AV and FW flaggin an unknown trojan

Question

Sabre2th 0 Newbie Poster

12 Years Ago

Hello Daniweb,

I would be very grateful if someone could have a look at these scans and recommend a course of action to clean my computer of this virus. I have followed the instructions in the sticky to produce the following logs.

The symptoms I am experiencing are that iexplorer.exe starts running mysteriously despite me never using the application. Sometimes multiple instances are running and when I terminate them they reappear. It is making the system unstable not to mention the recurring trojan flag from comodo firewall.

These symptoms are still apparent after running the recommended scans as well as running a full Avast AV scan.

Here are my logs and I hope someone can help me out.
BTW I am running Win XP.
Thanks

MalwareBytes Log
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.15.10

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Sabre2th :: SUFFICIENT [administrator]

16/07/2012 18:30:57
mbam-log-2012-07-16 (18-30-57).txt

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: D:\Documents and Settings\Sabre2th\Local Settings\Application Data{156cc7ff-8a28-25e2-b67c-d02b1d0250a9}\n. -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCR\CLSID{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32| (Trojan.Zaccess) -> Bad: (\.\globalroot\systemroot\Installer{156cc7ff-8a28-25e2-b67c-d02b1d0250a9}\n.) Good: (wbemess.dll) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
D:\System Volume Information_restore{84B6AE5E-DC92-41E0-A1AE-874CDD045680}\RP346\A0091760.ini (Trojan.0access) -> Quarantined and deleted successfully.
D:\System Volume Information_restore{84B6AE5E-DC92-41E0-A1AE-874CDD045680}\RP346\A0091799.ini (Trojan.0access) -> Quarantined and deleted successfully.
D:\WINDOWS\Installer{156cc7ff-8a28-25e2-b67c-d02b1d0250a9}\U\00000004.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
D:\WINDOWS\Installer{156cc7ff-8a28-25e2-b67c-d02b1d0250a9}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
D:\WINDOWS\Installer{156cc7ff-8a28-25e2-b67c-d02b1d0250a9}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
D:\WINDOWS\Installer{156cc7ff-8a28-25e2-b67c-d02b1d0250a9}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully.

(end)

Gmer1
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-07-16 16:14:17
Windows 5.1.2600 Service Pack 3
Running: 7dghdmy5.exe; Driver: D:\DOCUME~1\Sabre2th\LOCALS~1\Temp\pwtcapob.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- EOF - GMER 1.0.15 ----

Gmer2
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-16 18:26:22
Windows 5.1.2600 Service Pack 3
Running: 7dghdmy5.exe; Driver: D:\DOCUME~1\Sabre2th\LOCALS~1\Temp\pwtcapob.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
---- Processes - GMER 1.0.15 ----

Library c:\windows\system32\n (*** hidden *** ) @ D:\windows\Explorer.EXE [1276] 0x013D0000
Library c:\windows\system32\n (*** hidden *** ) @ D:\windows\system32\svchost.exe [1352] 0x014C0000

---- EOF - GMER 1.0.15 ----

windows-virus

2 Contributors
19 Replies
410 Views
1 Week Discussion Span
Latest Post 12 Years Ago Latest Post by gerbil

gerbil 216 Industrious Poster

12 Years Ago

Hello, sabre,
==Download TDSSkiller from this link, save it to your desktop:
http://support.kaspersky.com/downloads/utils/tdsskiller.exe -you may need to download it to a clean computer and then transfer it to the desktop using a USB flash drive.
-click Change Parameters. Under Additional options, check both boxes, Verify Driver Digital Signature and Detect TDLFS file system; click OK.
-click Start scan;
-if TDSSKiller finds a rootkit and prompts a Cure then press Continue [a reboot may be required];
-press Continue also on any Skip prompt for suspicious files. Do not delete or quarantine any files.
Post the log from D:.

gerbil 216 Industrious Poster

12 Years Ago

Apache2.2\bin\httpd.exe

Hi again, sabre.
Please rerun TDSSkiller, and Delete these two entries when they show:
\Device\Harddisk0\DR0 ( TDSS File System ) - warning
\Device\Harddisk0\DR0 - detected TDSS File System (1)
-post the log.

Now let's see if this can detect more of that rootkit. Download aswMBR from http://www.bleepingcomputer.com/download/aswmbr/
Start it, press Scan [it will download virus definitions from Avast], then Save log. Post that, please.
An MBR.dat file will appear on your desktop, it is a copy of your MBR. Do not delete it.

Edited 12 Years Ago by gerbil

gerbil 216 Industrious Poster

12 Years Ago

Sabre, make sure that all your Avast services are running. Some failed to start earlier.
The rootkit has regenerated after some earlier action. Right, you need to follow these instructions carefully: firstly, you shall download some tools and updates; secondly attempt a couple of deletions, then run the tools in the order given WITHOUT any reboot until Combofix demands it [a reboot would restart any malware configured to start at boot].
-download Rkill, save it to your desktop, from http://www.bleepingcomputer.com/download/rkill/
-download this file also to your DESKTOP: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-download OTL from http://oldtimer.geekstogo.com/OTL.exe
-update MBAM, don't scan yet.
Okay, run these tools in Normal mode, close all other applications but keep a copy of these instructions open in a notepad.
**Dclick the Rkill icon to start it, if it runs successfully a notepad log will pop, don't post it. If it doesn't run, try running the downloads from one or both of these sites:
http://download.bleepingcomputer.com/grinler/rkill.scr
http://download.bleepingcomputer.com/grinler/rkill.com
If none work, please say.
**Run TDSSkiller, if TDSS or TDLFS show again then quarantine them.

