2012-11-27, 02:03
Hello,
I will always respond within 24 hours. I live on the East Coast of USA and I work, so I will always respond ASAP. Here is the log for RougeKiller:
RogueKiller V8.3.1 [Nov 26 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Michele Acampora [Admin rights]
Mode : Scan -- Date : 11/26/2012 18:22:31
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] RTHDCPL.EXE -- C:\WINDOWS\RTHDCPL.EXE -> KILLED [TermProc]
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[Tr.Karagany][FOLDER] plugs : C:\Documents and Settings\Michele Acampora\Application Data\Adobe\plugs --> FOUND
[Tr.Karagany][FOLDER] shed : C:\Documents and Settings\Michele Acampora\Application Data\Adobe\shed --> FOUND
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] dc78608618cbe0bc8e4e065f319ee4ac
6809cbf3405780c9b95bacf805a615ae : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 147581 Mo
1 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 302246910 | Size: 5004 Mo
2 - [XXXXXX] UNKNOWN (0xef) [VISIBLE] Offset (sectors): 312496380 | Size: 39 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] 2a077998b4f8079c339247a237313e36
[BSP] 6809cbf3405780c9b95bacf805a615ae : Windows XP MBR Code
Partition table:
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 147581 Mo
2 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 302246910 | Size: 5004 Mo
3 - [XXXXXX] UNKNOWN (0xef) [VISIBLE] Offset (sectors): 312496380 | Size: 39 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] 2a077998b4f8079c339247a237313e36
[BSP] 6809cbf3405780c9b95bacf805a615ae : Windows XP MBR Code
Partition table:
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 147581 Mo
2 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 302246910 | Size: 5004 Mo
3 - [XXXXXX] UNKNOWN (0xef) [VISIBLE] Offset (sectors): 312496380 | Size: 39 Mo
Finished : << RKreport[1]_S_11262012_02d1822.txt >>
RKreport[1]_S_11262012_02d1822.txt
[B]Here is the website for the Antivirus scan:
https://www.virustotal.com/file/4d2c167b75573849c4dc9dfa000822aaa521902c1d8007ac7017d3e8d5650020/analysis/1353972497/
**GMER Scan on next thread**
Michelea1976
2012-11-27, 02:05
I meant GMER Scan on next reply - have to break up this log...its too long...LOL.
B]Here is the GMER Scan (I hope I did this right):[/B]
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-11-26 18:56:20
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\iaStor0 ST916031 rev.0303
Running: rggy0cfq.exe; Driver: C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\uwldypob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA457E4BA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA462BC22]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA457EED6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA45C0811]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA4589FA8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA4589FF4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA458A176]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA45C01C5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA4589F16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA458A038]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA4589F5E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xA457F11C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA458A130]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xA457F93E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA457E508]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA45C0ED7]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA45C118D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA45831C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA45C0D42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA45C0BAD]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA462BCEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA457E170]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA457E556]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA4583534]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA45803A6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA4589FD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA458A016]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA458A19A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA45C0521]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA4589F3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA4582C3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA458A0BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA4589F86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA4582F14]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA458A154]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA462BE4A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA45C0A28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA4580272]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA45C087A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xA457FDD4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA46387D2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA45BF838]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA457E5A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA457E5F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xA457F7BE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA457E1FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA457E3AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA45C0FDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA457E350]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xA457FAF8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xA457FC54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA457E41A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xA457F4D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xA457F636]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xA462A41C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA457E640]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xA457EF1A]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA4644E56]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2D28 80504620 4 Bytes JMP 9CA462BC
.text ntkrnlpa.exe!ZwCallbackReturn + 2F28 80504820 12 Bytes [A4, E5, 57, A4, F2, E5, 57, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD0 805048C8 12 Bytes [F8, FA, 57, A4, 54, FC, 57, ...] {CLC ; CLI ; PUSH EDI; MOVSB ; PUSH ESP; CLD ; PUSH EDI; MOVSB ; SBB AH, AH; PUSH EDI; MOVSB }
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64B0 4 Bytes CALL A4580A77 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC55E 5 Bytes JMP A4641CF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FE2 5 Bytes JMP A4643810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D119A 7 Bytes JMP A4644E5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF80991D 5 Bytes JMP A4584B4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C879 5 Bytes JMP A4584A3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP A45849F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C56B 5 Bytes JMP A45840A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240DB 5 Bytes JMP A45837C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A45 5 Bytes JMP A4584CB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF831490 5 Bytes JMP A4584EBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B687 BF839EC7 5 Bytes JMP A45848FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF85176B 5 Bytes JMP A4583688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC9A 5 Bytes JMP A458416A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E304 5 Bytes JMP A4583C1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E38F 5 Bytes JMP A4583EE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F600 5 Bytes JMP A4583670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5466 BF8649DE 5 Bytes JMP A4584A86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 362A BF873207 5 Bytes JMP A4583CDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4167 BF873D44 5 Bytes JMP A4583E9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890E3F 5 Bytes JMP A4584182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF8943E9 5 Bytes JMP A4584BFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF894EC1 5 Bytes JMP A4584E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3862 BF89C276 5 Bytes JMP A4584090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DF7 BF89D80B 5 Bytes JMP A4583834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A96F BF8C1C9C 5 Bytes JMP A4583944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA12D 5 Bytes JMP A4583A1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA3AD 5 Bytes JMP A4583B48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B2E BF8EBD41 5 Bytes JMP A458356A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB49 BF8F4D5C 5 Bytes JMP A45840C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A40 BF9143A8 5 Bytes JMP A4583760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2614 BF914F7C 5 Bytes JMP A45838F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F8D BF9178F5 5 Bytes JMP A4583FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1934 BF947A54 5 Bytes JMP A4584D74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[236] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002E01F8
.text C:\WINDOWS\Explorer.EXE[236] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[236] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002E03FC
.text C:\WINDOWS\Explorer.EXE[236] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[236] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\WINDOWS\Explorer.EXE[236] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\WINDOWS\Explorer.EXE[236] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\WINDOWS\Explorer.EXE[236] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\WINDOWS\Explorer.EXE[236] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\WINDOWS\Explorer.EXE[236] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\WINDOWS\Explorer.EXE[236] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\WINDOWS\Explorer.EXE[236] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\Explorer.EXE[236] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00BC0804
.text C:\WINDOWS\Explorer.EXE[236] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00BC0A08
.text C:\WINDOWS\Explorer.EXE[236] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00BC0600
.text C:\WINDOWS\Explorer.EXE[236] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00BC01F8
.text C:\WINDOWS\Explorer.EXE[236] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00BC03FC
.text C:\Program Files\iPod\bin\iPodService.exe[492] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003A01F8
.text C:\Program Files\iPod\bin\iPodService.exe[492] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[492] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003A03FC
.text C:\Program Files\iPod\bin\iPodService.exe[492] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[492] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 009F1014
.text C:\Program Files\iPod\bin\iPodService.exe[492] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 009F0804
.text C:\Program Files\iPod\bin\iPodService.exe[492] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 009F0A08
.text C:\Program Files\iPod\bin\iPodService.exe[492] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 009F0C0C
.text C:\Program Files\iPod\bin\iPodService.exe[492] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 009F0E10
.text C:\Program Files\iPod\bin\iPodService.exe[492] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009F01F8
.text C:\Program Files\iPod\bin\iPodService.exe[492] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009F03FC
.text C:\Program Files\iPod\bin\iPodService.exe[492] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 009F0600
.text C:\Program Files\iPod\bin\iPodService.exe[492] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 009E0804
.text C:\Program Files\iPod\bin\iPodService.exe[492] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 009E0A08
.text C:\Program Files\iPod\bin\iPodService.exe[492] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 009E0600
.text C:\Program Files\iPod\bin\iPodService.exe[492] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 009E01F8
.text C:\Program Files\iPod\bin\iPodService.exe[492] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 009E03FC
.text C:\WINDOWS\system32\svchost.exe[540] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[540] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[680] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00961014
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00960804
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00960A08
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00960C0C
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00960E10
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009601F8
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009603FC
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00960600
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A00804
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00A00A08
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00A00600
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00A001F8
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00A003FC
.text C:\WINDOWS\system32\csrss.exe[744] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[744] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[768] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[816] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[816] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[948] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[948] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[1020] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002F01F8
.text C:\Program Files\Messenger\msmsgs.exe[1020] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[1020] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002F03FC
.text C:\Program Files\Messenger\msmsgs.exe[1020] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[1020] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00A81014
.text C:\Program Files\Messenger\msmsgs.exe[1020] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00A80804
.text C:\Program Files\Messenger\msmsgs.exe[1020] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00A80A08
.text C:\Program Files\Messenger\msmsgs.exe[1020] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00A80C0C
.text C:\Program Files\Messenger\msmsgs.exe[1020] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00A80E10
.text C:\Program Files\Messenger\msmsgs.exe[1020] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00A801F8
.text C:\Program Files\Messenger\msmsgs.exe[1020] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00A803FC
.text C:\Program Files\Messenger\msmsgs.exe[1020] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00A80600
.text C:\Program Files\Messenger\msmsgs.exe[1020] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A70804
.text C:\Program Files\Messenger\msmsgs.exe[1020] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00A70A08
.text C:\Program Files\Messenger\msmsgs.exe[1020] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00A70600
.text C:\Program Files\Messenger\msmsgs.exe[1020] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00A701F8
.text C:\Program Files\Messenger\msmsgs.exe[1020] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00A703FC
.text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1112] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 001A3AA9
.text C:\WINDOWS\System32\svchost.exe[1112] ntdll.dll!RtlRaiseException 7C90E528 5 Bytes JMP 001A3CC9
.text C:\WINDOWS\System32\svchost.exe[1112] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1112] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 001A45B6
.text C:\WINDOWS\System32\svchost.exe[1112] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 001A4617
.text C:\WINDOWS\System32\svchost.exe[1112] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 001A4687
.text C:\WINDOWS\System32\svchost.exe[1112] USER32.dll!IsWindowVisible 7E429E3D 5 Bytes JMP 001A46BA
.text C:\WINDOWS\System32\svchost.exe[1112] USER32.dll!MessageBoxIndirectW 7E4664D5 6 Bytes [33, C0, 40, C2, 04, 00] {XOR EAX, EAX; INC EAX; RET 0x4}
.text C:\WINDOWS\System32\svchost.exe[1112] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 001A4820
.text C:\WINDOWS\System32\svchost.exe[1112] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 001A47F6
.text C:\WINDOWS\System32\svchost.exe[1112] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 001A4518
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 009D0804
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 009D0A08
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 009D0600
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 009D01F8
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 009D03FC
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 009E1014
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 009E0804
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 009E0A08
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 009E0C0C
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 009E0E10
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009E01F8
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009E03FC
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 009E0600
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[1436] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[1436] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1560] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1560] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1684] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1684] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1740] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1740] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1780] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1780] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1904] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1904] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[1972] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[1972] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003A01F8
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
Michelea1976
2012-11-27, 02:07
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003A03FC
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00D21014
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00D20804
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00D20A08
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00D20C0C
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00D20E10
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00D201F8
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00D203FC
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00D20600
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00D50804
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00D50A08
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00D50600
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00D501F8
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00D503FC
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003A01F8
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00C10804
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00C10A08
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00C10600
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00C101F8
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00C103FC
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00C21014
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00C20804
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00C20A08
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00C20C0C
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00C20E10
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00C201F8
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00C203FC
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00C20600
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00C40804
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00C40A08
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00C40600
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00C401F8
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00C403FC
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00C51014
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00C50804
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00C50A08
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00C50C0C
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00C50E10
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00C501F8
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00C503FC
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00C50600
.text C:\WINDOWS\System32\alg.exe[2660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002E01F8
.text C:\WINDOWS\System32\alg.exe[2660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2660] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002E03FC
.text C:\WINDOWS\System32\alg.exe[2660] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2660] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00780804
.text C:\WINDOWS\System32\alg.exe[2660] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00780A08
.text C:\WINDOWS\System32\alg.exe[2660] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00780600
.text C:\WINDOWS\System32\alg.exe[2660] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 007801F8
.text C:\WINDOWS\System32\alg.exe[2660] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 007803FC
.text C:\WINDOWS\System32\alg.exe[2660] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00791014
.text C:\WINDOWS\System32\alg.exe[2660] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00790804
.text C:\WINDOWS\System32\alg.exe[2660] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00790A08
.text C:\WINDOWS\System32\alg.exe[2660] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00790C0C
.text C:\WINDOWS\System32\alg.exe[2660] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00790E10
.text C:\WINDOWS\System32\alg.exe[2660] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 007901F8
.text C:\WINDOWS\System32\alg.exe[2660] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007903FC
.text C:\WINDOWS\System32\alg.exe[2660] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00790600
.text C:\WINDOWS\system32\igfxtray.exe[2676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\WINDOWS\system32\igfxtray.exe[2676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\igfxtray.exe[2676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\WINDOWS\system32\igfxtray.exe[2676] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\igfxtray.exe[2676] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 009B0804
.text C:\WINDOWS\system32\igfxtray.exe[2676] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 009B0A08
.text C:\WINDOWS\system32\igfxtray.exe[2676] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 009B0600
.text C:\WINDOWS\system32\igfxtray.exe[2676] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 009B01F8
.text C:\WINDOWS\system32\igfxtray.exe[2676] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 009B03FC
.text C:\WINDOWS\system32\igfxtray.exe[2676] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 009C1014
.text C:\WINDOWS\system32\igfxtray.exe[2676] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 009C0804
.text C:\WINDOWS\system32\igfxtray.exe[2676] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 009C0A08
.text C:\WINDOWS\system32\igfxtray.exe[2676] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 009C0C0C
.text C:\WINDOWS\system32\igfxtray.exe[2676] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 009C0E10
.text C:\WINDOWS\system32\igfxtray.exe[2676] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009C01F8
.text C:\WINDOWS\system32\igfxtray.exe[2676] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009C03FC
.text C:\WINDOWS\system32\igfxtray.exe[2676] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 009C0600
.text C:\WINDOWS\system32\hkcmd.exe[2732] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\WINDOWS\system32\hkcmd.exe[2732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\hkcmd.exe[2732] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\WINDOWS\system32\hkcmd.exe[2732] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\hkcmd.exe[2732] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 009B0804
.text C:\WINDOWS\system32\hkcmd.exe[2732] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 009B0A08
.text C:\WINDOWS\system32\hkcmd.exe[2732] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 009B0600
.text C:\WINDOWS\system32\hkcmd.exe[2732] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 009B01F8
.text C:\WINDOWS\system32\hkcmd.exe[2732] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 009B03FC
.text C:\WINDOWS\system32\hkcmd.exe[2732] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 009C1014
.text C:\WINDOWS\system32\hkcmd.exe[2732] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 009C0804
.text C:\WINDOWS\system32\hkcmd.exe[2732] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 009C0A08
.text C:\WINDOWS\system32\hkcmd.exe[2732] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 009C0C0C
.text C:\WINDOWS\system32\hkcmd.exe[2732] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 009C0E10
.text C:\WINDOWS\system32\hkcmd.exe[2732] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009C01F8
.text C:\WINDOWS\system32\hkcmd.exe[2732] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009C03FC
.text C:\WINDOWS\system32\hkcmd.exe[2732] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 009C0600
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00D00804
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00D00A08
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00D00600
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00D001F8
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00D003FC
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00D11014
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00D10804
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00D10A08
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00D10C0C
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00D10E10
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00D101F8
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00D103FC
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00D10600
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00BF0804
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00BF0A08
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00BF0600
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00BF01F8
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00BF03FC
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00C01014
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00C00804
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00C00A08
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00C00C0C
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00C00E10
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00C001F8
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00C003FC
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00C00600
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00990804
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00990A08
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00990600
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 009901F8
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 009903FC
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 009A1014
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 009A0804
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 009A0A08
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 009A0C0C
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 009A0E10
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009A01F8
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009A03FC
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 009A0600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00D81014
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00D80804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00D80A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00D80C0C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00D80E10
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00D801F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00D803FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00D80600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00D70804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00D70A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00D70600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00D701F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00D703FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01725B00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002F03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] KERNEL32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01967B58 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] KERNEL32.dll!MapViewOfFileEx + 6A 7C80B9A0 1 Byte [E9]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] KERNEL32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01967B35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] KERNEL32.dll!ValidateLocale + B130 7C844958 7 Bytes JMP 0172EF12 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00C10804
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00C10A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00C10600
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00C101F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00C103FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01967AB6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00C21014
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00C20804
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00C20A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00C20C0C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00C20E10
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00C201F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00C203FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00C20600
.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 009A1014
.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 009A0804
.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 009A0A08
.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 009A0C0C
Michelea1976
2012-11-27, 02:08
.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 009A0E10
.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009A01F8
.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009A03FC
.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 009A0600
.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00990804
.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00990A08
.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00990600
.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 009901F8
.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 009903FC
.text C:\WINDOWS\system32\igfxext.exe[3180] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\WINDOWS\system32\igfxext.exe[3180] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\igfxext.exe[3180] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\WINDOWS\system32\igfxext.exe[3180] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\igfxext.exe[3180] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00C00804
.text C:\WINDOWS\system32\igfxext.exe[3180] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00C00A08
.text C:\WINDOWS\system32\igfxext.exe[3180] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00C00600
.text C:\WINDOWS\system32\igfxext.exe[3180] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00C001F8
.text C:\WINDOWS\system32\igfxext.exe[3180] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00C003FC
.text C:\WINDOWS\system32\igfxext.exe[3180] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00C11014
.text C:\WINDOWS\system32\igfxext.exe[3180] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00C10804
.text C:\WINDOWS\system32\igfxext.exe[3180] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00C10A08
.text C:\WINDOWS\system32\igfxext.exe[3180] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00C10C0C
.text C:\WINDOWS\system32\igfxext.exe[3180] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00C10E10
.text C:\WINDOWS\system32\igfxext.exe[3180] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00C101F8
.text C:\WINDOWS\system32\igfxext.exe[3180] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00C103FC
.text C:\WINDOWS\system32\igfxext.exe[3180] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00C10600
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00C20804
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00C20A08
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00C20600
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00C201F8
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00C203FC
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00C31014
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00C30804
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00C30A08
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00C30C0C
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00C30E10
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00C301F8
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00C303FC
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00C30600
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3272] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3272] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00BC1014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00BC0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00BC0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00BC0C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00BC0E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00BC01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00BC03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00BC0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00BB0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00BB0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00BB0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00BB01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00BB03FC
.text C:\program files\real\realplayer\update\realsched.exe[3412] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\program files\real\realplayer\update\realsched.exe[3412] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\program files\real\realplayer\update\realsched.exe[3412] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\program files\real\realplayer\update\realsched.exe[3412] KERNEL32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\program files\real\realplayer\update\realsched.exe[3412] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\program files\real\realplayer\update\realsched.exe[3412] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 009D1014
.text C:\program files\real\realplayer\update\realsched.exe[3412] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 009D0804
.text C:\program files\real\realplayer\update\realsched.exe[3412] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 009D0A08
.text C:\program files\real\realplayer\update\realsched.exe[3412] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 009D0C0C
.text C:\program files\real\realplayer\update\realsched.exe[3412] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 009D0E10
.text C:\program files\real\realplayer\update\realsched.exe[3412] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009D01F8
.text C:\program files\real\realplayer\update\realsched.exe[3412] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009D03FC
.text C:\program files\real\realplayer\update\realsched.exe[3412] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 009D0600
.text C:\program files\real\realplayer\update\realsched.exe[3412] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 009C0804
.text C:\program files\real\realplayer\update\realsched.exe[3412] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 009C0A08
.text C:\program files\real\realplayer\update\realsched.exe[3412] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 009C0600
.text C:\program files\real\realplayer\update\realsched.exe[3412] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 009C01F8
.text C:\program files\real\realplayer\update\realsched.exe[3412] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 009C03FC
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00FB1014
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00FB0804
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00FB0A08
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00FB0C0C
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00FB0E10
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00FB01F8
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00FB03FC
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00FB0600
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00FD0804
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00FD0A08
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00FD0600
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00FD01F8
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00FD03FC
.text C:\WINDOWS\system32\ctfmon.exe[3528] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\ctfmon.exe[3528] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3528] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\ctfmon.exe[3528] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3528] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00AF1014
.text C:\WINDOWS\system32\ctfmon.exe[3528] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00AF0804
.text C:\WINDOWS\system32\ctfmon.exe[3528] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00AF0A08
.text C:\WINDOWS\system32\ctfmon.exe[3528] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00AF0C0C
.text C:\WINDOWS\system32\ctfmon.exe[3528] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00AF0E10
.text C:\WINDOWS\system32\ctfmon.exe[3528] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00AF01F8
.text C:\WINDOWS\system32\ctfmon.exe[3528] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00AF03FC
.text C:\WINDOWS\system32\ctfmon.exe[3528] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00AF0600
.text C:\WINDOWS\system32\ctfmon.exe[3528] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
.text C:\WINDOWS\system32\ctfmon.exe[3528] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
.text C:\WINDOWS\system32\ctfmon.exe[3528] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
.text C:\WINDOWS\system32\ctfmon.exe[3528] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
.text C:\WINDOWS\system32\ctfmon.exe[3528] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 009E0804
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 009E0A08
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 009E0600
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 009E01F8
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 009E03FC
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 009F1014
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 009F0804
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 009F0A08
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 009F0C0C
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 009F0E10
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009F01F8
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009F03FC
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 009F0600
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00E20804
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00E20A08
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00E20600
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00E201F8
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00E203FC
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00E31014
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00E30804
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00E30A08
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00E30C0C
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00E30E10
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00E301F8
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00E303FC
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00E30600
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[3848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[3848] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[3848] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Michele Acampora\Desktop\rggy0cfq.exe[3944] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Michele Acampora\Desktop\rggy0cfq.exe[3944] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\Michele Acampora\Local Settings\Temporary Internet Files\Content.IE5\J8JLDNS4\clients[1].txt 1 bytes
---- EOF - GMER 1.0.15 -
Jack&Jill
2012-11-27, 12:54
Hello Michelea1976 :),
No worries about the timing as long as you do not disappear all of a sudden.
Care to share with me what you used these programs for?
EzMessenger
Michele's Ledger
--------------------
RogueKiller in action
Please rerun RogueKiller. Try a few times if it does not run.
Click on Scan.
Go to the Registry tab and uncheck (untick) the following:
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
Click Delete.
Get the result via the Report button and post back the contents of the log.
--------------------
Please download TDSSKiller© from Kaspersky and save it to your desktop. Click here. (http://support.kaspersky.com/downloads/utils/tdsskiller.exe)
Alternatively, you may get the zip version (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract the file to the desktop.
Double click on TDSSKiller.exe to execute it.
Click on Change parameters, then check (tick) Verify driver digital signatures and Detect TDLFS file system.
Click OK and press Start scan to begin.
If anything is found, please change all the actions to Skip only. <-- Important, please select Skip only, DO NOT proceed other actions.
Then click on Continue at the lower right corner.
You may be prompted to reboot your computer, please consent.
Once complete, a log will be produced at C:\. It will be named TDSSKiller.Version_Date_Time_log.txt, for example, C:\TDSSKiller.2.4.12.0_26.12.2010_23.12.11_log.txt.
Please post the contents of this log.
--------------------
Please download OTL© by OldTimer from one of the links below and save it to your desktop.
Link 1 (http://oldtimer.geekstogo.com/OTL.exe)
Link 2 (http://www.itxassociates.com/OT-Tools/OTL.exe)
Scan with OTL
Double click on OTL.exe to run it.
Make sure all the Use SafeList options is checked (selected). There are five of them.
Under the Modules section, please select No Company Name.
Check Scan All Users.
At the lower right corner, check LOP Check and Purity Check.
Click on Run Scan at the top left hand corner. This might take a while.
When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.
Note: These files are saved as OTL.txt and Extras.txt on the desktop.
--------------------
Please post back:
1. the answers to my questions on the programs
2. new RogueKiller log
3. TDSSKiller report
4. OTL logs
Michelea1976
2012-11-28, 01:10
Hello Jack&Jill,
I don't know what EZMessinger is, but the Michele's Ledger is a program a friend wrote for me to keep track of my expenses. I never used it, so I will uninstall it if you think it is interfering somehow. let me know if I should uninstall EzMessinger as well.
Rouge Killer:
RogueKiller V8.3.1 [Nov 26 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Michele Acampora [Admin rights]
Mode : Remove -- Date : 11/27/2012 18:00:34
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] RTHDCPL.EXE -- C:\WINDOWS\RTHDCPL.EXE -> KILLED [TermProc]
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> NOT SELECTED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED
¤¤¤ Particular Files / Folders: ¤¤¤
[Tr.Karagany][FOLDER] ROOT : C:\Documents and Settings\Michele Acampora\Application Data\Adobe\plugs --> REMOVED
[Tr.Karagany][FOLDER] ROOT : C:\Documents and Settings\Michele Acampora\Application Data\Adobe\shed --> REMOVED
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] dc78608618cbe0bc8e4e065f319ee4ac
[BSP] 6809cbf3405780c9b95bacf805a615ae : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 147581 Mo
1 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 302246910 | Size: 5004 Mo
2 - [XXXXXX] UNKNOWN (0xef) [VISIBLE] Offset (sectors): 312496380 | Size: 39 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] 2a077998b4f8079c339247a237313e36
[BSP] 6809cbf3405780c9b95bacf805a615ae : Windows XP MBR Code
Partition table:
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 147581 Mo
2 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 302246910 | Size: 5004 Mo
3 - [XXXXXX] UNKNOWN (0xef) [VISIBLE] Offset (sectors): 312496380 | Size: 39 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] 2a077998b4f8079c339247a237313e36
[BSP] 6809cbf3405780c9b95bacf805a615ae : Windows XP MBR Code
Partition table:
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 147581 Mo
2 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 302246910 | Size: 5004 Mo
3 - [XXXXXX] UNKNOWN (0xef) [VISIBLE] Offset (sectors): 312496380 | Size: 39 Mo
Finished : << RKreport[2]_D_11272012_02d1800.txt >>
RKreport[1]_S_11272012_02d1751.txt ; RKreport[2]_D_11272012_02d1800.txt
Michelea1976
2012-11-28, 01:11
18:02:25.0140 3072 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:02:25.0765 3072 ============================================================
18:02:25.0765 3072 Current date / time: 2012/11/27 18:02:25.0765
18:02:25.0765 3072 SystemInfo:
18:02:25.0765 3072
18:02:25.0765 3072 OS Version: 5.1.2600 ServicePack: 3.0
18:02:25.0765 3072 Product type: Workstation
18:02:25.0765 3072 ComputerName: MICHELE
18:02:25.0765 3072 UserName: Michele Acampora
18:02:25.0765 3072 Windows directory: C:\WINDOWS
18:02:25.0765 3072 System windows directory: C:\WINDOWS
18:02:25.0765 3072 Processor architecture: Intel x86
18:02:25.0765 3072 Number of processors: 2
18:02:25.0765 3072 Page size: 0x1000
18:02:25.0765 3072 Boot type: Normal boot
18:02:25.0765 3072 ============================================================
18:02:26.0968 3072 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:02:26.0968 3072 ============================================================
18:02:26.0968 3072 \Device\Harddisk0\DR0:
18:02:26.0968 3072 MBR partitions:
18:02:26.0968 3072 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1203EBBF
18:02:26.0968 3072 ============================================================
18:02:27.0015 3072 C: <-> \Device\Harddisk0\DR0\Partition1
18:02:27.0015 3072 ============================================================
18:02:27.0015 3072 Initialize success
18:02:27.0015 3072 ============================================================
18:03:27.0656 2736 ============================================================
18:03:27.0656 2736 Scan started
18:03:27.0656 2736 Mode: Manual; SigCheck; TDLFS;
18:03:27.0656 2736 ============================================================
18:03:28.0937 2736 ================ Scan system memory ========================
18:03:28.0953 2736 System memory - ok
18:03:28.0953 2736 ================ Scan services =============================
18:03:29.0156 2736 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
18:03:29.0562 2736 !SASCORE - ok
18:03:29.0718 2736 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
18:03:29.0875 2736 Aavmker4 - ok
18:03:29.0890 2736 Abiosdsk - ok
18:03:29.0890 2736 abp480n5 - ok
18:03:29.0937 2736 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:03:31.0250 2736 ACPI - ok
18:03:31.0296 2736 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:03:31.0562 2736 ACPIEC - ok
18:03:31.0671 2736 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:03:31.0734 2736 AdobeFlashPlayerUpdateSvc - ok
18:03:31.0750 2736 adpu160m - ok
18:03:31.0828 2736 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:03:32.0140 2736 aec - ok
18:03:32.0203 2736 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:03:32.0390 2736 AFD - ok
18:03:32.0406 2736 Aha154x - ok
18:03:32.0437 2736 aic78u2 - ok
18:03:32.0453 2736 aic78xx - ok
18:03:32.0500 2736 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:03:32.0875 2736 Alerter - ok
18:03:32.0921 2736 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
18:03:33.0062 2736 ALG - ok
18:03:33.0078 2736 AliIde - ok
18:03:33.0171 2736 [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
18:03:33.0468 2736 Ambfilt - ok
18:03:33.0468 2736 amsint - ok
18:03:33.0562 2736 [ 2E3E53A6AEF23E24F402C7855B9B1542 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:03:33.0609 2736 Apple Mobile Device - ok
18:03:33.0625 2736 AppMgmt - ok
18:03:33.0718 2736 [ E0EE769D14128014965E03B433F5F46E ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
18:03:33.0953 2736 AR5416 - ok
18:03:33.0968 2736 asc - ok
18:03:33.0984 2736 asc3350p - ok
18:03:34.0015 2736 asc3550 - ok
18:03:34.0187 2736 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:03:34.0281 2736 aspnet_state - ok
18:03:34.0343 2736 [ E67493490466B5F04B58C22D2590E8CA ] AsUpIO C:\WINDOWS\system32\drivers\AsUpIO.sys
18:03:34.0390 2736 AsUpIO - ok
18:03:34.0437 2736 [ 12415A4B61DED200FE9932B47A35FA42 ] AsusACPI C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
18:03:34.0546 2736 AsusACPI - ok
18:03:34.0609 2736 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
18:03:34.0671 2736 aswFsBlk - ok
18:03:34.0718 2736 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
18:03:34.0796 2736 aswMon2 - ok
18:03:34.0828 2736 [ 7C9F0A2AB17D52261A9252A2EB320884 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
18:03:34.0890 2736 aswRdr - ok
18:03:34.0968 2736 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
18:03:35.0078 2736 aswSnx - ok
18:03:35.0125 2736 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
18:03:35.0187 2736 aswSP - ok
18:03:35.0203 2736 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
18:03:35.0234 2736 aswTdi - ok
18:03:35.0343 2736 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:03:35.0625 2736 AsyncMac - ok
18:03:35.0656 2736 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
18:03:35.0984 2736 atapi - ok
18:03:35.0984 2736 Atdisk - ok
18:03:36.0031 2736 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:03:36.0296 2736 Atmarpc - ok
18:03:36.0359 2736 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:03:36.0625 2736 AudioSrv - ok
18:03:36.0671 2736 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:03:36.0953 2736 audstub - ok
18:03:37.0046 2736 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
18:03:37.0078 2736 avast! Antivirus - ok
18:03:37.0187 2736 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
18:03:37.0250 2736 BBSvc - ok
18:03:37.0328 2736 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files\Microsoft\BingBar\SeaPort.EXE
18:03:37.0390 2736 BBUpdate - ok
18:03:37.0437 2736 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:03:37.0765 2736 Beep - ok
18:03:37.0796 2736 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
18:03:38.0109 2736 BITS - ok
18:03:38.0171 2736 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:03:38.0218 2736 Bonjour Service - ok
18:03:38.0281 2736 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
18:03:38.0375 2736 Browser - ok
18:03:38.0390 2736 btaudio - ok
18:03:38.0406 2736 BTDriver - ok
18:03:38.0421 2736 BTWDNDIS - ok
18:03:38.0437 2736 btwhid - ok
18:03:38.0453 2736 BTWUSB - ok
18:03:38.0484 2736 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:03:38.0750 2736 cbidf2k - ok
18:03:38.0796 2736 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:03:39.0062 2736 CCDECODE - ok
18:03:39.0078 2736 cd20xrnt - ok
18:03:39.0125 2736 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:03:39.0390 2736 Cdaudio - ok
18:03:39.0421 2736 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:03:39.0671 2736 Cdfs - ok
18:03:39.0718 2736 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:03:39.0968 2736 Cdrom - ok
18:03:39.0984 2736 Changer - ok
18:03:40.0015 2736 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
18:03:40.0281 2736 CiSvc - ok
18:03:40.0296 2736 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:03:40.0562 2736 ClipSrv - ok
18:03:40.0609 2736 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:03:40.0718 2736 clr_optimization_v2.0.50727_32 - ok
18:03:40.0765 2736 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:03:41.0000 2736 CmBatt - ok
18:03:41.0015 2736 CmdIde - ok
18:03:41.0046 2736 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:03:41.0312 2736 Compbatt - ok
18:03:41.0328 2736 COMSysApp - ok
18:03:41.0375 2736 Cpqarray - ok
18:03:41.0421 2736 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:03:41.0703 2736 CryptSvc - ok
18:03:41.0703 2736 dac2w2k - ok
18:03:41.0734 2736 dac960nt - ok
18:03:41.0781 2736 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:03:41.0937 2736 DcomLaunch - ok
18:03:42.0000 2736 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:03:42.0265 2736 Dhcp - ok
18:03:42.0343 2736 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:03:42.0656 2736 Disk - ok
18:03:42.0671 2736 dmadmin - ok
18:03:42.0734 2736 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:03:43.0062 2736 dmboot - ok
18:03:43.0093 2736 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:03:43.0359 2736 dmio - ok
18:03:43.0390 2736 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:03:43.0640 2736 dmload - ok
18:03:43.0671 2736 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:03:43.0937 2736 dmserver - ok
18:03:43.0984 2736 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:03:44.0218 2736 DMusic - ok
18:03:44.0406 2736 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:03:44.0546 2736 Dnscache - ok
18:03:44.0593 2736 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:03:44.0843 2736 Dot3svc - ok
18:03:44.0859 2736 dpti2o - ok
18:03:44.0906 2736 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:03:45.0140 2736 drmkaud - ok
18:03:45.0187 2736 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:03:46.0109 2736 EapHost - ok
18:03:46.0156 2736 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:03:46.0437 2736 ERSvc - ok
18:03:46.0593 2736 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
18:03:46.0687 2736 Eventlog - ok
18:03:46.0718 2736 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
18:03:46.0843 2736 EventSystem - ok
18:03:46.0906 2736 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:03:47.0171 2736 Fastfat - ok
18:03:47.0265 2736 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:03:47.0375 2736 FastUserSwitchingCompatibility - ok
18:03:47.0437 2736 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
18:03:47.0718 2736 Fdc - ok
18:03:47.0765 2736 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:03:48.0109 2736 Fips - ok
18:03:48.0140 2736 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
18:03:48.0390 2736 Flpydisk - ok
18:03:48.0453 2736 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:03:48.0734 2736 FltMgr - ok
18:03:48.0812 2736 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:03:48.0859 2736 FontCache3.0.0.0 - ok
18:03:48.0906 2736 [ C6EE3A87FE609D3E1DB9DBD072A248DE ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
18:03:48.0953 2736 fssfltr - ok
18:03:49.0046 2736 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
18:03:49.0140 2736 fsssvc - ok
18:03:49.0187 2736 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:03:49.0593 2736 Fs_Rec - ok
18:03:49.0656 2736 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:03:49.0937 2736 Ftdisk - ok
18:03:49.0968 2736 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:03:50.0015 2736 GEARAspiWDM - ok
18:03:50.0046 2736 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:03:50.0359 2736 Gpc - ok
18:03:50.0468 2736 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:03:50.0515 2736 gupdate - ok
18:03:50.0531 2736 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:03:50.0562 2736 gupdatem - ok
18:03:50.0609 2736 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:03:50.0656 2736 gusvc - ok
18:03:50.0703 2736 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:03:50.0984 2736 HDAudBus - ok
18:03:51.0078 2736 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:03:51.0421 2736 helpsvc - ok
18:03:51.0453 2736 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
18:03:51.0718 2736 HidServ - ok
18:03:51.0765 2736 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:03:52.0031 2736 HidUsb - ok
18:03:52.0062 2736 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:03:52.0328 2736 hkmsvc - ok
18:03:52.0343 2736 hpn - ok
18:03:52.0406 2736 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:03:52.0468 2736 HTTP - ok
18:03:52.0515 2736 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:03:52.0781 2736 HTTPFilter - ok
18:03:52.0796 2736 i2omgmt - ok
18:03:52.0828 2736 i2omp - ok
18:03:52.0875 2736 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:03:53.0140 2736 i8042prt - ok
18:03:53.0390 2736 [ 0F68E2EC713F132FFB19E45415B09679 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:03:54.0062 2736 ialm - ok
18:03:54.0140 2736 [ 8EF427C54497C5F8A7A645990E4278C7 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
18:03:54.0187 2736 iaStor - ok
18:03:54.0343 2736 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:03:54.0531 2736 idsvc - ok
18:03:54.0625 2736 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:03:54.0890 2736 Imapi - ok
18:03:54.0937 2736 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:03:55.0203 2736 ImapiService - ok
18:03:55.0234 2736 ini910u - ok
18:03:55.0453 2736 [ 9037C8BD3E896D7F2803A171FDEAEEF4 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:03:56.0062 2736 IntcAzAudAddService - ok
18:03:56.0093 2736 IntelIde - ok
18:03:56.0140 2736 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:03:56.0437 2736 intelppm - ok
18:03:56.0468 2736 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:03:56.0734 2736 Ip6Fw - ok
18:03:56.0765 2736 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:03:57.0046 2736 IpFilterDriver - ok
18:03:57.0046 2736 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:03:57.0296 2736 IpInIp - ok
18:03:57.0375 2736 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:03:57.0703 2736 IpNat - ok
18:03:57.0765 2736 [ 8F610078437A459948480407F4DB91EA ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:03:57.0828 2736 iPod Service - ok
18:03:57.0859 2736 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:03:58.0156 2736 IPSec - ok
18:03:58.0187 2736 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:03:58.0312 2736 IRENUM - ok
18:03:58.0406 2736 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:03:58.0671 2736 isapnp - ok
18:03:58.0765 2736 [ 9DBA73C2F1E76EC4CB837E67C5743596 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
18:03:58.0812 2736 JavaQuickStarterService - ok
18:03:58.0875 2736 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:03:59.0140 2736 Kbdclass - ok
18:03:59.0156 2736 [ 7F2B8D0B31FB4A797E5786EF124C5A80 ] kbfiltr C:\WINDOWS\system32\DRIVERS\kbfiltr.sys
18:03:59.0203 2736 kbfiltr - ok
18:03:59.0234 2736 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:03:59.0515 2736 kmixer - ok
18:03:59.0578 2736 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:03:59.0703 2736 KSecDD - ok
18:03:59.0750 2736 [ 6C8658587E91EA25B0FD2E71781AD228 ] L1c C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
18:03:59.0859 2736 L1c - ok
18:03:59.0921 2736 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
18:04:00.0046 2736 LanmanServer - ok
18:04:00.0109 2736 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:04:00.0296 2736 lanmanworkstation - ok
18:04:00.0312 2736 lbrtfdc - ok
18:04:00.0437 2736 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:04:00.0828 2736 LmHosts - ok
18:04:00.0859 2736 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:04:01.0125 2736 Messenger - ok
18:04:01.0171 2736 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:04:01.0437 2736 mnmdd - ok
18:04:01.0453 2736 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
18:04:01.0734 2736 mnmsrvc - ok
18:04:01.0765 2736 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:04:02.0015 2736 Modem - ok
18:04:02.0078 2736 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
18:04:02.0281 2736 Monfilt - ok
18:04:02.0359 2736 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:04:02.0671 2736 Mouclass - ok
18:04:02.0703 2736 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:04:02.0984 2736 mouhid - ok
18:04:03.0015 2736 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:04:03.0281 2736 MountMgr - ok
18:04:03.0390 2736 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:04:03.0500 2736 MozillaMaintenance - ok
18:04:03.0515 2736 mraid35x - ok
18:04:03.0578 2736 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:04:03.0875 2736 MRxDAV - ok
18:04:03.0906 2736 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:04:04.0031 2736 MRxSmb - ok
18:04:04.0062 2736 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
18:04:04.0312 2736 MSDTC - ok
18:04:04.0406 2736 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:04:04.0671 2736 Msfs - ok
18:04:04.0687 2736 MSIServer - ok
18:04:04.0734 2736 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:04:04.0984 2736 MSKSSRV - ok
18:04:05.0000 2736 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:04:05.0250 2736 MSPCLOCK - ok