**Do a Full scan with the updated MBAM, fix what it finds but do not reboot even if requested.

**attempt to delete this file and folder; you will have to show hidden files and folders in explorer, else use the cmd window and DIR, then DEL.
file- D:\windows\assembly\GAC\Desktop.ini
folder- D:\Documents and Settings\Sabre2th\Local Settings\Application Data{156cc7ff-8a28-25e2-b67c-d02b1d0250a9}\

**Combofix: turn off your Antivirus, Antispyware and Firewall for the duration of this scan.
-dclick the Combofix.exe icon and follow the prompts to start it, agree to all prompts. If you do not have it installed already, Combofix will download and install the Recovery Console on your system.
A word of caution - do not touch your mouse/keyboard until the scan has completed [your computer will restart automatically] when a log, C:\Combofix.txt , will pop onto your desktop - post that log in your next reply.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.

**Turn on your AV, AS, Firewall.

**Dclick OTL.exe to start the application; in the window that opens choose, Scan All Users, Standard Registry ALL, check both LOP and Purity boxes, and then press Run Scan.
The scan will take maybe 5 minutes; 2 notepads will present [they are saved to the place from where you ran OTL.exe] - post both, please.

Fine. Please present all logs [bar Rkill] for as far as you could go.

Note:
In the cmd window you would type [or paste from here]:
dir D:\windows\assembly\GAC /a: s h r <<= the spaces before s, h, r are important.
del D:\windows\assembly\GAC\Desktop.ini /f
and
rmdir /s D:\Documents and Settings\Sabre2th\Local Settings\Application Data{156cc7ff-8a28-25e2-b67c-d02b1d0250a9}\

Edited 12 Years Ago by gerbil

gerbil 216 Industrious Poster

12 Years Ago

To be safe, use Avast to scan both iexplore.exe in Pgm Files\Internet Explorer and explorer.exe in \Windows.
Rerun Rkill [the flashing black cmd windows are normal] and when Avast alerts you set the permission to Allow and Ok it each time. Rkill.exe etc should finalise and present a log in a notepad, and disappear as a running process. It is important to try to run all these procedures in Normal mode

Edited 12 Years Ago by gerbil

gerbil 216 Industrious Poster

12 Years Ago

That's good, Sabre. There are a few things to fix, still. Btw, once the rootkit was removed, MBAM could see, and so quarantined, that file and folder I listed for manual deletion.
Your d:\windows\System32\spoolsv.exe ... is missing ... there is a good but earlier copy at d:\windows\ServicePackFiles\i386\spoolsv.exe, and OTL will replace the missing file with this, but I recommend you get the later version by downloading KB2347290 from M$ Updates.
Copy the following code into OTL's Custom Fixes/Scans box, then press Run Fix.

:OTL
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
DRV - File not found [Kernel | On_Demand | Unknown] -- D:\DOCUME~1\Sabre2th\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\DOCUME~1\Sabre2th\LOCALS~1\Temp\ALSysIO.sys -- (ALSysIO)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-299502267-287218729-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-299502267-287218729-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-299502267-287218729-839522115-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{3A056AA9-CEDF-11E1-8270-B8AC6F996F26}: D:\Documents and Settings\Sabre2th\Local Settings\Application Data\{3A056AA9-CEDF-11E1-8270-B8AC6F996F26}\
O18 - Protocol\Handler\msdaipp - No CLSID value found
:Files
d:\windows\System32\spoolsv.exe|d:\windows\ServicePackFiles\i386\spoolsv.exe /replace
:cleanup
GMER
TDSSKiller
:Commands
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]

Post that log.

Remove all old versions of Java.
Delete RKill and its log
Go Start, and Run d:\documents and settings\Sabre2th\Desktop\Virus hunting\ComboFix.exe /Uninstall

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Sabre2th 0 Newbie Poster · Answer 1 · 2012-07-16T19:06:11+00:00

dds logs (not letting me post without 'code' formatting)

DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.3.1
Run by Sabre2th at 19:40:48 on 2012-07-16
Microsoft Windows XP Home Edition  5.1.2600.3.1252.44.1033.18.2045.1375 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Disabled* 
.
============== Running Processes ===============
.
D:\windows\system32\Ati2evxx.exe
D:\windows\system32\svchost -k DcomLaunch
svchost.exe
D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
D:\windows\system32\svchost.exe -k netsvcs
svchost.exe
D:\windows\system32\Ati2evxx.exe
svchost.exe
D:\Program Files\AVAST Software\Avast\AvastSvc.exe
D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\Motive\McciCMService.exe
D:\Program Files\Tunngle\TnglCtrl.exe
d:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
D:\windows\system32\wuauclt.exe
d:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
D:\windows\Explorer.EXE
D:\Program Files\COMODO\COMODO Internet Security\cfp.exe
D:\Program Files\AVAST Software\Avast\avastUI.exe
D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
D:\windows\system32\rundll32.exe
D:\windows\system32\ctfmon.exe
D:\Documents and Settings\Sabre2th\Application Data\Spotify\Data\SpotifyWebHelper.exe
d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\windows\system32\taskmgr.exe
d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = my.daemon-search.com
uInternet Connection Wizard,ShellNext = "d:\program files\outlook express\msimn.exe" //mailurl:mailto:community@ageofempiresonline.com
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - d:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - d:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - d:\program files\daemon tools toolbar\DTToolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - d:\program files\avast software\avast\aswWebRepIE.dll
uRun: [CTFMON.EXE] d:\windows\system32\ctfmon.exe
uRun: [Spotify Web Helper] "d:\documents and settings\sabre2th\application data\spotify\data\SpotifyWebHelper.exe"
uRun: [DAEMON Tools Lite] "d:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Google Update] "d:\documents and settings\sabre2th\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [COMODO Internet Security] "d:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [avast] "d:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [amd_dc_opt] d:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [StartCCC] "d:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [LogMeIn Hamachi Ui] "d:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [XSECVA] d:\documents and settings\sabre2th\application data\xsecva\xsecva.exe -s
mRun: [mdgfi] "d:\windows\system32\rundll32.exe" "d:\documents and settings\sabre2th\application data\mdgfi.dll",ReallocADsMem
dRun: [CTFMON.EXE] d:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: NoInternetIcon = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMMyPictures = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-system: DisableCAD = 1 (0x1)
dPolicies-explorer: NoInternetIcon = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMMyPictures = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{266B92E4-CBA0-4A26-8F67-9E464D0AFE3C} : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: d:\windows\system32\guard32.dll   d:\windows\system32\guard32.dll
SecurityProviders: schannel.dll, digest.dll
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\documents and settings\sabre2th\application data\mozilla\firefox\profiles\rdvvc98g.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - plugin: d:\documents and settings\sabre2th\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: d:\documents and settings\sabre2th\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: d:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: d:\program files\common files\motive\npMotive.dll
FF - plugin: d:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: d:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: d:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: d:\program files\oracle\javafx 2.0 runtime\bin\plugin2\npjp2.dll
FF - plugin: d:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: d:\windows\system32\npdeployJava1.dll
FF - plugin: d:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AppleCharger;AppleCharger;d:\windows\system32\drivers\AppleCharger.sys [2011-7-9 19496]
R1 aswSnx;aswSnx;d:\windows\system32\drivers\aswSnx.sys [2011-7-14 721000]
R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [2011-7-14 353688]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;d:\windows\system32\drivers\cmdGuard.sys [2011-6-30 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;d:\windows\system32\drivers\cmdhlp.sys [2011-6-30 31704]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;d:\windows\system32\drivers\dtsoftbus01.sys [2012-7-9 242240]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [2011-7-14 21256]
R2 avast! Antivirus;avast! Antivirus;d:\program files\avast software\avast\AvastSvc.exe [2011-7-14 44808]
R2 cmdAgent;COMODO Internet Security Helper Service;d:\program files\comodo\comodo internet security\cmdagent.exe [2011-6-30 1983232]
R2 cpuz135;cpuz135;d:\windows\system32\drivers\cpuz135_x32.sys [2011-7-8 21992]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\program files\logmein hamachi\hamachi-2.exe [2012-6-27 1385896]