18:04:05.0265 2736 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:04:05.0531 2736 MSPQM - ok
18:04:05.0578 2736 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:04:05.0843 2736 mssmbios - ok
18:04:05.0859 2736 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
18:04:06.0109 2736 MSTEE - ok
18:04:06.0156 2736 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:04:06.0250 2736 Mup - ok
18:04:06.0265 2736 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:04:06.0546 2736 NABTSFEC - ok
18:04:06.0593 2736 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
18:04:07.0109 2736 napagent - ok
18:04:07.0140 2736 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:04:07.0390 2736 NDIS - ok
18:04:07.0421 2736 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:04:07.0671 2736 NdisIP - ok
18:04:07.0718 2736 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:04:07.0812 2736 NdisTapi - ok
18:04:07.0859 2736 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:04:08.0109 2736 Ndisuio - ok
18:04:08.0125 2736 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:04:08.0390 2736 NdisWan - ok
18:04:08.0453 2736 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:04:08.0515 2736 NDProxy - ok
18:04:08.0546 2736 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:04:08.0812 2736 NetBIOS - ok
18:04:08.0859 2736 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:04:09.0156 2736 NetBT - ok
18:04:09.0171 2736 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
18:04:09.0453 2736 NetDDE - ok
18:04:09.0468 2736 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:04:09.0718 2736 NetDDEdsdm - ok
18:04:09.0765 2736 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:04:10.0046 2736 Netlogon - ok
18:04:10.0093 2736 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
18:04:10.0390 2736 Netman - ok
18:04:10.0437 2736 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:04:10.0484 2736 NetTcpPortSharing - ok
18:04:10.0500 2736 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
18:04:10.0593 2736 Nla - ok
18:04:10.0640 2736 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:04:10.0921 2736 Npfs - ok
18:04:10.0984 2736 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:04:11.0265 2736 Ntfs - ok
18:04:11.0296 2736 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
18:04:11.0546 2736 NtLmSsp - ok
18:04:11.0578 2736 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:04:11.0859 2736 NtmsSvc - ok
18:04:11.0906 2736 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
18:04:12.0171 2736 Null - ok
18:04:12.0203 2736 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:04:12.0453 2736 NwlnkFlt - ok
18:04:12.0468 2736 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:04:12.0734 2736 NwlnkFwd - ok
18:04:12.0828 2736 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:04:12.0906 2736 odserv - ok
18:04:12.0984 2736 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:04:13.0015 2736 ose - ok
18:04:13.0421 2736 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:04:14.0000 2736 osppsvc - ok
18:04:14.0046 2736 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
18:04:14.0296 2736 Parport - ok
18:04:14.0421 2736 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:04:14.0703 2736 PartMgr - ok
18:04:14.0750 2736 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:04:14.0984 2736 ParVdm - ok
18:04:15.0015 2736 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:04:15.0281 2736 PCI - ok
18:04:15.0296 2736 PCIDump - ok
18:04:15.0312 2736 PCIIde - ok
18:04:15.0375 2736 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:04:15.0640 2736 Pcmcia - ok
18:04:15.0656 2736 PDCOMP - ok
18:04:15.0671 2736 PDFRAME - ok
18:04:15.0687 2736 PDRELI - ok
18:04:15.0703 2736 PDRFRAME - ok
18:04:15.0718 2736 perc2 - ok
18:04:15.0734 2736 perc2hib - ok
18:04:16.0015 2736 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
18:04:16.0109 2736 PlugPlay - ok
18:04:16.0109 2736 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:04:16.0390 2736 PolicyAgent - ok
18:04:16.0453 2736 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:04:16.0750 2736 PptpMiniport - ok
18:04:16.0765 2736 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:04:17.0015 2736 ProtectedStorage - ok
18:04:17.0031 2736 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:04:17.0265 2736 PSched - ok
18:04:17.0281 2736 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:04:17.0578 2736 Ptilink - ok
18:04:17.0593 2736 ql1080 - ok
18:04:17.0609 2736 Ql10wnt - ok
18:04:17.0625 2736 ql12160 - ok
18:04:17.0640 2736 ql1240 - ok
18:04:17.0656 2736 ql1280 - ok
18:04:17.0703 2736 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:04:17.0937 2736 RasAcd - ok
18:04:17.0968 2736 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:04:18.0250 2736 RasAuto - ok
18:04:18.0359 2736 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:04:18.0609 2736 Rasl2tp - ok
18:04:18.0640 2736 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:04:18.0953 2736 RasMan - ok
18:04:18.0968 2736 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:04:19.0203 2736 RasPppoe - ok
18:04:19.0218 2736 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:04:19.0484 2736 Raspti - ok
18:04:19.0515 2736 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:04:19.0765 2736 Rdbss - ok
18:04:19.0796 2736 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:04:20.0062 2736 RDPCDD - ok
18:04:20.0125 2736 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:04:20.0265 2736 RDPWD - ok
18:04:20.0390 2736 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:04:20.0687 2736 RDSessMgr - ok
18:04:20.0734 2736 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:04:21.0015 2736 redbook - ok
18:04:21.0062 2736 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:04:21.0312 2736 RemoteAccess - ok
18:04:21.0343 2736 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
18:04:21.0609 2736 RpcLocator - ok
18:04:21.0656 2736 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
18:04:21.0750 2736 RpcSs - ok
18:04:21.0781 2736 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
18:04:22.0062 2736 RSVP - ok
18:04:22.0093 2736 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
18:04:22.0359 2736 SamSs - ok
18:04:22.0453 2736 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:04:22.0515 2736 SASDIFSV - ok
18:04:22.0546 2736 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:04:22.0578 2736 SASKUTIL - ok
18:04:22.0625 2736 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:04:22.0921 2736 SCardSvr - ok
18:04:22.0984 2736 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:04:23.0312 2736 Schedule - ok
18:04:23.0500 2736 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
18:04:23.0656 2736 SDScannerService - ok
18:04:23.0718 2736 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
18:04:23.0875 2736 SDUpdateService - ok
18:04:23.0906 2736 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
18:04:23.0953 2736 SDWSCService - ok
18:04:24.0000 2736 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:04:24.0125 2736 Secdrv - ok
18:04:24.0171 2736 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:04:24.0421 2736 seclogon - ok
18:04:24.0468 2736 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
18:04:24.0765 2736 SENS - ok
18:04:24.0781 2736 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
18:04:25.0031 2736 Serial - ok
18:04:25.0093 2736 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
18:04:25.0375 2736 Sfloppy - ok
18:04:25.0406 2736 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:04:25.0671 2736 SharedAccess - ok
18:04:25.0718 2736 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:04:25.0781 2736 ShellHWDetection - ok
18:04:25.0796 2736 Simbad - ok
18:04:25.0859 2736 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
18:04:25.0906 2736 SkypeUpdate - ok
18:04:25.0921 2736 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:04:26.0171 2736 SLIP - ok
18:04:26.0281 2736 [ 473F35E2A378B854731E67C377A3BEA7 ] SNP2UVC C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
18:04:26.0468 2736 SNP2UVC - ok
18:04:26.0484 2736 Sparrow - ok
18:04:26.0562 2736 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:04:26.0875 2736 splitter - ok
18:04:26.0921 2736 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:04:27.0046 2736 Spooler - ok
18:04:27.0109 2736 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:04:27.0250 2736 sr - ok
18:04:27.0281 2736 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
18:04:27.0406 2736 srservice - ok
18:04:27.0468 2736 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:04:27.0609 2736 Srv - ok
18:04:27.0671 2736 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:04:27.0843 2736 SSDPSRV - ok
18:04:27.0906 2736 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:04:28.0312 2736 stisvc - ok
18:04:28.0343 2736 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:04:28.0625 2736 streamip - ok
18:04:28.0656 2736 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:04:28.0890 2736 swenum - ok
18:04:28.0921 2736 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:04:29.0171 2736 swmidi - ok
18:04:29.0187 2736 SwPrv - ok
18:04:29.0203 2736 symc810 - ok
18:04:29.0218 2736 symc8xx - ok
18:04:29.0234 2736 sym_hi - ok
18:04:29.0250 2736 sym_u3 - ok
18:04:29.0343 2736 [ 8E25A1DBB8527B2074AF9B682F818768 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
18:04:29.0390 2736 SynTP - ok
18:04:29.0421 2736 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:04:29.0671 2736 sysaudio - ok
18:04:29.0718 2736 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:04:29.0984 2736 SysmonLog - ok
18:04:30.0046 2736 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:04:30.0343 2736 TapiSrv - ok
18:04:30.0406 2736 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:04:30.0468 2736 Tcpip - ok
18:04:30.0515 2736 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:04:30.0765 2736 TDPIPE - ok
18:04:30.0796 2736 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:04:31.0062 2736 TDTCP - ok
18:04:31.0109 2736 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:04:31.0359 2736 TermDD - ok
18:04:31.0390 2736 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
18:04:31.0687 2736 TermService - ok
18:04:31.0718 2736 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
18:04:31.0796 2736 Themes - ok
18:04:31.0828 2736 TosIde - ok
18:04:31.0875 2736 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:04:32.0171 2736 TrkWks - ok
18:04:32.0203 2736 [ 2AA8F32C3DA1E7BC11669E3E72BFF1A5 ] TrueSight C:\WINDOWS\system32\drivers\TrueSight.sys
18:04:32.0250 2736 TrueSight ( UnsignedFile.Multi.Generic ) - warning
18:04:32.0250 2736 TrueSight - detected UnsignedFile.Multi.Generic (1)
18:04:32.0296 2736 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:04:32.0625 2736 Udfs - ok
18:04:32.0625 2736 ultra - ok
18:04:32.0703 2736 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:04:33.0015 2736 Update - ok
18:04:33.0046 2736 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
18:04:33.0187 2736 upnphost - ok
18:04:33.0218 2736 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
18:04:33.0578 2736 UPS - ok
18:04:33.0625 2736 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:04:33.0890 2736 usbccgp - ok
18:04:33.0937 2736 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:04:34.0203 2736 usbehci - ok
18:04:34.0234 2736 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:04:34.0531 2736 usbhub - ok
18:04:34.0562 2736 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:04:34.0812 2736 usbstor - ok
18:04:34.0859 2736 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:04:35.0125 2736 usbuhci - ok
18:04:35.0156 2736 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
18:04:35.0406 2736 usbvideo - ok
18:04:35.0437 2736 [ C019889035CDC1A06F2FEBC93CBB6897 ] uvclf C:\WINDOWS\system32\DRIVERS\uvclf.sys
18:04:35.0500 2736 uvclf - ok
18:04:35.0531 2736 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:04:35.0781 2736 VgaSave - ok
18:04:35.0781 2736 ViaIde - ok
18:04:35.0843 2736 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:04:36.0109 2736 VolSnap - ok
18:04:36.0156 2736 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
18:04:36.0296 2736 VSS - ok
18:04:36.0359 2736 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
18:04:36.0640 2736 W32Time - ok
18:04:36.0671 2736 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:04:36.0968 2736 Wanarp - ok
18:04:37.0015 2736 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
18:04:37.0093 2736 Wdf01000 - ok
18:04:37.0109 2736 WDICA - ok
18:04:37.0140 2736 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:04:37.0390 2736 wdmaud - ok
18:04:37.0453 2736 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:04:37.0734 2736 WebClient - ok
18:04:37.0828 2736 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:04:38.0109 2736 winmgmt - ok
18:04:38.0171 2736 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
18:04:38.0281 2736 WmdmPmSN - ok
18:04:38.0390 2736 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:04:38.0656 2736 WmiApSrv - ok
18:04:38.0750 2736 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
18:04:38.0875 2736 WMPNetworkSvc - ok
18:04:38.0937 2736 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:04:39.0281 2736 wscsvc - ok
18:04:39.0343 2736 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:04:39.0640 2736 WSTCODEC - ok
18:04:39.0687 2736 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:04:39.0968 2736 wuauserv - ok
18:04:40.0000 2736 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:04:40.0093 2736 WudfPf - ok
18:04:40.0109 2736 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:04:40.0171 2736 WudfRd - ok
18:04:40.0203 2736 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
18:04:40.0281 2736 WudfSvc - ok
18:04:40.0343 2736 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:04:40.0687 2736 WZCSVC - ok
18:04:40.0734 2736 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:04:41.0015 2736 xmlprov - ok
18:04:41.0046 2736 ================ Scan global ===============================
18:04:41.0078 2736 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
18:04:41.0140 2736 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:04:41.0218 2736 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:04:41.0281 2736 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
18:04:41.0312 2736 [Global] - ok
18:04:41.0312 2736 ================ Scan MBR ==================================
18:04:41.0312 2736 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:04:41.0312 2736 Suspicious mbr (Forged): \Device\Harddisk0\DR0
18:04:41.0406 2736 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
18:04:41.0406 2736 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
18:04:41.0468 2736 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:04:41.0468 2736 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:04:41.0468 2736 ================ Scan VBR ==================================
18:04:41.0515 2736 [ B055A910E0D627B4724382EDCA5AF673 ] \Device\Harddisk0\DR0\Partition1
18:04:41.0515 2736 \Device\Harddisk0\DR0\Partition1 - ok
18:04:41.0515 2736 ============================================================
18:04:41.0515 2736 Scan finished
18:04:41.0515 2736 ============================================================
18:04:41.0656 3460 Detected object count: 3
18:04:41.0656 3460 Actual detected object count: 3
18:09:09.0906 3460 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:09.0906 3460 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:09.0906 3460 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user
18:09:09.0906 3460 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip
18:09:09.0921 3460 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:09:09.0921 3460 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
Michelea1976
2012-11-28, 02:00
OTL logfile created on: 11/27/2012 6:14:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Michele Acampora\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1015.17 Mb Total Physical Memory | 379.97 Mb Available Physical Memory | 37.43% Memory free
2.40 Gb Paging File | 1.84 Gb Available in Paging File | 76.91% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.12 Gb Total Space | 47.51 Gb Free Space | 32.96% Space Free | Partition Type: NTFS
Computer Name: MICHELE | User Name: Michele Acampora | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/11/27 18:13:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michele Acampora\Desktop\OTL.exe
PRC - [2012/11/27 18:02:14 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michele Acampora\Desktop\tdsskiller.exe
PRC - [2012/11/18 20:38:00 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/11/13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012/11/13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/10/28 09:08:00 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/29 22:22:23 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/04/08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/01/29 10:18:52 | 000,751,592 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
PRC - [2009/12/29 18:28:14 | 000,104,960 | ---- | M] () -- C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
PRC - [2009/12/11 23:14:58 | 000,994,216 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
PRC - [2009/06/26 16:13:00 | 000,118,784 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsTray.exe
PRC - [2009/05/08 19:54:20 | 000,098,304 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsEPCMon.exe
PRC - [2009/04/30 13:49:42 | 000,385,024 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2012/11/27 13:01:24 | 002,034,176 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12112701\algo.dll
MOD - [2012/11/27 03:19:43 | 002,034,176 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12112700\algo.dll
MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/10/28 09:07:57 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/08/23 09:38:24 | 000,574,840 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2010/06/03 12:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/01/29 10:23:40 | 000,161,768 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\Enumeration.dll
MOD - [2010/01/29 10:18:52 | 000,751,592 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
MOD - [2010/01/29 10:17:26 | 000,120,808 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\ClientSocket.dll
MOD - [2009/12/29 18:28:14 | 000,104,960 | ---- | M] () -- C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
MOD - [2009/08/27 19:29:08 | 000,182,240 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\Parser.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/11/18 20:38:00 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/10/28 09:07:58 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/08 21:47:47 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btwusb.sys -- (BTWUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwhid.sys -- (btwhid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btaudio.sys -- (btaudio)
DRV - [2012/11/18 20:37:53 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2012/11/18 20:37:53 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2012/10/30 18:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 18:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 18:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 18:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/10/30 18:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/30 18:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/10/30 18:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/08/06 01:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/07/06 09:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009/04/27 06:26:44 | 005,074,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2009/03/14 02:05:26 | 001,528,928 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/13 19:32:18 | 001,759,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2009/03/02 00:03:48 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2008/11/19 04:21:28 | 000,039,040 | ---- | M] (GenesysLogic Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uvclf.sys -- (uvclf)