R2 TunngleService;TunngleService;d:\program files\tunngle\TnglCtrl.exe [2011-9-6 741224]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;d:\windows\system32\drivers\AtihdXP3.sys [2011-11-22 100368]
R3 usbfilter;AMD USB Filter Driver;d:\windows\system32\drivers\usbfilter.sys [2011-11-22 30392]
S2 Apache2.2;Apache2.2;d:\program files\apache software foundation\apache2.2\bin\httpd.exe [2011-9-9 20549]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;d:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 250056]
S3 ALSysIO;ALSysIO;\??\d:\docume~1\sabre2th\locals~1\temp\alsysio.sys --> d:\docume~1\sabre2th\locals~1\temp\ALSysIO.sys [?]
S3 Ambfilt;Ambfilt;d:\windows\system32\drivers\Ambfilt.sys [2011-7-8 1691480]
S3 AODDriver;AODDriver;d:\program files\gigabyte\et6\i386\AODDriver.sys [2010-3-12 36864]
S3 etdrv;etdrv;d:\windows\etdrv.sys [2011-9-18 17488]
S3 GVTDrv;GVTDrv;d:\windows\system32\drivers\GVTDrv.sys [2011-9-18 24944]
S3 MozillaMaintenance;Mozilla Maintenance Service;d:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]
S3 Neo_VPN;VPN Client Device Driver - VPN;d:\windows\system32\drivers\Neo_0029.sys [2011-9-7 22000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
.
=============== File Associations ===============
.
.txt=Notepad++_file
.
=============== Created Last 30 ================
.
2012-07-16 01:08:21 --------    d-----w-    d:\program files\Bullfrog
2012-07-16 00:40:37 --------    d-----w-    d:\documents and settings\sabre2th\local settings\application data\{3A05A615-CEDF-11E1-8270-B8AC6F996F26}
2012-07-16 00:40:37 --------    d-----w-    d:\documents and settings\sabre2th\local settings\application data\{3A056AA9-CEDF-11E1-8270-B8AC6F996F26}
2012-07-16 00:40:35 387584  ----a-w-    d:\documents and settings\sabre2th\application data\mdgfi.dll
2012-07-16 00:39:33 --------    d-----w-    d:\documents and settings\sabre2th\application data\xsecva
2012-07-13 23:40:00 --------    d-----w-    d:\windows\system32\AGEIA
2012-07-13 23:38:32 --------    d-----w-    d:\program files\common files\Wise Installation Wizard
2012-07-13 23:38:31 --------    d-----w-    d:\program files\OpenAL
2012-07-09 14:10:28 242240  ----a-w-    d:\windows\system32\drivers\dtsoftbus01.sys
2012-07-09 14:06:23 --------    d-----w-    d:\program files\DAEMON Tools Lite
2012-07-09 13:49:25 279712  ----a-w-    d:\windows\system32\drivers\atksgt.sys
2012-07-09 13:49:25 25888   ----a-w-    d:\windows\system32\drivers\lirsgt.sys
2012-07-09 13:47:53 819200  ----a-w-    d:\program files\windows media player\wmsetsdk.exe
2012-07-09 13:47:53 47616   ----a-w-    d:\program files\windows media player\msoobci.dll
2012-07-09 13:47:04 --------    d-----w-    d:\windows\RegisteredPackages
2012-07-09 13:22:03 --------    d-----w-    d:\program files\EGOSOFT
2012-07-02 10:40:19 --------    d-----w-    d:\program files\LogMeIn Hamachi
.
==================== Find3M  ====================
.
2012-07-13 23:38:31 413696  ----a-w-    d:\windows\system32\wrap_oal.dll
2012-07-13 23:38:30 110592  ----a-w-    d:\windows\system32\OpenAL32.dll
2012-07-11 20:31:10 70344   ----a-w-    d:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-11 20:31:10 426184  ----a-w-    d:\windows\system32\FlashPlayerApp.exe
2012-07-09 14:10:30 24944   ----a-w-    d:\windows\system32\drivers\GVTDrv.sys
2012-07-09 14:09:43 17488   ----a-w-    d:\windows\gdrv.sys
2012-07-03 16:21:53 721000  ----a-w-    d:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21:32 41224   ----a-w-    d:\windows\avastSS.scr
2012-07-03 12:46:44 22344   ----a-w-    d:\windows\system32\drivers\mbam.sys
2012-06-13 13:19:59 1866112 ----a-w-    d:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ------w-    d:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w-    d:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576  ----a-w-    d:\windows\system32\schannel.dll
2012-06-02 14:19:44 22040   ----a-w-    d:\windows\system32\wucltui.dll.mui
2012-06-02 14:19:38 219160  ----a-w-    d:\windows\system32\wuaucpl.cpl
2012-06-02 14:19:38 15384   ----a-w-    d:\windows\system32\wuaucpl.cpl.mui
2012-06-02 14:19:34 15384   ----a-w-    d:\windows\system32\wuapi.dll.mui
2012-06-02 14:19:30 17944   ----a-w-    d:\windows\system32\wuaueng.dll.mui
2012-06-02 14:18:58 275696  ----a-w-    d:\windows\system32\mucltui.dll
2012-06-02 14:18:58 214256  ----a-w-    d:\windows\system32\muweb.dll
2012-06-02 14:18:58 17136   ----a-w-    d:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040  ----a-w-    d:\windows\system32\crypt32.dll
2012-05-27 20:35:47 43520   ----a-w-    d:\windows\system32\CmdLineExt03.dll
2012-05-16 15:08:26 916992  ----a-w-    d:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520   ------w-    d:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ----a-w-    d:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024  ------w-    d:\windows\system32\html.iec
2012-05-10 23:19:30 17488   ----a-w-    d:\windows\etdrv.sys
2012-05-04 13:16:13 2148352 ----a-w-    d:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w-    d:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656  ----a-w-    d:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 19:43:41.76 ===============

Sabre2th 0 Newbie Poster · Answer 2 · 2012-07-16T19:08:01+00:00

dds attach.txt (sorry for multiple posting - seems the text input height is limited)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 08/07/2011 06:59:32
System Uptime: 16/07/2012 19:33:33 (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | GA-770T-D3L
Processor: AMD Phenom(tm) II X2 560 Processor | Socket M2 | 3314/200mhz
.
==== Disk Partitions =========================
.
D: is FIXED (NTFS) - 149 GiB total, 15.097 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E969-E325-11CE-BFC1-08002BE10318}
Description: Standard floppy disk controller
Device ID: ACPI\PNP0700\3&61AAA01&0
Manufacturer: (Standard floppy disk controllers)
Name: Standard floppy disk controller
PNP Device ID: ACPI\PNP0700\3&61AAA01&0
Service: fdc
.
==== System Restore Points ===================
.
RP338: 09/07/2012 14:48:41 - Installed Windows Media Format Runtime
RP339: 09/07/2012 17:09:52 - System Checkpoint
RP340: 11/07/2012 01:29:21 - System Checkpoint
RP341: 11/07/2012 21:23:13 - Software Distribution Service 3.0
RP342: 13/07/2012 03:09:01 - System Checkpoint
RP343: 14/07/2012 00:38:00 - Installed DirectX
RP344: 14/07/2012 00:39:57 - Installed NVIDIA PhysX v8.06.12
RP345: 14/07/2012 14:57:06 - Software Distribution Service 3.0
RP346: 15/07/2012 16:07:46 - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Age of Empires Online
AMD APP SDK Runtime
AMD AVIVO Codecs
AMD Catalyst Install Manager
AMD Processor Driver
AMD USB Filter Driver
Android SDK Tools
Anno 2070
Apache HTTP Server 2.2.21
ARMA 2: Free
Auslogics Disk Defrag
avast! Free Antivirus
BattlEye (A2Free) Uninstall
BT Broadband Desktop Help
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help English
COMODO Internet Security
Core Temp 1.0 RC3
CPUID CPU-Z 1.58
DAEMON Tools Lite
DAEMON Tools Toolbar
Diablo III
DivX Setup
Dual-Core Optimizer
Dungeon Defenders
Dungeon Keeper 2
Easy Tune 6 B11.0822.1
ESET Online Scanner v3
FileZilla Client 3.5.3
Flashpoint uninstall
Fraps
Free ISO Creator version 2.8
Garry's Mod
Geeks3D.com FurMark 1.9.1
GIMP 2.6.11
Google Chrome
High Definition Audio Driver Package - KB888111
Homeworld2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958655-v2)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 31
Java(TM) 7 Update 3
Java(TM) SE Development Kit 7 Update 3
JavaFX 2.0.3
JavaFX 2.0.3 SDK
K-Lite Codec Pack 4.0.0 (Full)
LogMeIn Hamachi
Magicka
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Help Viewer 1.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Excel MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server System CLR Types
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft XNA Framework Redistributable 3.1
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
Notepad++
NVIDIA PhysX v8.06.12
ON_OFF Charge B10.0427.1
OpenAL
OpenOffice.org 3.3
PDFCreator
Pharaoh
PrimoPDF -- brought to you by Nitro PDF Software
Prism Video File Converter
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Shoot Many Robots
SimCity 4 Deluxe
Skype Click to Call
Skype™ 5.5
Spotify
Spybot - Search & Destroy
SpywareBlaster 4.4
StarCraft II
Steam
Stronghold Kingdoms
Switch Sound File Converter
Team Fortress 2
TeamViewer 7
Tom Clancy's Ghost Recon: Advanced Warfighter 2
Ubisoft Game Launcher
UFO Aftershock
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.6195
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
WebFldrs XP
WinDirStat 1.1.2
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format Runtime
Windows XP Service Pack 3
WinRAR 4.01 (32-bit)
Wise Disk Cleaner 5.93
Wise Registry Cleaner 5.9.4
X3 Terran Conflict v3.2
Xvid MPEG-4 Video Codec
.
==== Event Viewer Messages From Past Week ========
.
16/07/2012 14:17:43, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Aavmker4 AmdPPM AppleCharger aswSnx aswSP aswTdi cmdGuard Fips
16/07/2012 14:16:48, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
16/07/2012 01:58:30, error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
16/07/2012 01:42:08, error: Service Control Manager [7034]  - The TunngleService service terminated unexpectedly.  It has done this 1 time(s).
11/07/2012 15:13:00, error: Schedule [7901]  - The At1.job command failed to start due to the following error:  %%2147942402
10/07/2012 10:19:44, error: Service Control Manager [7034]  - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly.  It has done this 1 time(s).
09/07/2012 15:10:15, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
09/07/2012 14:47:35, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000056' while processing the file 'wmvcore.dll.new' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.
.
==== End Of File ===========================