DRV - [2008/11/03 18:03:28 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008/08/05 07:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/08 21:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2006/01/04 02:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2187696690-1671407227-2517261909-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2187696690-1671407227-2517261909-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2187696690-1671407227-2517261909-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKU\S-1-5-21-2187696690-1671407227-2517261909-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.3.37: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.3.37: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.3.37: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.3.37: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.3.37: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/29 22:23:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/11/19 06:11:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/28 09:08:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2011/05/10 22:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michele Acampora\Application Data\Mozilla\Extensions
[2012/11/24 21:33:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michele Acampora\Application Data\Mozilla\Firefox\Profiles\01tzrdl6.default\extensions
[2012/11/24 21:33:56 | 000,804,627 | ---- | M] () (No name found) -- C:\Documents and Settings\Michele Acampora\Application Data\Mozilla\Firefox\Profiles\01tzrdl6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/28 09:07:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/25 00:26:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/05/29 11:38:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/10/28 09:08:00 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/14 20:01:07 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/12 03:27:50 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-2187696690-1671407227-2517261909-1006\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-2187696690-1671407227-2517261909-1006..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2187696690-1671407227-2517261909-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://cbia.webex.com/client/WBXclient-T27L10NSP25EP11-14378/event/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7896FF03-9763-4ED2-BF51-E8095EF9E354}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Michele Acampora\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michele Acampora\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/06 20:20:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/11/27 18:13:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michele Acampora\Desktop\OTL.exe
[2012/11/27 18:02:13 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michele Acampora\Desktop\tdsskiller.exe
[2012/11/26 18:20:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele Acampora\Desktop\RK_Quarantine
[2012/11/26 18:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele Acampora\Desktop\Scans and Logs for anti-malware programs
[2012/11/24 19:21:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michele Acampora\Recent
[2012/11/19 20:00:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele Acampora\My Documents\ProcAlyzer Dumps
[2012/11/19 18:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/11/19 18:42:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2012/11/19 18:42:14 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2012/11/19 18:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2012/11/19 17:51:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Michele Acampora\Start Menu\Programs\Administrative Tools
[2012/11/19 17:49:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/11/19 17:49:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/11/19 17:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/11/14 13:25:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Michele Acampora\My Documents\cache
[2012/11/14 13:25:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele Acampora\Application Data\webex
[2012/11/10 23:28:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele Acampora\Desktop\FLASH DRIVE CONTENTS
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/11/27 18:13:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michele Acampora\Desktop\OTL.exe
[2012/11/27 18:12:07 | 000,000,318 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/11/27 18:02:14 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michele Acampora\Desktop\tdsskiller.exe
[2012/11/27 17:47:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/27 17:46:05 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/27 07:23:56 | 000,442,490 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/27 07:23:56 | 000,072,276 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/27 07:20:15 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2187696690-1671407227-2517261909-1006.job
[2012/11/27 07:19:57 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2187696690-1671407227-2517261909-1006.job
[2012/11/27 07:19:12 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/27 07:19:11 | 000,000,620 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/11/27 07:18:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/26 22:01:01 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Michele Acampora\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/26 19:18:00 | 000,117,844 | ---- | M] () -- C:\Documents and Settings\Michele Acampora\Desktop\Document.rtf
[2012/11/26 18:34:19 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Michele Acampora\Desktop\rggy0cfq.exe
[2012/11/26 18:19:58 | 000,752,128 | ---- | M] () -- C:\Documents and Settings\Michele Acampora\Desktop\RogueKiller.exe
[2012/11/19 20:02:20 | 000,000,245 | RHS- | M] () -- C:\boot.ini
[2012/11/19 18:42:50 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/11/19 18:42:50 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/11/19 18:42:34 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\Michele Acampora\Desktop\Spybot-S&D Start Center.lnk
[2012/11/19 18:26:27 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Michele Acampora\Desktop\MBR.dat
[2012/11/19 17:49:00 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Michele Acampora\Desktop\ERUNT.lnk
[2012/11/19 06:12:04 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/11/14 04:39:46 | 000,347,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/10/30 18:51:58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/10/30 18:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/10/30 18:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/10/30 18:51:58 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/10/30 18:51:57 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/10/30 18:51:57 | 000,089,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/10/30 18:51:56 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/10/30 18:51:56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/10/30 18:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/10/30 18:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/11/26 19:18:00 | 000,117,844 | ---- | C] () -- C:\Documents and Settings\Michele Acampora\Desktop\Document.rtf
[2012/11/26 18:34:19 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Michele Acampora\Desktop\rggy0cfq.exe
[2012/11/26 18:19:57 | 000,752,128 | ---- | C] () -- C:\Documents and Settings\Michele Acampora\Desktop\RogueKiller.exe
[2012/11/19 18:42:49 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/11/19 18:42:48 | 000,000,620 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/11/19 18:42:48 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/11/19 18:42:34 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012/11/19 18:42:34 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\Michele Acampora\Desktop\Spybot-S&D Start Center.lnk
[2012/11/19 18:26:27 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Michele Acampora\Desktop\MBR.dat
[2012/11/19 17:49:00 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Michele Acampora\Desktop\ERUNT.lnk
[2012/10/28 22:15:34 | 000,000,318 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/02/16 12:23:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/02 20:23:43 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Michele Acampora\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/10 23:35:33 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/06/25 21:38:21 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/05/28 19:16:16 | 000,078,328 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/05/16 11:25:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/10 22:34:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/04 22:58:49 | 000,008,338 | ---- | C] () -- C:\Documents and Settings\Michele Acampora\Application Data\wklnhst.dat
========== ZeroAccess Check ==========
[2010/01/07 13:55:55 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/09/25 00:37:10 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2010/08/13 16:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/24 03:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EBI
[2011/06/25 14:15:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hM24902IeGaL24902
[2010/01/07 13:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver
[2010/05/24 03:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RSMR
[2010/06/25 16:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/26 08:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele Acampora\Application Data\Asus
[2010/08/15 22:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele Acampora\Application Data\Template
[2012/11/14 13:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele Acampora\Application Data\webex
========== Purity Check ==========
< End of report >
Michelea1976
2012-11-28, 02:03
OTL Extras logfile created on: 11/27/2012 6:14:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Michele Acampora\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1015.17 Mb Total Physical Memory | 379.97 Mb Available Physical Memory | 37.43% Memory free
2.40 Gb Paging File | 1.84 Gb Available in Paging File | 76.91% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.12 Gb Total Space | 47.51 Gb Free Space | 32.96% Space Free | Partition Type: NTFS
Computer Name: MICHELE | User Name: Michele Acampora | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-2187696690-1671407227-2517261909-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{1D6F1E5D-6C4A-4BFC-8979-936CD8B94E97}" = Michele's Ledger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 26
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BEB27D1-0CBC-4B3D-8FE1-18CDDB74AED0}" = EeeSplendid
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = ASUS USB2.0 UVC VGA WebCam
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C72CA49A-9237-4810-8449-45DA3BD26D64}" = EzMessenger
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE26F10F-C80F-4377-908B-1B7882AE2CE3}" = Crystal Reports Basic Runtime for Visual Studio 2008
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D806E63B-0C11-4061-8DA9-1E980FB9A9EB}" = Data Sync
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon Kindle" = Amazon Kindle
"ASUS VIBE" = ASUS VIBE
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Eee Docking_is1" = Eee Docking 1.3.10.0
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Office14.SingleImage" = Microsoft Office Professional 2010
"Picasa 3" = Picasa 3
"RealPlayer 15.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veetle TV" = Veetle TV 0.9.17
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2187696690-1671407227-2517261909-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11/23/2012 6:44:40 AM | Computer Name = MICHELE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2031
Error - 11/23/2012 6:44:42 AM | Computer Name = MICHELE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 11/23/2012 6:44:42 AM | Computer Name = MICHELE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4109
Error - 11/23/2012 6:44:42 AM | Computer Name = MICHELE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4109
Error - 11/23/2012 6:44:45 AM | Computer Name = MICHELE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 11/23/2012 6:44:45 AM | Computer Name = MICHELE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6296
Error - 11/23/2012 6:44:45 AM | Computer Name = MICHELE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6296
Error - 11/23/2012 6:44:47 AM | Computer Name = MICHELE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 11/23/2012 6:44:47 AM | Computer Name = MICHELE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8546
Error - 11/23/2012 6:44:47 AM | Computer Name = MICHELE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8546
[ System Events ]
Error - 11/24/2012 8:14:40 PM | Computer Name = MICHELE | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
Error - 11/26/2012 6:58:32 PM | Computer Name = MICHELE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
Center Service service to connect.
Error - 11/26/2012 6:58:32 PM | Computer Name = MICHELE | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Security Center Service service failed to start due
to the following error: %%1053
Error - 11/26/2012 7:05:54 PM | Computer Name = MICHELE | Source = Service Control Manager | ID = 7031
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.
Error - 11/26/2012 8:19:37 PM | Computer Name = MICHELE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
Center Service service to connect.
Error - 11/26/2012 8:19:37 PM | Computer Name = MICHELE | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Security Center Service service failed to start due
to the following error: %%1053
Error - 11/26/2012 8:28:19 PM | Computer Name = MICHELE | Source = Service Control Manager | ID = 7031
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.
Error - 11/26/2012 9:02:18 PM | Computer Name = MICHELE | Source = Service Control Manager | ID = 7031
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.
Error - 11/27/2012 8:19:32 AM | Computer Name = MICHELE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
Center Service service to connect.
Error - 11/27/2012 8:19:32 AM | Computer Name = MICHELE | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Security Center Service service failed to start due
to the following error: %%1053
< End of report >
Jack&Jill
2012-11-28, 16:35
Hello Michelea1976 :),
As indicated by TDSSKiller, you are infected with Rootkit.Boot.Pihar.c which has backdoor capabilities. Personally, I would reformat my computer, but for your computer you need to make that decision.
Please read this regarding the concerns to help you decide:
Remote Access Infections ... (why you should repave) (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=60204)
If you wish to try cleaning, proceed below. Otherwise, stop and let me know.
--------------------
Please uninstall SUPERAntiSpyware as you already have Avast and Spybot. Having one too many antispyware may cause conflict or slow down the computer.
Please zip up this file as aswMBR.zip and attach it to your reply:
C:\Documents and Settings\Michele Acampora\Desktop\MBR.dat
--------------------
Please download GETxPUD and save it to your desktop. Click here. (http://noahdfear.net/downloads/GETxPUD.exe)
Double click on GETxPUD.exe to execute it. A new folder GETxPUD will be created on the desktop.
Go into the folder and run get&burn.bat. xpud_0.9.2.iso will be downloaded.
Upon completion of download, BurnCDCC will be initiated, ready for burning of image.
Click on Start and follow the prompts to burn the image to a CD.
In case there is the need to boot from the CD, please set up the BIOS to do so. Depending on the computer, the key that you need to press to enter BIOS may be different. It could be either F1, F2, F10, F12, DEL or ESC.
Tap the key repeatedly when the computer is booting. You can also try pressing the Pause/Break key to freeze the startup screen temporarily to identify which key should be used as it is usually displayed. To resume, press Enter.
If there is no issue with the steps so far, continue below. If you face any problem executing the instructions, please let me know.
--------------------
Please have these instructions handy (printed or written down) as you will not be able to see them on the computer when we go through them.
Collect offline MBR
Please download dumpit and save it to your USB drive. Click here (http://noahdfear.net/downloads/dumpit) (you may need to use right click and Save Target As...).
Please boot from the xPUD CD or USB that you created earlier by setting up the BIOS to do so. Depending on the computer, the key that you need to press to enter BIOS may be different. It could be either F1, F2, F10, F12, DEL or ESC.
Tap the key repeatedly when the computer is booting. You can also try pressing the Pause/Break key to freeze the startup screen temporarily to identify which key should be used as it is usually displayed. To resume, press Enter.
Follow the prompts.
A Welcome to xPUD screen will appear.
Press File.
Expand mnt.
Click on sdb1 (sdb1 represents the USB drive).
Double click on the dumpit file.
A black window will pop up and it will dump and zip the MBR to your USB drive. A log named sda0info.txt or similar will be created as well.
Press Enter to exit the black window.
Click on the Home tab and choose Power Off to turn off xPUD.
Reboot normally and attach mbr.zip from the USB in your reply. Please post the result of the log too.
--------------------
Please post back:
1. the initial MBR file, zipped and attached
2. mbr.zip and log from xPUD
Michelea1976
2012-11-29, 04:10
Hello Jack&Jill,
I am going to try and remove it, but didn't have time today. When I come home from work tomorrow, I will post the logs as you asked. I've been doing research on this virus and it seems like others have removed it without reformatting the hard drive, so I will try and remove it before I do a reformat on the computer.
Thanks!
Michele
Jack&Jill
2012-11-29, 05:37
Hello Michelea1976 :),
OK, post the results when you are ready.
Michelea1976
2012-11-30, 00:38
Hello, I had an issue when I got to GetXPUD because I don't have a CD burner on my little laptop. It is an Eee PC and is a netbook, so I can't burn anything using this computer. How do I proceed? Use a thumb drive?
Thanks!
Michele
Jack&Jill
2012-11-30, 00:50
Hello Michelea1976 :),
Here are the steps for setting up xPUD into USB instead of CD.
Please download UNetbootin and xPUD and save them to your desktop. Click here (http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe) and here (http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso).
Insert an empty formatted USB into the computer.
Double click on unetbootin-xpud-windows-xxx.exe to execute it, where xxx is the version number.
Select Diskimage, then click on ... to browse for the xpud-0.9.2.iso file.
Double click on the xpud-0.9.2.iso file and the path will appear at the installer.
Please verify Type: is USB Drive and the USB drive letter for your USB device is correct, then click OK.
A bootable xPUD will be written to the flash drive.
When done, click on Exit.
In case there is the need to boot from the USB device, please set up the BIOS to do so. Depending on the computer, the key that you need to press to enter BIOS may be different. It could be either F1, F2, F10, F12, DEL or ESC.
Tap the key repeatedly when the computer is booting. You can also try pressing the Pause/Break key to freeze the startup screen temporarily to identify which key should be used as it is usually displayed. To resume, press Enter.
Michelea1976
2012-11-30, 03:23
I got as far as putting the .iso file on the USB drive, and then the computer booted up. I tried pressing the Function keys you requested, tried pause/break key, esc and delete, but the only thing that came up was when I hit F8 and that's where you can boot normally or in Safemode. I didn't see anything you requested, so I booted normally. I did the dump into the USB drive, but that's where I think it didn't work because I did not get a screen that said "Welcome to XPud". I might have done something wrong with trying to get to the BIOS screen. Help! :sad:
Jack&Jill
2012-11-30, 17:28
Hello Michelea1976 :),
You need to set the bios to boot from USB.
The Asus support pages appear to suggest tapping F2 repeatedly while the netbook is booting up. Have you tried that?
Michelea1976
2012-12-01, 01:40
hello! thanks for being so patient with me. I found out I was not pressing F2 the instant I turned the computer on!
I have configured BIOS to have the USB drive for 1st boot.