Sabre2th 0 Newbie Poster · Answer 3 · 2012-07-17T13:43:41+00:00

Thankyou, gerbil, for your quick response. I hope we can clean this machine.

TDSSKiller report

14:21:48.0765 2208  TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
14:21:50.0765 2208  ============================================================
14:21:50.0765 2208  Current date / time: 2012/07/17 14:21:50.0765
14:21:50.0765 2208  SystemInfo:
14:21:50.0765 2208  
14:21:50.0765 2208  OS Version: 5.1.2600 ServicePack: 3.0
14:21:50.0765 2208  Product type: Workstation
14:21:50.0765 2208  ComputerName: SUFFICIENT
14:21:50.0765 2208  UserName: Sabre2th
14:21:50.0765 2208  Windows directory: D:\windows
14:21:50.0765 2208  System windows directory: D:\windows
14:21:50.0765 2208  Processor architecture: Intel x86
14:21:50.0765 2208  Number of processors: 2
14:21:50.0765 2208  Page size: 0x1000
14:21:50.0765 2208  Boot type: Normal boot
14:21:50.0765 2208  ============================================================
14:21:52.0515 2208  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:21:52.0546 2208  ============================================================
14:21:52.0546 2208  \Device\Harddisk0\DR0:
14:21:52.0562 2208  MBR partitions:
14:21:52.0562 2208  \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
14:21:52.0562 2208  ============================================================
14:21:52.0687 2208  D: <-> \Device\Harddisk0\DR0\Partition0
14:21:52.0687 2208  ============================================================
14:21:52.0687 2208  Initialize success
14:21:52.0687 2208  ============================================================
14:24:13.0234 1940  ============================================================
14:24:13.0234 1940  Scan started
14:24:13.0234 1940  Mode: Manual; SigCheck; TDLFS; 
14:24:13.0234 1940  ============================================================
14:24:13.0531 1940  Aavmker4        (0b27ae82c113d3687024d18459440426) D:\windows\system32\drivers\Aavmker4.sys
14:24:13.0750 1940  Aavmker4 - ok
14:24:13.0750 1940  Abiosdsk - ok
14:24:13.0781 1940  ACPI            (8fd99680a539792a30e97944fdaecf17) D:\windows\system32\DRIVERS\ACPI.sys
14:24:14.0453 1940  ACPI - ok
14:24:14.0468 1940  ACPIEC          (9859c0f6936e723e4892d7141b1327d5) D:\windows\system32\drivers\ACPIEC.sys
14:24:14.0562 1940  ACPIEC - ok
14:24:14.0609 1940  AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) D:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:24:14.0625 1940  AdobeFlashPlayerUpdateSvc - ok
14:24:14.0656 1940  aec             (8bed39e3c35d6a489438b8141717a557) D:\windows\system32\drivers\aec.sys
14:24:14.0765 1940  aec - ok
14:24:14.0796 1940  AFD             (1e44bc1e83d8fd2305f8d452db109cf9) D:\windows\System32\drivers\afd.sys
14:24:14.0843 1940  AFD - ok
14:24:14.0875 1940  Alerter         (a9a3daa780ca6c9671a19d52456705b4) D:\windows\system32\alrsvc.dll
14:24:15.0000 1940  Alerter - ok
14:24:15.0015 1940  ALG             (8c515081584a38aa007909cd02020b3d) D:\windows\System32\alg.exe
14:24:15.0078 1940  ALG - ok
14:24:15.0078 1940  AliIde - ok
14:24:15.0171 1940  ALSysIO - ok
14:24:15.0296 1940  Ambfilt         (267fc636801edc5ab28e14036349e3be) D:\windows\system32\drivers\Ambfilt.sys
14:24:15.0390 1940  Ambfilt - ok
14:24:15.0593 1940  AmdLLD          (ad8fa28d8ed0d0a689a0559085ce0f18) D:\windows\system32\DRIVERS\AmdLLD.sys
14:24:15.0625 1940  AmdLLD - ok
14:24:15.0656 1940  AmdPPM          (033448d435e65c4bd72e70521fd05c76) D:\windows\system32\DRIVERS\AmdPPM.sys
14:24:15.0687 1940  AmdPPM - ok
14:24:15.0781 1940  AODDriver       (5bd30b502168013c9ea03a5c2f1c9776) D:\Program Files\GIGABYTE\ET6\i386\AODDriver.sys
14:24:15.0812 1940  AODDriver ( UnsignedFile.Multi.Generic ) - warning
14:24:15.0812 1940  AODDriver - detected UnsignedFile.Multi.Generic (1)
14:24:15.0906 1940  Apache2.2       (44ceaff41ede4297f30913ddf80d17c1) D:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
14:24:15.0921 1940  Apache2.2 ( UnsignedFile.Multi.Generic ) - warning
14:24:15.0921 1940  Apache2.2 - detected UnsignedFile.Multi.Generic (1)
14:24:15.0937 1940  AppleCharger    (75a8b998eb259dd512f01ea25bec7f3b) D:\windows\system32\DRIVERS\AppleCharger.sys
14:24:15.0953 1940  AppleCharger - ok
14:24:15.0984 1940  AppleChargerSrv (95ef7247c50c7241fdae39a9b3aff4ae) D:\windows\system32\AppleChargerSrv.exe
14:24:16.0000 1940  AppleChargerSrv - ok
14:24:16.0000 1940  AppMgmt - ok
14:24:16.0109 1940  aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) D:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:24:16.0156 1940  aspnet_state - ok
14:24:16.0171 1940  aswFsBlk        (1c1f3d6dddc046c920c493a779649f66) D:\windows\system32\drivers\aswFsBlk.sys
14:24:16.0187 1940  aswFsBlk - ok
14:24:16.0218 1940  aswMon2         (9e912fe7b41650701ef2b227aca440f3) D:\windows\system32\drivers\aswMon2.sys
14:24:16.0250 1940  aswMon2 - ok
14:24:16.0281 1940  aswRdr          (982e275d1c5801042fe94209fb0160fb) D:\windows\system32\drivers\aswRdr.sys
14:24:16.0296 1940  aswRdr - ok
14:24:16.0359 1940  aswSnx          (73dbcf808e00580f2a47f93dd9b03876) D:\windows\system32\drivers\aswSnx.sys
14:24:16.0406 1940  aswSnx - ok
14:24:16.0437 1940  aswSP           (6cbd7d3a33f498d09c831cdd732da2e0) D:\windows\system32\drivers\aswSP.sys
14:24:16.0484 1940  aswSP - ok
14:24:16.0515 1940  aswTdi          (7109a9aa551f37cd168c02368465957e) D:\windows\system32\drivers\aswTdi.sys
14:24:16.0531 1940  aswTdi - ok
14:24:16.0562 1940  AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) D:\windows\system32\DRIVERS\asyncmac.sys
14:24:16.0671 1940  AsyncMac - ok
14:24:16.0703 1940  atapi           (9f3a2f5aa6875c72bf062c712cfa2674) D:\windows\system32\DRIVERS\atapi.sys
14:24:16.0812 1940  atapi - ok
14:24:16.0828 1940  Atdisk - ok
14:24:16.0890 1940  Ati HotKey Poller (c434b72352fadd9249d5541274021570) D:\windows\system32\Ati2evxx.exe
14:24:17.0000 1940  Ati HotKey Poller - ok
14:24:17.0406 1940  ati2mtag        (b4368b39a18630c3ec8d7f496f76f19b) D:\windows\system32\DRIVERS\ati2mtag.sys
14:24:17.0875 1940  ati2mtag - ok
14:24:18.0062 1940  AtiHDAudioService (bd9ca8136738040d3257363ed12be693) D:\windows\system32\drivers\AtihdXP3.sys
14:24:18.0109 1940  AtiHDAudioService - ok
14:24:18.0156 1940  atksgt          (f9c24d25d9ff29f894995a64812b4d85) D:\windows\system32\DRIVERS\atksgt.sys
14:24:18.0218 1940  atksgt - ok
14:24:18.0250 1940  Atmarpc         (9916c1225104ba14794209cfa8012159) D:\windows\system32\DRIVERS\atmarpc.sys
14:24:18.0515 1940  Atmarpc - ok
14:24:18.0531 1940  AudioSrv        (def7a7882bec100fe0b2ce2549188f9d) D:\windows\System32\audiosrv.dll
14:24:18.0671 1940  AudioSrv - ok
14:24:18.0703 1940  audstub         (d9f724aa26c010a217c97606b160ed68) D:\windows\system32\DRIVERS\audstub.sys
14:24:18.0828 1940  audstub - ok
14:24:18.0906 1940  avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:24:18.0937 1940  avast! Antivirus - ok
14:24:18.0968 1940  Beep            (da1f27d85e0d1525f6621372e7b685e9) D:\windows\system32\drivers\Beep.sys
14:24:19.0093 1940  Beep - ok
14:24:19.0140 1940  BITS            (574738f61fca2935f5265dc4e5691314) D:\windows\system32\qmgr.dll
14:24:19.0296 1940  BITS - ok
14:24:19.0312 1940  Bridge          (f934d1b230f84e1d19dd00ac5a7a83ed) D:\windows\system32\DRIVERS\bridge.sys
14:24:19.0375 1940  Bridge - ok
14:24:19.0390 1940  BridgeMP        (f934d1b230f84e1d19dd00ac5a7a83ed) D:\windows\system32\DRIVERS\bridge.sys
14:24:19.0437 1940  BridgeMP - ok
14:24:19.0468 1940  Browser         (a06ce3399d16db864f55faeb1f1927a9) D:\windows\System32\browser.dll
14:24:19.0593 1940  Browser - ok
14:24:19.0609 1940  Cdaudio         (c1b486a7658353d33a10cc15211a873b) D:\windows\system32\drivers\Cdaudio.sys
14:24:19.0718 1940  Cdaudio - ok
14:24:19.0734 1940  Cdfs            (c885b02847f5d2fd45a24e219ed93b32) D:\windows\system32\drivers\Cdfs.sys
14:24:19.0875 1940  Cdfs - ok
14:24:19.0921 1940  Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) D:\windows\system32\DRIVERS\cdrom.sys
14:24:20.0031 1940  Cdrom - ok
14:24:20.0031 1940  Changer - ok
14:24:20.0062 1940  CiSvc           (1cfe720eb8d93a7158a4ebc3ab178bde) D:\windows\system32\cisvc.exe
14:24:20.0250 1940  CiSvc - ok
14:24:20.0281 1940  ClipSrv         (34cbe729f38138217f9c80212a2a0c82) D:\windows\system32\clipsrv.exe
14:24:20.0406 1940  ClipSrv - ok
14:24:20.0484 1940  clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:24:20.0546 1940  clr_optimization_v2.0.50727_32 - ok
14:24:20.0609 1940  clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) D:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:24:20.0671 1940  clr_optimization_v4.0.30319_32 - ok
14:24:20.0828 1940  cmdAgent        (907324001ae25ac5959c91eaa34cabae) D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
14:24:21.0000 1940  cmdAgent - ok
14:24:21.0203 1940  cmdGuard        (bee235831f8e3f0baaca18b39d285cf5) D:\windows\system32\DRIVERS\cmdguard.sys
14:24:21.0265 1940  cmdGuard - ok
14:24:21.0281 1940  cmdHlp          (de548946f36cab62fec2e6aa0149a619) D:\windows\system32\DRIVERS\cmdhlp.sys
14:24:21.0312 1940  cmdHlp - ok
14:24:21.0312 1940  CmdIde - ok
14:24:21.0328 1940  COMSysApp - ok
14:24:21.0375 1940  cpuz135         (c2eb4539a4f6ab6edd01bdc191619975) D:\windows\system32\drivers\cpuz135_x32.sys
14:24:21.0406 1940  cpuz135 - ok
14:24:21.0437 1940  CryptSvc        (3d4e199942e29207970e04315d02ad3b) D:\windows\System32\cryptsvc.dll
14:24:21.0718 1940  CryptSvc - ok
14:24:21.0765 1940  DcomLaunch      (6b27a5c03dfb94b4245739065431322c) D:\windows\system32\rpcss.dll
14:24:21.0859 1940  DcomLaunch - ok
14:24:21.0906 1940  Dhcp            (5e38d7684a49cacfb752b046357e0589) D:\windows\System32\dhcpcsvc.dll
14:24:22.0156 1940  Dhcp - ok
14:24:22.0171 1940  Disk            (044452051f3e02e7963599fc8f4f3e25) D:\windows\system32\DRIVERS\disk.sys
14:24:22.0328 1940  Disk - ok
14:24:22.0328 1940  dmadmin - ok
14:24:22.0406 1940  dmboot          (d992fe1274bde0f84ad826acae022a41) D:\windows\system32\drivers\dmboot.sys
14:24:22.0531 1940  dmboot - ok
14:24:22.0562 1940  dmio            (7c824cf7bbde77d95c08005717a95f6f) D:\windows\system32\drivers\dmio.sys
14:24:22.0734 1940  dmio - ok
14:24:22.0765 1940  dmload          (e9317282a63ca4d188c0df5e09c6ac5f) D:\windows\system32\drivers\dmload.sys
14:24:22.0906 1940  dmload - ok
14:24:22.0921 1940  dmserver        (57edec2e5f59f0335e92f35184bc8631) D:\windows\System32\dmserver.dll
14:24:23.0015 1940  dmserver - ok
14:24:23.0031 1940  DMusic          (8a208dfcf89792a484e76c40e5f50b45) D:\windows\system32\drivers\DMusic.sys
14:24:23.0140 1940  DMusic - ok