I then let it go into Windows. But, it did not have a screen pop up saying "Welcome to XPud." I figured it could be one of two problems:
1. I have a password set up on Windows
2. I have to shut-down and restart.
I disabled my Windows password and restarted the computer.
That didn't work so I configured BIOS to re-boot from HDD because I couldn't connect to the internet.
I reformatted the USB drive and followed the steps to add the programs to the USB drive just in case I missed an earlier step.
So right now, this is how far I've gotten:
-- I have the Xpud files and Dumpit file on the USB Drive.
-- I have configured BIOS to 1st Boot from the USB Drive.
I still cannot get to the "Welcome to Xpud" screen. :-(
Jack&Jill
2012-12-01, 03:31
Hello Michelea1976 :),
We try another method, but before that, please zip up this file as aswMBR.zip and attach it to your reply:
C:\Documents and Settings\Michele Acampora\Desktop\MBR.dat
Michelea1976
2012-12-01, 03:41
Here is aswMBR.zip.
Thanks!
Jack&Jill
2012-12-01, 09:50
Hello Michelea1976 :),
Rerun TDSSKiller
Double click on TDSSKiller.exe to execute it.
Press Start scan to begin.
If any malicious objects are found, the default action will be Cure. If any suspicious objects are found, the default action will be Skip. In case Cure is not an option, please select Skip only and let me know what was the action prompted.
Then click on Continue at the lower right corner.
You may be prompted to reboot your computer, please consent.
Once complete, a log will be produced at C:\. It will be named TDSSKiller.Version_Date_Time_log.txt, for example, C:\TDSSKiller.2.4.12.0_26.12.2010_23.12.11_log.txt.
Please post the contents of this log.
If there are any Cure actions, please reboot the computer after the scan is finished.
--------------------
Please post back:
1. TDSSKiller log
Michelea1976
2012-12-03, 01:26
I think it might have worked..........here is the log. 2 logs were created, one when I first did TDSSKiller and then when it had me reboot, it did another scan and another log was created. I am giving you the latest log, so I hope this is good. I am connected to the internet and Avast is not blocking anything malicious. Computer seems to be running fine. Let me know if there are more scans to make sure I am completely virus free!! I can't believe this might have actually worked....
Michelea1976
2012-12-03, 01:31
It won't allow me to attach, so here is the log in this reply:
18:15:29.0718 2576 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:15:29.0765 2576 ============================================================
18:15:29.0765 2576 Current date / time: 2012/12/02 18:15:29.0765
18:15:29.0765 2576 SystemInfo:
18:15:29.0765 2576
18:15:29.0765 2576 OS Version: 5.1.2600 ServicePack: 3.0
18:15:29.0765 2576 Product type: Workstation
18:15:29.0765 2576 ComputerName: MICHELE
18:15:29.0765 2576 UserName: Michele Acampora
18:15:29.0765 2576 Windows directory: C:\WINDOWS
18:15:29.0765 2576 System windows directory: C:\WINDOWS
18:15:29.0765 2576 Processor architecture: Intel x86
18:15:29.0765 2576 Number of processors: 2
18:15:29.0765 2576 Page size: 0x1000
18:15:29.0765 2576 Boot type: Normal boot
18:15:29.0765 2576 ============================================================
18:15:34.0515 2576 BG loaded
18:15:45.0500 2576 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:15:45.0562 2576 ============================================================
18:15:45.0562 2576 \Device\Harddisk0\DR0:
18:15:45.0562 2576 MBR partitions:
18:15:45.0562 2576 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1203EBBF
18:15:45.0562 2576 ============================================================
18:15:45.0750 2576 C: <-> \Device\Harddisk0\DR0\Partition1
18:15:45.0796 2576 ============================================================
18:15:45.0796 2576 Initialize success
18:15:45.0796 2576 ============================================================
18:15:52.0281 2924 ============================================================
18:15:52.0281 2924 Scan started
18:15:52.0281 2924 Mode: Manual;
18:15:52.0281 2924 ============================================================
18:15:53.0687 2924 ================ Scan system memory ========================
18:15:53.0687 2924 System memory - ok
18:15:53.0703 2924 ================ Scan services =============================
18:15:54.0203 2924 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
18:15:54.0203 2924 !SASCORE - ok
18:15:55.0718 2924 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
18:15:55.0718 2924 Aavmker4 - ok
18:15:55.0781 2924 Abiosdsk - ok
18:15:55.0812 2924 abp480n5 - ok
18:15:55.0968 2924 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:15:55.0984 2924 ACPI - ok
18:15:56.0109 2924 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:15:56.0109 2924 ACPIEC - ok
18:15:56.0453 2924 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:15:56.0468 2924 AdobeFlashPlayerUpdateSvc - ok
18:15:56.0484 2924 adpu160m - ok
18:15:56.0703 2924 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:15:56.0703 2924 aec - ok
18:15:56.0812 2924 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:15:56.0812 2924 AFD - ok
18:15:56.0843 2924 Aha154x - ok
18:15:56.0875 2924 aic78u2 - ok
18:15:56.0890 2924 aic78xx - ok
18:15:57.0000 2924 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:15:57.0000 2924 Alerter - ok
18:15:57.0125 2924 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
18:15:57.0125 2924 ALG - ok
18:15:57.0140 2924 AliIde - ok
18:15:57.0437 2924 [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
18:15:57.0765 2924 Ambfilt - ok
18:15:57.0781 2924 amsint - ok
18:15:58.0140 2924 [ 2E3E53A6AEF23E24F402C7855B9B1542 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:15:58.0203 2924 Apple Mobile Device - ok
18:15:58.0218 2924 AppMgmt - ok
18:15:58.0656 2924 [ E0EE769D14128014965E03B433F5F46E ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
18:15:58.0687 2924 AR5416 - ok
18:15:58.0718 2924 asc - ok
18:15:58.0750 2924 asc3350p - ok
18:15:58.0765 2924 asc3550 - ok
18:15:59.0125 2924 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:15:59.0265 2924 aspnet_state - ok
18:15:59.0468 2924 [ E67493490466B5F04B58C22D2590E8CA ] AsUpIO C:\WINDOWS\system32\drivers\AsUpIO.sys
18:15:59.0484 2924 AsUpIO - ok
18:15:59.0828 2924 [ 12415A4B61DED200FE9932B47A35FA42 ] AsusACPI C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
18:15:59.0828 2924 AsusACPI - ok
18:15:59.0937 2924 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
18:15:59.0937 2924 aswFsBlk - ok
18:15:59.0968 2924 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
18:15:59.0968 2924 aswMon2 - ok
18:16:00.0031 2924 [ 7C9F0A2AB17D52261A9252A2EB320884 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
18:16:00.0031 2924 aswRdr - ok
18:16:00.0406 2924 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
18:16:00.0453 2924 aswSnx - ok
18:16:00.0578 2924 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
18:16:00.0593 2924 aswSP - ok
18:16:00.0671 2924 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
18:16:00.0671 2924 aswTdi - ok
18:16:00.0828 2924 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:16:00.0843 2924 AsyncMac - ok
18:16:00.0921 2924 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
18:16:00.0937 2924 atapi - ok
18:16:00.0953 2924 Atdisk - ok
18:16:01.0000 2924 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:16:01.0000 2924 Atmarpc - ok
18:16:01.0187 2924 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:16:01.0187 2924 AudioSrv - ok
18:16:01.0328 2924 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:16:01.0328 2924 audstub - ok
18:16:01.0859 2924 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
18:16:01.0937 2924 avast! Antivirus - ok
18:16:02.0296 2924 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
18:16:02.0312 2924 BBSvc - ok
18:16:02.0531 2924 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files\Microsoft\BingBar\SeaPort.EXE
18:16:02.0578 2924 BBUpdate - ok
18:16:02.0703 2924 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:16:02.0718 2924 Beep - ok
18:16:02.0875 2924 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
18:16:02.0937 2924 BITS - ok
18:16:03.0078 2924 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:16:03.0078 2924 Bonjour Service - ok
18:16:03.0187 2924 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
18:16:03.0203 2924 Browser - ok
18:16:03.0203 2924 btaudio - ok
18:16:03.0250 2924 BTDriver - ok
18:16:03.0265 2924 BTWDNDIS - ok
18:16:03.0296 2924 btwhid - ok
18:16:03.0312 2924 BTWUSB - ok
18:16:03.0359 2924 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:16:03.0375 2924 cbidf2k - ok
18:16:03.0546 2924 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:16:03.0562 2924 CCDECODE - ok
18:16:03.0562 2924 cd20xrnt - ok
18:16:03.0718 2924 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:16:03.0734 2924 Cdaudio - ok
18:16:03.0781 2924 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:16:03.0796 2924 Cdfs - ok
18:16:03.0859 2924 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:16:03.0875 2924 Cdrom - ok
18:16:03.0890 2924 Changer - ok
18:16:03.0984 2924 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
18:16:03.0984 2924 CiSvc - ok
18:16:04.0062 2924 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:16:04.0078 2924 ClipSrv - ok
18:16:04.0265 2924 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:16:04.0406 2924 clr_optimization_v2.0.50727_32 - ok
18:16:04.0593 2924 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:16:04.0593 2924 CmBatt - ok
18:16:04.0609 2924 CmdIde - ok
18:16:04.0640 2924 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:16:04.0656 2924 Compbatt - ok
18:16:04.0671 2924 COMSysApp - ok
18:16:04.0703 2924 Cpqarray - ok
18:16:05.0093 2924 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:16:05.0093 2924 CryptSvc - ok
18:16:05.0125 2924 dac2w2k - ok
18:16:05.0140 2924 dac960nt - ok
18:16:05.0687 2924 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:16:05.0703 2924 DcomLaunch - ok
18:16:05.0968 2924 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:16:05.0968 2924 Dhcp - ok
18:16:06.0031 2924 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:16:06.0046 2924 Disk - ok
18:16:06.0046 2924 dmadmin - ok
18:16:06.0375 2924 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:16:06.0515 2924 dmboot - ok
18:16:06.0609 2924 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:16:06.0796 2924 dmio - ok
18:16:06.0890 2924 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:16:06.0890 2924 dmload - ok
18:16:07.0000 2924 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:16:07.0000 2924 dmserver - ok
18:16:07.0234 2924 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:16:07.0250 2924 DMusic - ok
18:16:07.0375 2924 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:16:07.0375 2924 Dnscache - ok
18:16:07.0437 2924 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:16:07.0531 2924 Dot3svc - ok
18:16:07.0625 2924 dpti2o - ok
18:16:07.0687 2924 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:16:07.0703 2924 drmkaud - ok
18:16:07.0750 2924 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:16:07.0765 2924 EapHost - ok
18:16:07.0906 2924 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:16:07.0921 2924 ERSvc - ok
18:16:08.0031 2924 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
18:16:08.0046 2924 Eventlog - ok
18:16:08.0234 2924 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
18:16:08.0234 2924 EventSystem - ok
18:16:08.0375 2924 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:16:08.0375 2924 Fastfat - ok
18:16:08.0515 2924 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:16:08.0546 2924 FastUserSwitchingCompatibility - ok
18:16:08.0718 2924 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
18:16:08.0718 2924 Fdc - ok
18:16:08.0796 2924 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:16:08.0796 2924 Fips - ok
18:16:09.0078 2924 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
18:16:09.0093 2924 Flpydisk - ok
18:16:09.0265 2924 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:16:09.0296 2924 FltMgr - ok
18:16:09.0421 2924 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:16:09.0437 2924 FontCache3.0.0.0 - ok
18:16:09.0656 2924 [ C6EE3A87FE609D3E1DB9DBD072A248DE ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
18:16:09.0656 2924 fssfltr - ok
18:16:10.0265 2924 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
18:16:10.0796 2924 fsssvc - ok
18:16:10.0953 2924 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:16:10.0953 2924 Fs_Rec - ok
18:16:11.0187 2924 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:16:11.0203 2924 Ftdisk - ok
18:16:11.0437 2924 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:16:11.0437 2924 GEARAspiWDM - ok
18:16:11.0671 2924 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:16:11.0671 2924 Gpc - ok
18:16:12.0000 2924 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:16:12.0000 2924 gupdate - ok
18:16:12.0093 2924 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:16:12.0093 2924 gupdatem - ok
18:16:12.0484 2924 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:16:12.0484 2924 gusvc - ok
18:16:12.0656 2924 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:16:12.0656 2924 HDAudBus - ok
18:16:12.0906 2924 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:16:12.0906 2924 helpsvc - ok
18:16:13.0000 2924 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
18:16:13.0031 2924 HidServ - ok
18:16:13.0140 2924 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:16:13.0156 2924 HidUsb - ok
18:16:13.0265 2924 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:16:13.0281 2924 hkmsvc - ok
18:16:13.0296 2924 hpn - ok
18:16:13.0453 2924 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:16:13.0484 2924 HTTP - ok
18:16:13.0546 2924 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:16:13.0593 2924 HTTPFilter - ok
18:16:13.0609 2924 i2omgmt - ok
18:16:13.0625 2924 i2omp - ok
18:16:13.0796 2924 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:16:13.0796 2924 i8042prt - ok
18:16:14.0531 2924 [ 0F68E2EC713F132FFB19E45415B09679 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:16:14.0609 2924 ialm - ok
18:16:14.0843 2924 [ 8EF427C54497C5F8A7A645990E4278C7 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
18:16:14.0859 2924 iaStor - ok
18:16:15.0484 2924 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:16:15.0890 2924 idsvc - ok
18:16:16.0031 2924 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:16:16.0046 2924 Imapi - ok
18:16:16.0281 2924 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:16:16.0437 2924 ImapiService - ok
18:16:16.0453 2924 ini910u - ok
18:16:17.0359 2924 [ 9037C8BD3E896D7F2803A171FDEAEEF4 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:16:17.0468 2924 IntcAzAudAddService - ok
18:16:17.0484 2924 IntelIde - ok
18:16:17.0593 2924 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:16:17.0593 2924 intelppm - ok
18:16:17.0640 2924 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:16:17.0687 2924 Ip6Fw - ok
18:16:17.0750 2924 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:16:17.0781 2924 IpFilterDriver - ok
18:16:17.0828 2924 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:16:17.0843 2924 IpInIp - ok
18:16:18.0046 2924 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:16:18.0187 2924 IpNat - ok
18:16:18.0625 2924 [ 8F610078437A459948480407F4DB91EA ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:16:19.0750 2924 iPod Service - ok
18:16:19.0796 2924 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:16:19.0796 2924 IPSec - ok
18:16:19.0906 2924 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:16:19.0921 2924 IRENUM - ok
18:16:20.0015 2924 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:16:20.0031 2924 isapnp - ok
18:16:20.0515 2924 [ 9DBA73C2F1E76EC4CB837E67C5743596 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
18:16:20.0531 2924 JavaQuickStarterService - ok
18:16:20.0640 2924 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:16:20.0640 2924 Kbdclass - ok
18:16:20.0687 2924 [ 7F2B8D0B31FB4A797E5786EF124C5A80 ] kbfiltr C:\WINDOWS\system32\DRIVERS\kbfiltr.sys
18:16:20.0703 2924 kbfiltr - ok
18:16:20.0750 2924 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:16:20.0765 2924 kmixer - ok
18:16:20.0875 2924 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:16:20.0890 2924 KSecDD - ok
18:16:21.0000 2924 [ 6C8658587E91EA25B0FD2E71781AD228 ] L1c C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
18:16:21.0015 2924 L1c - ok
18:16:21.0125 2924 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
18:16:21.0171 2924 LanmanServer - ok
18:16:21.0312 2924 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:16:21.0343 2924 lanmanworkstation - ok
18:16:21.0359 2924 lbrtfdc - ok
18:16:21.0531 2924 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:16:21.0546 2924 LmHosts - ok
18:16:21.0593 2924 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:16:21.0625 2924 Messenger - ok
18:16:21.0765 2924 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:16:21.0781 2924 mnmdd - ok
18:16:21.0921 2924 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
18:16:21.0968 2924 mnmsrvc - ok
18:16:22.0031 2924 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:16:22.0031 2924 Modem - ok
18:16:22.0453 2924 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
18:16:22.0953 2924 Monfilt - ok
18:16:23.0093 2924 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:16:23.0093 2924 Mouclass - ok
18:16:23.0281 2924 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:16:23.0296 2924 mouhid - ok
18:16:23.0812 2924 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:16:23.0812 2924 MountMgr - ok
18:16:24.0000 2924 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:16:24.0015 2924 MozillaMaintenance - ok
18:16:24.0046 2924 mraid35x - ok
18:16:24.0187 2924 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:16:24.0187 2924 MRxDAV - ok
18:16:24.0343 2924 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:16:24.0359 2924 MRxSmb - ok
18:16:24.0406 2924 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
18:16:24.0437 2924 MSDTC - ok
18:16:24.0484 2924 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:16:24.0484 2924 Msfs - ok
18:16:24.0500 2924 MSIServer - ok
18:16:24.0546 2924 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:16:24.0562 2924 MSKSSRV - ok
18:16:24.0562 2924 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:16:24.0578 2924 MSPCLOCK - ok
18:16:24.0593 2924 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:16:24.0593 2924 MSPQM - ok
18:16:24.0656 2924 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:16:24.0656 2924 mssmbios - ok
18:16:24.0671 2924 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
18:16:24.0671 2924 MSTEE - ok
18:16:24.0734 2924 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:16:24.0734 2924 Mup - ok
18:16:24.0750 2924 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:16:24.0765 2924 NABTSFEC - ok
18:16:24.0859 2924 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
18:16:24.0906 2924 napagent - ok
18:16:24.0953 2924 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:16:24.0968 2924 NDIS - ok
18:16:24.0984 2924 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:16:24.0984 2924 NdisIP - ok
18:16:25.0078 2924 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:16:25.0078 2924 NdisTapi - ok
18:16:25.0171 2924 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:16:25.0187 2924 Ndisuio - ok
18:16:25.0203 2924 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:16:25.0203 2924 NdisWan - ok
18:16:25.0296 2924 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:16:25.0296 2924 NDProxy - ok
18:16:25.0406 2924 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:16:25.0406 2924 NetBIOS - ok
18:16:25.0515 2924 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:16:25.0531 2924 NetBT - ok
18:16:25.0578 2924 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
18:16:25.0593 2924 NetDDE - ok
18:16:25.0625 2924 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:16:25.0640 2924 NetDDEdsdm - ok
18:16:25.0687 2924 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:16:25.0703 2924 Netlogon - ok
18:16:25.0734 2924 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
18:16:25.0750 2924 Netman - ok
18:16:25.0828 2924 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:16:25.0828 2924 NetTcpPortSharing - ok
18:16:25.0890 2924 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
18:16:25.0906 2924 Nla - ok
18:16:26.0000 2924 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:16:26.0015 2924 Npfs - ok
18:16:26.0046 2924 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:16:26.0078 2924 Ntfs - ok
18:16:26.0093 2924 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
18:16:26.0109 2924 NtLmSsp - ok
18:16:26.0171 2924 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:16:26.0203 2924 NtmsSvc - ok
18:16:26.0265 2924 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
18:16:26.0265 2924 Null - ok
18:16:26.0312 2924 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:16:26.0328 2924 NwlnkFlt - ok
18:16:26.0343 2924 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:16:26.0343 2924 NwlnkFwd - ok
18:16:26.0500 2924 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:16:26.0500 2924 odserv - ok
18:16:26.0625 2924 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:16:26.0640 2924 ose - ok
18:16:26.0953 2924 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:16:27.0125 2924 osppsvc - ok
18:16:27.0187 2924 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
18:16:27.0203 2924 Parport - ok
18:16:27.0250 2924 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:16:27.0296 2924 PartMgr - ok
18:16:27.0359 2924 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:16:27.0359 2924 ParVdm - ok
18:16:27.0375 2924 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:16:27.0390 2924 PCI - ok
18:16:27.0437 2924 PCIDump - ok
18:16:27.0453 2924 PCIIde - ok
18:16:27.0515 2924 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:16:27.0515 2924 Pcmcia - ok
18:16:27.0531 2924 PDCOMP - ok
18:16:27.0546 2924 PDFRAME - ok
18:16:27.0562 2924 PDRELI - ok
18:16:27.0578 2924 PDRFRAME - ok
18:16:27.0593 2924 perc2 - ok
18:16:27.0609 2924 perc2hib - ok
18:16:27.0687 2924 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
18:16:27.0703 2924 PlugPlay - ok
18:16:27.0718 2924 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:16:27.0734 2924 PolicyAgent - ok
18:16:27.0750 2924 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:16:27.0765 2924 PptpMiniport - ok
18:16:27.0796 2924 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:16:27.0796 2924 ProtectedStorage - ok
18:16:27.0812 2924 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:16:27.0828 2924 PSched - ok
18:16:27.0828 2924 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:16:27.0843 2924 Ptilink - ok
18:16:27.0843 2924 ql1080 - ok
18:16:27.0859 2924 Ql10wnt - ok
18:16:27.0875 2924 ql12160 - ok
18:16:27.0890 2924 ql1240 - ok
18:16:27.0906 2924 ql1280 - ok
18:16:27.0953 2924 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:16:27.0953 2924 RasAcd - ok
18:16:28.0000 2924 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:16:28.0046 2924 RasAuto - ok
18:16:28.0109 2924 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:16:28.0109 2924 Rasl2tp - ok
18:16:28.0140 2924 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:16:28.0156 2924 RasMan - ok
18:16:28.0171 2924 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:16:28.0171 2924 RasPppoe - ok
18:16:28.0187 2924 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:16:28.0187 2924 Raspti - ok
18:16:28.0218 2924 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:16:28.0234 2924 Rdbss - ok
18:16:28.0343 2924 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:16:28.0343 2924 RDPCDD - ok
18:16:28.0421 2924 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:16:28.0437 2924 RDPWD - ok
18:16:28.0515 2924 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:16:28.0578 2924 RDSessMgr - ok
18:16:28.0656 2924 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:16:28.0656 2924 redbook - ok
18:16:28.0734 2924 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:16:28.0781 2924 RemoteAccess - ok
18:16:28.0875 2924 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
18:16:28.0906 2924 RpcLocator - ok
18:16:29.0000 2924 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
18:16:29.0046 2924 RpcSs - ok
18:16:29.0109 2924 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
18:16:29.0156 2924 RSVP - ok
18:16:29.0218 2924 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
18:16:29.0234 2924 SamSs - ok
18:16:29.0375 2924 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:16:29.0375 2924 SASDIFSV - ok
18:16:29.0390 2924 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:16:29.0390 2924 SASKUTIL - ok
18:16:29.0453 2924 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:16:29.0515 2924 SCardSvr - ok
18:16:29.0609 2924 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:16:29.0656 2924 Schedule - ok
18:16:29.0906 2924 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
18:16:29.0921 2924 SDScannerService - ok
18:16:30.0062 2924 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
18:16:30.0093 2924 SDUpdateService - ok
18:16:30.0125 2924 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
18:16:30.0125 2924 SDWSCService - ok
18:16:30.0187 2924 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:16:30.0203 2924 Secdrv - ok
18:16:30.0234 2924 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:16:30.0265 2924 seclogon - ok
18:16:30.0375 2924 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
18:16:30.0421 2924 SENS - ok
18:16:30.0453 2924 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
18:16:30.0453 2924 Serial - ok
18:16:30.0531 2924 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
18:16:30.0531 2924 Sfloppy - ok
18:16:30.0578 2924 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:16:30.0593 2924 SharedAccess - ok
18:16:30.0625 2924 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:16:30.0656 2924 ShellHWDetection - ok
18:16:30.0656 2924 Simbad - ok
18:16:30.0781 2924 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
18:16:30.0781 2924 SkypeUpdate - ok
18:16:30.0828 2924 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:16:30.0843 2924 SLIP - ok
18:16:31.0046 2924 [ 473F35E2A378B854731E67C377A3BEA7 ] SNP2UVC C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
18:16:31.0078 2924 SNP2UVC - ok
18:16:31.0093 2924 Sparrow - ok
18:16:31.0187 2924 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:16:31.0187 2924 splitter - ok
18:16:31.0296 2924 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:16:31.0328 2924 Spooler - ok
18:16:31.0406 2924 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:16:31.0421 2924 sr - ok
18:16:31.0468 2924 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
18:16:31.0500 2924 srservice - ok
18:16:31.0578 2924 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:16:31.0593 2924 Srv - ok
18:16:31.0625 2924 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:16:31.0671 2924 SSDPSRV - ok
18:16:31.0734 2924 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:16:31.0781 2924 stisvc - ok
18:16:31.0812 2924 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:16:31.0828 2924 streamip - ok
18:16:31.0890 2924 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:16:31.0906 2924 swenum - ok
18:16:31.0921 2924 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:16:31.0937 2924 swmidi - ok
18:16:31.0968 2924 SwPrv - ok
18:16:32.0015 2924 symc810 - ok
18:16:32.0046 2924 symc8xx - ok
18:16:32.0062 2924 sym_hi - ok
18:16:32.0078 2924 sym_u3 - ok
18:16:32.0109 2924 [ 8E25A1DBB8527B2074AF9B682F818768 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
18:16:32.0125 2924 SynTP - ok
18:16:32.0140 2924 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:16:32.0140 2924 sysaudio - ok
18:16:32.0218 2924 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:16:32.0250 2924 SysmonLog - ok
18:16:32.0406 2924 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:16:32.0421 2924 TapiSrv - ok
18:16:32.0531 2924 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:16:32.0546 2924 Tcpip - ok
18:16:32.0609 2924 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:16:32.0609 2924 TDPIPE - ok
18:16:32.0640 2924 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:16:32.0640 2924 TDTCP - ok
18:16:32.0703 2924 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:16:32.0718 2924 TermDD - ok
18:16:32.0765 2924 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
18:16:32.0812 2924 TermService - ok
18:16:32.0859 2924 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
18:16:32.0906 2924 Themes - ok
18:16:32.0953 2924 TosIde - ok
18:16:33.0062 2924 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:16:33.0093 2924 TrkWks - ok
18:16:33.0171 2924 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:16:33.0187 2924 Udfs - ok
18:16:33.0203 2924 ultra - ok
18:16:33.0296 2924 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:16:33.0312 2924 Update - ok
18:16:33.0390 2924 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
18:16:33.0453 2924 upnphost - ok
18:16:33.0484 2924 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
18:16:33.0531 2924 UPS - ok
18:16:33.0609 2924 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:16:33.0625 2924 usbccgp - ok
18:16:33.0718 2924 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:16:33.0734 2924 usbehci - ok
18:16:33.0765 2924 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:16:33.0781 2924 usbhub - ok
18:16:33.0812 2924 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:16:33.0812 2924 usbstor - ok
18:16:33.0843 2924 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:16:33.0859 2924 usbuhci - ok
18:16:33.0906 2924 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
18:16:33.0921 2924 usbvideo - ok
18:16:33.0937 2924 [ C019889035CDC1A06F2FEBC93CBB6897 ] uvclf C:\WINDOWS\system32\DRIVERS\uvclf.sys
18:16:33.0937 2924 uvclf - ok
18:16:34.0000 2924 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:16:34.0000 2924 VgaSave - ok
18:16:34.0015 2924 ViaIde - ok
18:16:34.0140 2924 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:16:34.0156 2924 VolSnap - ok
18:16:34.0218 2924 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
18:16:34.0265 2924 VSS - ok
18:16:34.0375 2924 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
18:16:34.0406 2924 W32Time - ok
18:16:34.0437 2924 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:16:34.0437 2924 Wanarp - ok
18:16:34.0578 2924 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
18:16:34.0593 2924 Wdf01000 - ok
18:16:34.0609 2924 WDICA - ok
18:16:34.0640 2924 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:16:34.0640 2924 wdmaud - ok
18:16:34.0734 2924 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:16:34.0750 2924 WebClient - ok
18:16:34.0953 2924 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:16:34.0953 2924 winmgmt - ok
18:16:35.0046 2924 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
18:16:35.0062 2924 WmdmPmSN - ok
18:16:35.0093 2924 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:16:35.0109 2924 WmiApSrv - ok
18:16:35.0234 2924 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
18:16:35.0281 2924 WMPNetworkSvc - ok
18:16:35.0375 2924 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:16:35.0390 2924 wscsvc - ok
18:16:35.0421 2924 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:16:35.0421 2924 WSTCODEC - ok
18:16:35.0515 2924 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:16:35.0531 2924 wuauserv - ok
18:16:35.0546 2924 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:16:35.0562 2924 WudfPf - ok
18:16:35.0578 2924 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:16:35.0578 2924 WudfRd - ok
18:16:35.0640 2924 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
18:16:35.0671 2924 WudfSvc - ok
18:16:35.0765 2924 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:16:35.0796 2924 WZCSVC - ok
18:16:35.0875 2924 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:16:35.0906 2924 xmlprov - ok
18:16:35.0921 2924 ================ Scan global ===============================
18:16:36.0062 2924 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
18:16:36.0125 2924 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:16:36.0156 2924 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:16:36.0234 2924 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
18:16:36.0250 2924 [Global] - ok
18:16:36.0250 2924 ================ Scan MBR ==================================
18:16:36.0296 2924 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:16:36.0656 2924 \Device\Harddisk0\DR0 - ok
18:16:36.0656 2924 ================ Scan VBR ==================================
18:16:36.0656 2924 [ B055A910E0D627B4724382EDCA5AF673 ] \Device\Harddisk0\DR0\Partition1
18:16:36.0656 2924 \Device\Harddisk0\DR0\Partition1 - ok
18:16:36.0671 2924 ============================================================
18:16:36.0671 2924 Scan finished
18:16:36.0671 2924 ============================================================
18:16:36.0687 2912 Detected object count: 0
18:16:36.0687 2912 Actual detected object count: 0
18:16:40.0390 2556 Deinitialize success
Jack&Jill
2012-12-03, 02:16
Hello Michelea1976 :),
Good to hear things are getting better. Could you please post the previous TDSSKiller log? The first one before the reboot. You will be able to retrieve from C:\ in TDSSKiller.Version_Date_Time_log.txt format. We have a few more steps to do before we are done.
--------------------
Run aswMBR again, zip and attach the newer C:\Documents and Settings\Michele Acampora\Desktop\MBR.dat as aswMBR2.zip. Post back the log as well.
--------------------
Please download ComboFix and save it to your desktop. Click here. (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Do not mouse click on ComboFix while it is running. That may cause it to stall. ComboFix is a powerful tool and must not be used without supervision.
Install Recovery Console and run ComboFix
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running ComboFix. They will interfere and may cause unexpected results.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Double click on ComboFix.exe and follow the prompts. Please run it in Normal Mode.
As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. You will be asked to install it if it is not present in your computer. Click Yes to proceed.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, click on Yes to continue scanning for malware.
When finished, a log will be produced as C:\ComboFix.txt. Please post this log in your next reply.
If you lose Internet connection after running ComboFix, right click on the network icon at the system tray and select Repair, or you can reboot the computer.
Enable back your security softwares as soon as you completed the ComboFix steps.
A detailed step by step tutorial to run ComboFix can be found here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) if you need help.
--------------------
Please post back:
1. previous TDSSKiller log
2. new aswMBR log
3. aswMBR2.zip
4. ComboFix log
Michelea1976
2012-12-03, 03:39
18:10:38.0812 2932 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:10:38.0843 2932 ============================================================
18:10:38.0859 2932 Current date / time: 2012/12/02 18:10:38.0843
18:10:38.0859 2932 SystemInfo:
18:10:38.0859 2932
18:10:38.0859 2932 OS Version: 5.1.2600 ServicePack: 3.0
18:10:38.0859 2932 Product type: Workstation
18:10:38.0859 2932 ComputerName: MICHELE
18:10:38.0859 2932 UserName: Michele Acampora
18:10:38.0859 2932 Windows directory: C:\WINDOWS
18:10:38.0859 2932 System windows directory: C:\WINDOWS
18:10:38.0859 2932 Processor architecture: Intel x86
18:10:38.0859 2932 Number of processors: 2
18:10:38.0859 2932 Page size: 0x1000
18:10:38.0859 2932 Boot type: Normal boot
18:10:38.0859 2932 ============================================================
18:10:39.0421 2932 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:10:39.0421 2932 ============================================================
18:10:39.0421 2932 \Device\Harddisk0\DR0:
18:10:39.0421 2932 MBR partitions:
18:10:39.0421 2932 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1203EBBF
18:10:39.0421 2932 ============================================================
18:10:39.0484 2932 C: <-> \Device\Harddisk0\DR0\Partition1
18:10:39.0484 2932 ============================================================
18:10:39.0484 2932 Initialize success
18:10:39.0484 2932 ============================================================
18:10:53.0921 2944 ============================================================
18:10:53.0921 2944 Scan started
18:10:53.0921 2944 Mode: Manual;
18:10:53.0921 2944 ============================================================
18:10:55.0140 2944 ================ Scan system memory ========================
18:10:55.0156 2944 System memory - ok
18:10:55.0156 2944 ================ Scan services =============================
18:10:55.0437 2944 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
18:10:55.0437 2944 !SASCORE - ok
18:10:55.0750 2944 [ 2A8681AEA24003040CA7D677BE9F1702 ] 45517545 C:\WINDOWS\system32\drivers\02888491.sys
18:10:55.0843 2944 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
18:10:55.0859 2944 Aavmker4 - ok
18:10:55.0875 2944 Abiosdsk - ok
18:10:55.0921 2944 abp480n5 - ok
18:10:56.0015 2944 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:10:56.0015 2944 ACPI - ok
18:10:56.0093 2944 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:10:56.0093 2944 ACPIEC - ok
18:10:56.0281 2944 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:10:56.0296 2944 AdobeFlashPlayerUpdateSvc - ok
18:10:56.0328 2944 adpu160m - ok
18:10:56.0468 2944 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:10:56.0484 2944 aec - ok
18:10:56.0593 2944 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:10:56.0609 2944 AFD - ok
18:10:56.0640 2944 Aha154x - ok
18:10:56.0687 2944 aic78u2 - ok
18:10:56.0718 2944 aic78xx - ok
18:10:56.0812 2944 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:10:56.0812 2944 Alerter - ok
18:10:56.0875 2944 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
18:10:56.0890 2944 ALG - ok
18:10:56.0906 2944 AliIde - ok
18:10:57.0015 2944 [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
18:10:57.0078 2944 Ambfilt - ok
18:10:57.0093 2944 amsint - ok
18:10:57.0250 2944 [ 2E3E53A6AEF23E24F402C7855B9B1542 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:10:57.0265 2944 Apple Mobile Device - ok
18:10:57.0281 2944 AppMgmt - ok
18:10:57.0453 2944 [ E0EE769D14128014965E03B433F5F46E ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
18:10:57.0625 2944 AR5416 - ok
18:10:57.0640 2944 asc - ok
18:10:57.0671 2944 asc3350p - ok
18:10:57.0703 2944 asc3550 - ok
18:10:58.0000 2944 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:10:58.0031 2944 aspnet_state - ok
18:10:58.0109 2944 [ E67493490466B5F04B58C22D2590E8CA ] AsUpIO C:\WINDOWS\system32\drivers\AsUpIO.sys
18:10:58.0125 2944 AsUpIO - ok
18:10:58.0203 2944 [ 12415A4B61DED200FE9932B47A35FA42 ] AsusACPI C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
18:10:58.0203 2944 AsusACPI - ok
18:10:58.0328 2944 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
18:10:58.0328 2944 aswFsBlk - ok
18:10:58.0375 2944 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
18:10:58.0375 2944 aswMon2 - ok
18:10:58.0421 2944 [ 7C9F0A2AB17D52261A9252A2EB320884 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
18:10:58.0421 2944 aswRdr - ok
18:10:58.0562 2944 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
18:10:58.0593 2944 aswSnx - ok
18:10:58.0656 2944 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
18:10:58.0671 2944 aswSP - ok
18:10:58.0703 2944 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
18:10:58.0718 2944 aswTdi - ok
18:10:58.0843 2944 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:10:58.0859 2944 AsyncMac - ok
18:10:59.0000 2944 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
18:10:59.0000 2944 atapi - ok
18:10:59.0031 2944 Atdisk - ok
18:10:59.0093 2944 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:10:59.0093 2944 Atmarpc - ok
18:10:59.0156 2944 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:10:59.0171 2944 AudioSrv - ok
18:10:59.0265 2944 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:10:59.0265 2944 audstub - ok
18:10:59.0453 2944 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
18:10:59.0453 2944 avast! Antivirus - ok
18:10:59.0703 2944 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
18:10:59.0703 2944 BBSvc - ok
18:10:59.0828 2944 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files\Microsoft\BingBar\SeaPort.EXE
18:10:59.0828 2944 BBUpdate - ok
18:10:59.0953 2944 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:10:59.0953 2944 Beep - ok
18:11:00.0046 2944 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
18:11:00.0109 2944 BITS - ok
18:11:00.0218 2944 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:11:00.0296 2944 Bonjour Service - ok
18:11:00.0406 2944 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
18:11:00.0421 2944 Browser - ok
18:11:00.0453 2944 btaudio - ok
18:11:00.0484 2944 BTDriver - ok
18:11:00.0531 2944 BTWDNDIS - ok
18:11:00.0578 2944 btwhid - ok
18:11:00.0593 2944 BTWUSB - ok
18:11:00.0671 2944 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:11:00.0671 2944 cbidf2k - ok
18:11:00.0718 2944 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:11:00.0718 2944 CCDECODE - ok
18:11:00.0734 2944 cd20xrnt - ok
18:11:00.0812 2944 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:11:00.0828 2944 Cdaudio - ok
18:11:00.0875 2944 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:11:00.0890 2944 Cdfs - ok
18:11:00.0921 2944 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:11:00.0921 2944 Cdrom - ok
18:11:00.0953 2944 Changer - ok
18:11:00.0984 2944 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
18:11:00.0984 2944 CiSvc - ok
18:11:01.0015 2944 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:11:01.0015 2944 ClipSrv - ok
18:11:01.0062 2944 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:11:01.0171 2944 clr_optimization_v2.0.50727_32 - ok
18:11:01.0234 2944 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:11:01.0234 2944 CmBatt - ok
18:11:01.0265 2944 CmdIde - ok
18:11:01.0343 2944 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:11:01.0343 2944 Compbatt - ok
18:11:01.0375 2944 COMSysApp - ok
18:11:01.0437 2944 Cpqarray - ok
18:11:01.0546 2944 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:11:01.0546 2944 CryptSvc - ok
18:11:01.0562 2944 dac2w2k - ok
18:11:01.0593 2944 dac960nt - ok
18:11:01.0718 2944 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:11:01.0765 2944 DcomLaunch - ok
18:11:01.0875 2944 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:11:01.0890 2944 Dhcp - ok
18:11:01.0906 2944 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:11:01.0906 2944 Disk - ok
18:11:01.0937 2944 dmadmin - ok
18:11:02.0015 2944 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:11:02.0062 2944 dmboot - ok
18:11:02.0109 2944 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:11:02.0125 2944 dmio - ok
18:11:02.0171 2944 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:11:02.0171 2944 dmload - ok
18:11:02.0203 2944 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:11:02.0218 2944 dmserver - ok
18:11:02.0296 2944 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:11:02.0296 2944 DMusic - ok
18:11:02.0390 2944 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:11:02.0406 2944 Dnscache - ok
18:11:02.0484 2944 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:11:02.0500 2944 Dot3svc - ok
18:11:02.0531 2944 dpti2o - ok
18:11:02.0609 2944 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:11:02.0609 2944 drmkaud - ok
18:11:02.0671 2944 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:11:02.0687 2944 EapHost - ok
18:11:02.0781 2944 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:11:02.0796 2944 ERSvc - ok
18:11:02.0906 2944 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
18:11:02.0953 2944 Eventlog - ok
18:11:03.0078 2944 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
18:11:03.0109 2944 EventSystem - ok
18:11:03.0234 2944 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:11:03.0281 2944 Fastfat - ok
18:11:03.0359 2944 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:11:03.0406 2944 FastUserSwitchingCompatibility - ok
18:11:03.0484 2944 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
18:11:03.0500 2944 Fdc - ok
18:11:03.0531 2944 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:11:03.0546 2944 Fips - ok
18:11:03.0625 2944 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
18:11:03.0625 2944 Flpydisk - ok
18:11:03.0703 2944 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:11:03.0703 2944 FltMgr - ok
18:11:03.0812 2944 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:11:03.0828 2944 FontCache3.0.0.0 - ok
18:11:03.0937 2944 [ C6EE3A87FE609D3E1DB9DBD072A248DE ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
18:11:03.0937 2944 fssfltr - ok
18:11:04.0062 2944 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
18:11:04.0093 2944 fsssvc - ok
18:11:04.0187 2944 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:11:04.0187 2944 Fs_Rec - ok
18:11:04.0312 2944 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:11:04.0312 2944 Ftdisk - ok
18:11:04.0421 2944 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:11:04.0437 2944 GEARAspiWDM - ok
18:11:04.0515 2944 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:11:04.0531 2944 Gpc - ok
18:11:04.0734 2944 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:11:04.0750 2944 gupdate - ok
18:11:04.0765 2944 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:11:04.0781 2944 gupdatem - ok
18:11:04.0859 2944 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:11:04.0859 2944 gusvc - ok
18:11:04.0953 2944 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:11:04.0968 2944 HDAudBus - ok
18:11:05.0156 2944 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:11:05.0171 2944 helpsvc - ok
18:11:05.0265 2944 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
18:11:05.0281 2944 HidServ - ok
18:11:05.0390 2944 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:11:05.0406 2944 HidUsb - ok
18:11:05.0468 2944 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:11:05.0500 2944 hkmsvc - ok
18:11:05.0515 2944 hpn - ok
18:11:05.0625 2944 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:11:05.0640 2944 HTTP - ok
18:11:05.0734 2944 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:11:05.0765 2944 HTTPFilter - ok
18:11:05.0796 2944 i2omgmt - ok
18:11:05.0843 2944 i2omp - ok
18:11:05.0968 2944 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:11:05.0968 2944 i8042prt - ok
18:11:06.0296 2944 [ 0F68E2EC713F132FFB19E45415B09679 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:11:06.0562 2944 ialm - ok
18:11:06.0687 2944 [ 8EF427C54497C5F8A7A645990E4278C7 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
18:11:06.0687 2944 iaStor - ok
18:11:06.0796 2944 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:11:06.0859 2944 idsvc - ok
18:11:06.0937 2944 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:11:06.0953 2944 Imapi - ok
18:11:07.0031 2944 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:11:07.0046 2944 ImapiService - ok
18:11:07.0062 2944 ini910u - ok
18:11:07.0359 2944 [ 9037C8BD3E896D7F2803A171FDEAEEF4 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:11:07.0750 2944 IntcAzAudAddService - ok
18:11:07.0781 2944 IntelIde - ok
18:11:07.0875 2944 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:11:07.0875 2944 intelppm - ok
18:11:07.0953 2944 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:11:07.0953 2944 Ip6Fw - ok
18:11:07.0984 2944 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:11:07.0984 2944 IpFilterDriver - ok
18:11:08.0000 2944 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:11:08.0015 2944 IpInIp - ok
18:11:08.0078 2944 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:11:08.0078 2944 IpNat - ok
18:11:08.0203 2944 [ 8F610078437A459948480407F4DB91EA ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:11:08.0218 2944 iPod Service - ok
18:11:08.0234 2944 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:11:08.0234 2944 IPSec - ok
18:11:08.0296 2944 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:11:08.0312 2944 IRENUM - ok
18:11:08.0390 2944 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:11:08.0390 2944 isapnp - ok
18:11:08.0609 2944 [ 9DBA73C2F1E76EC4CB837E67C5743596 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
18:11:08.0609 2944 JavaQuickStarterService - ok
18:11:08.0703 2944 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:11:08.0703 2944 Kbdclass - ok
18:11:08.0812 2944 [ 7F2B8D0B31FB4A797E5786EF124C5A80 ] kbfiltr C:\WINDOWS\system32\DRIVERS\kbfiltr.sys
18:11:08.0812 2944 kbfiltr - ok
18:11:08.0859 2944 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:11:08.0875 2944 kmixer - ok
18:11:08.0921 2944 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:11:08.0937 2944 KSecDD - ok
18:11:09.0031 2944 [ 6C8658587E91EA25B0FD2E71781AD228 ] L1c C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
18:11:09.0031 2944 L1c - ok
18:11:09.0140 2944 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
18:11:09.0203 2944 LanmanServer - ok
18:11:09.0312 2944 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:11:09.0375 2944 lanmanworkstation - ok
18:11:09.0390 2944 lbrtfdc - ok
18:11:09.0562 2944 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:11:09.0578 2944 LmHosts - ok
18:11:09.0640 2944 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:11:09.0671 2944 Messenger - ok
18:11:09.0750 2944 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:11:09.0750 2944 mnmdd - ok
18:11:09.0828 2944 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
18:11:09.0890 2944 mnmsrvc - ok
18:11:09.0937 2944 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:11:09.0937 2944 Modem - ok
18:11:10.0046 2944 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
18:11:10.0093 2944 Monfilt - ok
18:11:10.0187 2944 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:11:10.0187 2944 Mouclass - ok
18:11:10.0296 2944 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:11:10.0312 2944 mouhid - ok
18:11:10.0375 2944 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:11:10.0390 2944 MountMgr - ok
18:11:10.0484 2944 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:11:10.0500 2944 MozillaMaintenance - ok
18:11:10.0515 2944 mraid35x - ok
18:11:10.0578 2944 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:11:10.0593 2944 MRxDAV - ok
18:11:10.0687 2944 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:11:10.0812 2944 MRxSmb - ok
18:11:10.0875 2944 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
18:11:10.0906 2944 MSDTC - ok
18:11:10.0937 2944 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:11:10.0968 2944 Msfs - ok
18:11:11.0000 2944 MSIServer - ok
18:11:11.0046 2944 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:11:11.0062 2944 MSKSSRV - ok
18:11:11.0078 2944 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:11:11.0078 2944 MSPCLOCK - ok
18:11:11.0109 2944 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:11:11.0109 2944 MSPQM - ok
18:11:11.0171 2944 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:11:11.0187 2944 mssmbios - ok
18:11:11.0203 2944 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
18:11:11.0203 2944 MSTEE - ok
18:11:11.0265 2944 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:11:11.0281 2944 Mup - ok
18:11:11.0296 2944 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:11:11.0296 2944 NABTSFEC - ok
18:11:11.0343 2944 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
18:11:11.0375 2944 napagent - ok
18:11:11.0453 2944 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:11:11.0468 2944 NDIS - ok
18:11:11.0500 2944 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:11:11.0500 2944 NdisIP - ok
18:11:11.0609 2944 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:11:11.0609 2944 NdisTapi - ok
18:11:11.0718 2944 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:11:11.0718 2944 Ndisuio - ok
18:11:11.0750 2944 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:11:11.0765 2944 NdisWan - ok
18:11:11.0843 2944 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:11:11.0859 2944 NDProxy - ok
18:11:12.0000 2944 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:11:12.0000 2944 NetBIOS - ok
18:11:12.0125 2944 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:11:12.0125 2944 NetBT - ok
18:11:12.0187 2944 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
18:11:12.0218 2944 NetDDE - ok
18:11:12.0265 2944 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:11:12.0296 2944 NetDDEdsdm - ok
18:11:12.0375 2944 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:11:12.0390 2944 Netlogon - ok
18:11:12.0406 2944 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
18:11:12.0437 2944 Netman - ok
18:11:12.0515 2944 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:11:12.0515 2944 NetTcpPortSharing - ok
18:11:12.0578 2944 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
18:11:12.0593 2944 Nla - ok
18:11:12.0625 2944 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:11:12.0625 2944 Npfs - ok
18:11:12.0671 2944 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:11:12.0703 2944 Ntfs - ok
18:11:12.0718 2944 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
18:11:12.0734 2944 NtLmSsp - ok
18:11:12.0781 2944 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:11:12.0812 2944 NtmsSvc - ok
18:11:12.0890 2944 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
18:11:12.0890 2944 Null - ok
18:11:12.0968 2944 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:11:12.0968 2944 NwlnkFlt - ok
18:11:12.0984 2944 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:11:13.0000 2944 NwlnkFwd - ok
18:11:13.0156 2944 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:11:13.0187 2944 odserv - ok
18:11:13.0234 2944 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:11:13.0250 2944 ose - ok
18:11:13.0625 2944 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:11:13.0843 2944 osppsvc - ok
18:11:13.0906 2944 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
18:11:13.0921 2944 Parport - ok
18:11:14.0000 2944 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:11:14.0000 2944 PartMgr - ok
18:11:14.0078 2944 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:11:14.0093 2944 ParVdm - ok
18:11:14.0156 2944 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:11:14.0171 2944 PCI - ok
18:11:14.0187 2944 PCIDump - ok
18:11:14.0203 2944 PCIIde - ok
18:11:14.0281 2944 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:11:14.0296 2944 Pcmcia - ok
18:11:14.0312 2944 PDCOMP - ok
18:11:14.0328 2944 PDFRAME - ok
18:11:14.0359 2944 PDRELI - ok
18:11:14.0390 2944 PDRFRAME - ok
18:11:14.0421 2944 perc2 - ok
18:11:14.0453 2944 perc2hib - ok
18:11:14.0562 2944 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
18:11:14.0593 2944 PlugPlay - ok
18:11:14.0609 2944 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:11:14.0625 2944 PolicyAgent - ok
18:11:14.0640 2944 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:11:14.0656 2944 PptpMiniport - ok
18:11:14.0687 2944 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:11:14.0687 2944 ProtectedStorage - ok
18:11:14.0718 2944 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:11:14.0718 2944 PSched - ok
18:11:14.0750 2944 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:11:14.0750 2944 Ptilink - ok
18:11:14.0765 2944 ql1080 - ok
18:11:14.0796 2944 Ql10wnt - ok
18:11:14.0828 2944 ql12160 - ok
18:11:14.0859 2944 ql1240 - ok
18:11:14.0890 2944 ql1280 - ok
18:11:14.0921 2944 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:11:14.0921 2944 RasAcd - ok
18:11:14.0984 2944 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:11:15.0015 2944 RasAuto - ok
18:11:15.0078 2944 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:11:15.0093 2944 Rasl2tp - ok
18:11:15.0125 2944 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:11:15.0156 2944 RasMan - ok
18:11:15.0171 2944 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:11:15.0171 2944 RasPppoe - ok
18:11:15.0203 2944 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:11:15.0203 2944 Raspti - ok
18:11:15.0234 2944 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:11:15.0250 2944 Rdbss - ok
18:11:15.0359 2944 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:11:15.0359 2944 RDPCDD - ok
18:11:15.0453 2944 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:11:15.0468 2944 RDPWD - ok
18:11:15.0515 2944 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:11:15.0562 2944 RDSessMgr - ok
18:11:15.0640 2944 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:11:15.0640 2944 redbook - ok
18:11:15.0718 2944 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:11:15.0734 2944 RemoteAccess - ok
18:11:15.0765 2944 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
18:11:15.0812 2944 RpcLocator - ok
18:11:15.0906 2944 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
18:11:15.0937 2944 RpcSs - ok
18:11:15.0984 2944 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
18:11:16.0046 2944 RSVP - ok
18:11:16.0109 2944 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
18:11:16.0140 2944 SamSs - ok
18:11:16.0234 2944 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:11:16.0234 2944 SASDIFSV - ok
18:11:16.0265 2944 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:11:16.0281 2944 SASKUTIL - ok
18:11:16.0359 2944 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:11:16.0406 2944 SCardSvr - ok
18:11:16.0515 2944 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:11:16.0562 2944 Schedule - ok
18:11:16.0812 2944 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
18:11:17.0078 2944 SDScannerService - ok
18:11:17.0187 2944 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
18:11:17.0250 2944 SDUpdateService - ok
18:11:17.0312 2944 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
18:11:17.0328 2944 SDWSCService - ok
18:11:17.0406 2944 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:11:17.0406 2944 Secdrv - ok
18:11:17.0453 2944 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:11:17.0484 2944 seclogon - ok
18:11:17.0562 2944 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
18:11:17.0609 2944 SENS - ok
18:11:17.0656 2944 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
18:11:17.0671 2944 Serial - ok
18:11:17.0812 2944 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
18:11:17.0828 2944 Sfloppy - ok
18:11:17.0859 2944 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:11:17.0890 2944 SharedAccess - ok
18:11:18.0046 2944 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:11:18.0062 2944 ShellHWDetection - ok
18:11:18.0093 2944 Simbad - ok
18:11:18.0218 2944 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
18:11:18.0234 2944 SkypeUpdate - ok
18:11:18.0281 2944 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:11:18.0296 2944 SLIP - ok
18:11:18.0468 2944 [ 473F35E2A378B854731E67C377A3BEA7 ] SNP2UVC C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
18:11:18.0562 2944 SNP2UVC - ok
18:11:18.0578 2944 Sparrow - ok
18:11:18.0703 2944 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:11:18.0703 2944 splitter - ok
18:11:18.0812 2944 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:11:18.0984 2944 Spooler - ok
18:11:19.0109 2944 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:11:19.0109 2944 sr - ok
18:11:19.0156 2944 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
18:11:19.0203 2944 srservice - ok
18:11:19.0281 2944 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:11:19.0296 2944 Srv - ok
18:11:19.0359 2944 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:11:19.0406 2944 SSDPSRV - ok
18:11:19.0453 2944 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:11:19.0484 2944 stisvc - ok
18:11:19.0515 2944 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:11:19.0515 2944 streamip - ok
18:11:19.0593 2944 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:11:19.0593 2944 swenum - ok
18:11:19.0640 2944 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:11:19.0640 2944 swmidi - ok
18:11:19.0656 2944 SwPrv - ok
18:11:19.0703 2944 symc810 - ok
18:11:19.0718 2944 symc8xx - ok
18:11:19.0750 2944 sym_hi - ok
18:11:19.0781 2944 sym_u3 - ok
18:11:19.0843 2944 [ 8E25A1DBB8527B2074AF9B682F818768 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
18:11:19.0984 2944 SynTP - ok
18:11:20.0015 2944 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:11:20.0031 2944 sysaudio - ok
18:11:20.0093 2944 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:11:20.0125 2944 SysmonLog - ok
18:11:20.0218 2944 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:11:20.0250 2944 TapiSrv - ok
18:11:20.0359 2944 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:11:20.0390 2944 Tcpip - ok
18:11:20.0453 2944 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:11:20.0468 2944 TDPIPE - ok
18:11:20.0500 2944 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:11:20.0515 2944 TDTCP - ok
18:11:20.0562 2944 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:11:20.0578 2944 TermDD - ok
18:11:20.0640 2944 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
18:11:20.0687 2944 TermService - ok
18:11:20.0750 2944 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
18:11:20.0765 2944 Themes - ok
18:11:20.0828 2944 TosIde - ok
18:11:21.0015 2944 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:11:21.0046 2944 TrkWks - ok
18:11:21.0125 2944 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:11:21.0140 2944 Udfs - ok
18:11:21.0156 2944 ultra - ok
18:11:21.0265 2944 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:11:21.0281 2944 Update - ok
18:11:21.0359 2944 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
18:11:21.0390 2944 upnphost - ok
18:11:21.0421 2944 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
18:11:21.0468 2944 UPS - ok
18:11:21.0546 2944 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:11:21.0562 2944 usbccgp - ok
18:11:21.0687 2944 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:11:21.0687 2944 usbehci - ok
18:11:21.0796 2944 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:11:21.0812 2944 usbhub - ok
18:11:21.0843 2944 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:11:21.0875 2944 usbstor - ok
18:11:22.0015 2944 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:11:22.0015 2944 usbuhci - ok
18:11:22.0093 2944 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
18:11:22.0109 2944 usbvideo - ok
18:11:22.0156 2944 [ C019889035CDC1A06F2FEBC93CBB6897 ] uvclf C:\WINDOWS\system32\DRIVERS\uvclf.sys
18:11:22.0171 2944 uvclf - ok
18:11:22.0234 2944 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:11:22.0234 2944 VgaSave - ok
18:11:22.0265 2944 ViaIde - ok
18:11:22.0406 2944 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:11:22.0421 2944 VolSnap - ok
18:11:22.0500 2944 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
18:11:22.0562 2944 VSS - ok
18:11:22.0656 2944 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
18:11:22.0718 2944 W32Time - ok
18:11:22.0859 2944 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:11:22.0875 2944 Wanarp - ok
18:11:23.0031 2944 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
18:11:23.0062 2944 Wdf01000 - ok
18:11:23.0093 2944 WDICA - ok
18:11:23.0125 2944 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:11:23.0140 2944 wdmaud - ok
18:11:23.0218 2944 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:11:23.0250 2944 WebClient - ok
18:11:23.0453 2944 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:11:23.0468 2944 winmgmt - ok
18:11:23.0609 2944 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
18:11:23.0640 2944 WmdmPmSN - ok
18:11:23.0687 2944 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:11:23.0703 2944 WmiApSrv - ok
18:11:23.0781 2944 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
18:11:23.0812 2944 WMPNetworkSvc - ok
18:11:23.0968 2944 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:11:24.0015 2944 wscsvc - ok
18:11:24.0046 2944 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:11:24.0062 2944 WSTCODEC - ok
18:11:24.0156 2944 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:11:24.0203 2944 wuauserv - ok
18:11:24.0250 2944 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:11:24.0265 2944 WudfPf - ok
18:11:24.0281 2944 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:11:24.0296 2944 WudfRd - ok
18:11:24.0343 2944 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
18:11:24.0375 2944 WudfSvc - ok
18:11:24.0484 2944 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:11:24.0531 2944 WZCSVC - ok
18:11:24.0609 2944 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:11:24.0640 2944 xmlprov - ok
18:11:24.0671 2944 ================ Scan global ===============================
18:11:24.0750 2944 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
18:11:24.0859 2944 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:11:25.0015 2944 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:11:25.0093 2944 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
18:11:25.0109 2944 [Global] - ok
18:11:25.0109 2944 ================ Scan MBR ==================================
18:11:25.0171 2944 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:11:25.0171 2944 Suspicious mbr (Forged): \Device\Harddisk0\DR0
18:11:25.0218 2944 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
18:11:25.0218 2944 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
18:11:25.0218 2944 ================ Scan VBR ==================================
18:11:25.0234 2944 [ B055A910E0D627B4724382EDCA5AF673 ] \Device\Harddisk0\DR0\Partition1
18:11:25.0250 2944 \Device\Harddisk0\DR0\Partition1 - ok
18:11:25.0250 2944 ============================================================
18:11:25.0250 2944 Scan finished
18:11:25.0250 2944 ============================================================
18:11:25.0312 3384 Detected object count: 1
18:11:25.0312 3384 Actual detected object count: 1
18:13:08.0015 3384 \Device\Harddisk0\DR0\# - copied to quarantine
18:13:08.0015 3384 \Device\Harddisk0\DR0 - copied to quarantine
18:13:08.0109 3384 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
18:13:08.0140 3384 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
18:13:08.0390 3384 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
18:13:08.0781 3384 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
18:13:19.0156 3384 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
18:13:20.0234 3384 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
18:13:20.0250 3384 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
18:13:20.0265 3384 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
18:13:20.0281 3384 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
18:13:20.0875 3384 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
18:13:21.0250 3384 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
18:13:21.0468 3384 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
18:13:21.0468 3384 \Device\Harddisk0\DR0 - ok
18:13:21.0468 3384 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
18:13:42.0250 3196 Deinitialize success
Michelea1976
2012-12-03, 03:47
I don't remember how to run the MBR.dat file. Do I just zip it up? It's on my desktop and when I click on it, there is no program to run it. I've got so many anti-spyware things on my desktop, I forget which one. Thanks!!
Jack&Jill
2012-12-03, 06:41
Hello Michelea1976 :),
No worries about aswMBR, skip it and continue with ComboFix.
Michelea1976
2012-12-04, 04:59
Hello Jack&Jill,
Here is the combo fix report.
ComboFix 12-12-02.01 - Michele Acampora 12/03/2012 21:45:14.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.351 [GMT -5:00]
Running from: c:\documents and settings\Michele Acampora\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\service
c:\windows\system32\service\01082010_TIS17_SfFniAU.log
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-04 to 2012-12-04 )))))))))))))))))))))))))))))))
.
.
2012-12-02 00:33 . 2012-12-02 23:13 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-19 23:42 . 2012-11-28 10:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-11-19 23:42 . 2009-01-25 17:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-11-19 23:41 . 2012-11-19 23:42 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-11-19 22:48 . 2012-11-19 22:49 -------- d-----w- c:\program files\ERUNT
2012-11-14 18:25 . 2012-11-14 18:25 -------- d-----w- c:\documents and settings\Michele Acampora\Application Data\webex
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 23:51 . 2011-06-25 19:33 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 23:51 . 2010-08-13 21:12 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 23:51 . 2010-08-13 21:12 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 23:51 . 2010-08-13 21:12 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 23:51 . 2010-08-13 21:12 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 23:51 . 2010-08-13 21:12 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 23:51 . 2010-08-13 21:12 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 23:51 . 2010-08-13 21:12 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 23:51 . 2010-08-13 21:11 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 23:50 . 2010-08-13 21:11 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-22 08:37 . 2010-01-07 00:08 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-09 02:47 . 2012-04-13 02:39 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 02:47 . 2011-06-10 03:02 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-02 18:04 . 2010-01-07 00:08 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 00:54 . 2011-06-25 22:53 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-28 14:08 . 2012-10-28 14:07 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-11-09 401072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-12-12 994216]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-05-09 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-06-26 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-09 1512744]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-04-09 79144]
"EeeSplendidAgent"="c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe" [2009-12-29 104960]
"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2010-01-29 751592]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-04-30 296056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
c:\documents and settings\Michele Acampora\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2010-1-7 385024]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-11-19 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-17 02:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [5/28/2010 8:12 AM 11448]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/25/2011 2:33 PM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/13/2010 4:12 PM 361032]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 1:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [5/4/2011 12:54 PM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/13/2010 4:12 PM 21256]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 5:21 PM 249648]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [11/19/2012 6:42 PM 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [11/19/2012 6:42 PM 1369624]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [8/28/2009 1:40 AM 38912]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 3:23 PM 196176]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [11/19/2012 6:42 PM 168384]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/7/2010 1:18 PM 1684736]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [1/7/2010 1:30 PM 39040]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 02:47]
.
2012-12-04 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-10-29 23:50]
.
2012-12-04 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-11-19 19:08]
.
2012-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-21 19:54]
.
2012-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-21 19:54]
.
2012-12-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2187696690-1671407227-2517261909-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-03-30 19:39]
.
2012-12-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2187696690-1671407227-2517261909-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-03-30 19:39]
.
2012-11-28 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-11-19 19:07]
.
2012-11-19 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-11-19 19:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Michele Acampora\Application Data\Mozilla\Firefox\Profiles\01tzrdl6.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-17270377.sys
SafeBoot-45517545.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-03 21:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-12-03 21:57:57
ComboFix-quarantined-files.txt 2012-12-04 02:57
.
Pre-Run: 124,436,901,888 bytes free
Post-Run: 124,833,579,008 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
.
- - End Of File - - E1A4816AAA8D604BB5B47E20A5401852
Jack&Jill
2012-12-05, 02:16
Hello Michelea1976 :),
Do an online scan with ESET Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.
Click here (http://www.eset.com/onlinescan/) to go to ESET Online Scanner page.
Click on Run ESET Online Scanner. A new window will open.
For FireFox user, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
After reading through the Terms of Use, check YES, I accept the Terms of Use and click Start to begin scan.
You will be prompted to install an ActiveX Control from ESET. Please install.
At the Computer scan settings section, uncheck (untick) Remove found threats. <-- Important, do not remove anything yet.
Then, check Scan archives.
Now, click on Advanced settings and make sure all these are checked:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
Click on Scan to proceed.
When done, the scan result will be shown. Look for C:\Program Files\ESET\ESET Online Scanner\log.txt and open the file.
Post the contents in your reply.
If the contents of log.txt do not reflect what is shown in the result window, click on List of found threats, then Export to text file..., save a file and post that instead.
--------------------
Please post back:
1. the ESET log
2. how is the computer now?
Michelea1976
2012-12-06, 14:02
Hello, Sorry it took me a few days...i got sick and wasn't able to do much. The computer is doing good. I don't get the annoying red warning pop-up messages from Avast, and the realtek slide "wave" bar is staying put. Here is the log from ESET Online Scanning:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=23968e4a27e70e4c9e6e0ba15059bd33
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-12-06 04:52:55
# local_time=2012-12-05 11:52:55 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=770 16774141 100 95 523595 130557847 0 0
# scanned=65233
# found=7
# cleaned=0
# scan_time=8277
C:\Documents and Settings\Michele Acampora\Application Data\Sun\Java\Deployment\cache\6.0\27\5d6255db-49d5a278 a variant of Java/TrojanDownloader.Agent.NDJ trojan (unable to clean) 1E156D55A7840CFFBD157DB248544323A62ABDCC I
C:\Documents and Settings\Michele Acampora\Application Data\Sun\Java\Deployment\cache\6.0\32\3b578aa0-61d3db1e a variant of Java/TrojanDownloader.OpenStream.NCM trojan (unable to clean) 76FD3E53172676A61F6AF6FE788A06B368F02819 I
C:\Documents and Settings\Michele Acampora\Application Data\Sun\Java\Deployment\cache\6.0\6\511051c6-789d9fff multiple threats (unable to clean) A47EC8C2157620E36EA134251A70C0DF53052F37 I
C:\TDSSKiller_Quarantine\01.12.2012_19.31.55\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan (unable to clean) BD1D3BF759D78450B2F5ABD9F29B5EF91D684536 I
C:\TDSSKiller_Quarantine\01.12.2012_19.31.55\mbr0000\tdlfs0000\tsk0002.dta a variant of Win64/Olmarik.AM trojan (unable to clean) 4781EFFAD9D0938135EF5BA6626A8E482D3B0440 I
C:\TDSSKiller_Quarantine\02.12.2012_18.10.38\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan (unable to clean) BD1D3BF759D78450B2F5ABD9F29B5EF91D684536 I
C:\TDSSKiller_Quarantine\02.12.2012_18.10.38\mbr0000\tdlfs0000\tsk0002.dta a variant of Win64/Olmarik.AM trojan (unable to clean) 4781EFFAD9D0938135EF5BA6626A8E482D3B0440 I
Jack&Jill
2012-12-07, 01:41
Hello Michelea1976 :),
Sorry to hear that you were sick. Hope you are well now.
ESET's findings are from the Java cache and backups created when we did some fixes.
Go to Start > Control Panel. Double click on Java and the Java Control Panel will open. At the General tab, click on the Settings... below the Temporary Internet Files title. Press the Delete Files... button and OK your way out. The Java cache will be deleted.
--------------------
Your Adobe Reader is outdated. Older versions have security vulnerabilities that can be exploited.
Please update your Adobe Reader to the latest.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:
Adobe Reader 9.5.2 MUI
Go to the Adobe download page. Click here. (http://get.adobe.com/reader/)
If your OS is not the same as stated, click on Do you have a different language or operating system? link.
Under the Select an operating system title, choose the OS that you have.
Change the language at the Select a language title.
Next, select the version of the reader at the Select a Version title.
Uncheck (untick) to opt out of any optional toolbar or program installation.
Click the Download now button to proceed. Allow if prompted and save the file to a convenient location.
Run the downloaded file to continue with the installation.
If your OS is the same, uncheck (untick) to opt out of any optional toolbar or program installation.
Click Download to proceed. Allow if prompted and save the file to a convenient location.
Run the downloaded file to continue with the installation.
Alternatively, you can try Foxit Reader Portable (http://download.cnet.com/Foxit-Reader-Portable/3000-18497_4-75157356.html) or Nuance PDF Reader (http://download.cnet.com/Nuance-PDF-Reader/3000-18497_4-75128752.html).
--------------------
Your Java Runtime Environment is outdated. Older versions have security vulnerabilities that can be exploited.
Please update JRE to the latest.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:
Java(TM) 6 Update 26
Go to the Java SE download page. Click here. (http://www.java.com/en/download/manual.jsp)
Under the Windows title, click on Windows Offline (32-bit) or/and Windows Offline (64-bit) and save the file to your desktop.
Close any programs you may have running, especially your web browser.
Then, from your desktop, double click on the download to install the newest version. Reboot your computer.
--------------------
Your Firefox browser is outdated. Older versions have security vulnerabilities that can be exploited.
Mozilla Firefox 16.0.2 (x86 en-US)
Please update your Firefox browser to the latest.
Open Firefox.
Go to Help on the pull down menu, then select About Firefox.
Click on the Check for Updates button.
Continue accordingly and close it when done.
--------------------
Congratulations, you are All Clear to go. Glad to hear everything is good and running :). If you have any more problems, please let me know.
Now we need to clear out the programs we have been using to clean up your computer. They are not suitable for general malware removal and could cause damage if used inappropriately.
Go to Start > Run.... Copy and paste the following text into the white box:
ComboFix /uninstall
Click OK.
Run OTL by double clicking on OTL.exe. Click on CleanUp, proceed to reboot if prompted.
Delete all the tools we downloaded and used, plus any logs on your desktop.
Some tips to help you stay clean and safe:
1. Keep your Windows up to date. Enable Automatic Updates for Windows XP (http://www.bleepingcomputer.com/tutorials/tutorial35.html), Windows Vista (https://www.microsoft.com/windows/downloads/windowsupdate/learn/windowsvista.mspx) or Windows 7 (http://windows.microsoft.com/en-us/windows7/Turn-automatic-updating-on-or-off) to always update the latest security patches from Microsoft, or you can download from the Microsoft website. Otherwise, your computer will be vulnerable to new exploits or malwares.
2. Update your Antivirus program regularly, it is a must for constant protection against viruses. Please keep only one AV installed.
3. Install Malwarebytes' Anti-Malware if you haven't and use it occasionally. It is a new and powerful anti-malware tool (http://www.malwarebytes.org/mbam.php), totally free but for real-time protection you will have to pay a small one-time fee.
4. Install WinPatrol, a great protection program (http://www.winpatrol.com/) that helps you monitor for unwanted files or applications.
5. Use a hosts file to block the access of bad sites from your computer. Get yourself a MVPS Hosts (http://www.mvps.org/winhelp2002/hosts.htm) for this purpose.
6. Install Web of Trust (WOT). WOT (http://www.mywot.com/) keeps you from dangerous websites with warnings and blockings.
7. Keep all your softwares updated. Visit Secunia Software Inspector (http://secunia.com/software_inspector/) to find out if any updates required.
8. Also look up:
Computer Security - a short guide to staying safer online (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=54766)
PC Safety and Security - What Do I Need? By Glaswegian (http://www.techsupportforum.com/security-center/general-computer-security/525915-pc-safety-security-what-do-i-need.html)
How to prevent malware: By miekiemoes (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)
So how did I get infected in the first place? By Tony Klein (http://forums.spybot.info/showthread.php?t=279)
Microsoft Online Safety (http://www.microsoft.com/protect/default.aspx)
Stay safe.
Your donation helps in improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)
Michelea1976
2012-12-07, 14:09
Thank you so very much! And I thought I had to reformat the drive or buy a whole new netbook!! You saved me some money, so thanks!!! I have done as you said, removed the programs and upgraded the different programs you put in your reply. No issues with the computer, and thank you once again for your help! I'm going to make a donation to Spybot to help keep this free service available to others. Have a great day!!!!
Michele
Jack&Jill
2012-12-08, 18:16
As your problems appear to have been resolved, this topic is now closed.
We are glad to be of help. If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read:
Your donation helps in improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)