14:24:23.0156 1940  Dnscache        (5f7e24fa9eab896051ffb87f840730d2) D:\windows\System32\dnsrslvr.dll
14:24:23.0203 1940  Dnscache - ok
14:24:23.0234 1940  Dot3svc         (0f0f6e687e5e15579ef4da8dd6945814) D:\windows\System32\dot3svc.dll
14:24:23.0328 1940  Dot3svc - ok
14:24:23.0359 1940  drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) D:\windows\system32\drivers\drmkaud.sys
14:24:23.0468 1940  drmkaud - ok
14:24:23.0500 1940  dtsoftbus01     (687af6bb383885ff6a64071b189a7f3e) D:\windows\system32\DRIVERS\dtsoftbus01.sys
14:24:23.0546 1940  dtsoftbus01 - ok
14:24:23.0578 1940  EapHost         (2187855a7703adef0cef9ee4285182cc) D:\windows\System32\eapsvc.dll
14:24:23.0718 1940  EapHost - ok
14:24:23.0750 1940  ERSvc           (bc93b4a066477954555966d77fec9ecb) D:\windows\System32\ersvc.dll
14:24:23.0875 1940  ERSvc - ok
14:24:23.0906 1940  etdrv           (3af0ae042afe486b22644cd3fbebf2e2) D:\windows\etdrv.sys
14:24:23.0921 1940  etdrv - ok
14:24:23.0953 1940  Eventlog        (65df52f5b8b6e9bbd183505225c37315) D:\windows\system32\services.exe
14:24:24.0000 1940  Eventlog - ok
14:24:24.0031 1940  EventSystem     (d4991d98f2db73c60d042f1aef79efae) D:\WINDOWS\system32\es.dll
14:24:24.0093 1940  EventSystem - ok
14:24:24.0125 1940  Fastfat         (38d332a6d56af32635675f132548343e) D:\windows\system32\drivers\Fastfat.sys
14:24:24.0250 1940  Fastfat - ok
14:24:24.0296 1940  FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) D:\windows\System32\shsvcs.dll
14:24:24.0343 1940  FastUserSwitchingCompatibility - ok
14:24:24.0375 1940  Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) D:\windows\system32\DRIVERS\fdc.sys
14:24:24.0500 1940  Fdc - ok
14:24:24.0515 1940  Fips            (d45926117eb9fa946a6af572fbe1caa3) D:\windows\system32\drivers\Fips.sys
14:24:24.0625 1940  Fips - ok
14:24:24.0640 1940  Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) D:\windows\system32\DRIVERS\flpydisk.sys
14:24:24.0781 1940  Flpydisk - ok
14:24:24.0812 1940  FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) D:\windows\system32\drivers\fltmgr.sys
14:24:24.0937 1940  FltMgr - ok
14:24:25.0046 1940  FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) d:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:24:25.0078 1940  FontCache3.0.0.0 - ok
14:24:25.0093 1940  Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) D:\windows\system32\drivers\Fs_Rec.sys
14:24:25.0218 1940  Fs_Rec - ok
14:24:25.0234 1940  Ftdisk          (6ac26732762483366c3969c9e4d2259d) D:\windows\system32\DRIVERS\ftdisk.sys
14:24:25.0359 1940  Ftdisk - ok
14:24:25.0390 1940  gdrv            (d556cb79967e92b5cc69686d16c1d846) D:\windows\gdrv.sys
14:24:25.0421 1940  gdrv - ok
14:24:25.0453 1940  Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) D:\windows\system32\DRIVERS\msgpc.sys
14:24:25.0593 1940  Gpc - ok
14:24:25.0625 1940  GVTDrv          (689a8eef2a2d62b28a0a578a6196531c) D:\windows\system32\Drivers\GVTDrv.sys
14:24:25.0640 1940  GVTDrv - ok
14:24:25.0671 1940  hamachi         (833051c6c6c42117191935f734cfbd97) D:\windows\system32\DRIVERS\hamachi.sys
14:24:25.0687 1940  hamachi - ok
14:24:25.0843 1940  Hamachi2Svc     (f31d7f8a7699575dbb3b3a3ab4aa6216) D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
14:24:25.0968 1940  Hamachi2Svc - ok
14:24:26.0015 1940  HDAudBus        (573c7d0a32852b48f3058cfd8026f511) D:\windows\system32\DRIVERS\HDAudBus.sys
14:24:26.0140 1940  HDAudBus - ok
14:24:26.0187 1940  helpsvc         (4fcca060dfe0c51a09dd5c3843888bcd) D:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:24:26.0296 1940  helpsvc - ok
14:24:26.0328 1940  HidServ         (deb04da35cc871b6d309b77e1443c796) D:\windows\System32\hidserv.dll
14:24:26.0421 1940  HidServ - ok
14:24:26.0453 1940  hidusb          (ccf82c5ec8a7326c3066de870c06daf1) D:\windows\system32\DRIVERS\hidusb.sys
14:24:26.0562 1940  hidusb - ok
14:24:26.0609 1940  hkmsvc          (8878bd685e490239777bfe51320b88e9) D:\windows\System32\kmsvc.dll
14:24:26.0781 1940  hkmsvc - ok
14:24:26.0828 1940  HTTP            (f80a415ef82cd06ffaf0d971528ead38) D:\windows\system32\Drivers\HTTP.sys
14:24:26.0875 1940  HTTP - ok
14:24:26.0890 1940  HTTPFilter      (6100a808600f44d999cebdef8841c7a3) D:\windows\System32\w3ssl.dll
14:24:27.0031 1940  HTTPFilter - ok
14:24:27.0031 1940  i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) D:\windows\system32\DRIVERS\i8042prt.sys
14:24:27.0171 1940  i8042prt - ok
14:24:27.0281 1940  IDriverT        (1cf03c69b49acb70c722df92755c0c8c) D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:24:27.0296 1940  IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:24:27.0296 1940  IDriverT - detected UnsignedFile.Multi.Generic (1)
14:24:27.0437 1940  idsvc           (c01ac32dc5c03076cfb852cb5da5229c) d:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:24:27.0515 1940  idsvc - ok
14:24:27.0546 1940  Imapi           (083a052659f5310dd8b6a6cb05edcf8e) D:\windows\system32\DRIVERS\imapi.sys
14:24:27.0781 1940  Imapi - ok
14:24:27.0812 1940  ImapiService    (30deaf54a9755bb8546168cfe8a6b5e1) D:\WINDOWS\system32\imapi.exe
14:24:28.0078 1940  ImapiService - ok
14:24:28.0125 1940  Inspect         (f89849cf13805ef49da64a8a63193af7) D:\windows\system32\DRIVERS\inspect.sys
14:24:28.0156 1940  Inspect - ok
14:24:28.0546 1940  IntcAzAudAddService (7a1d5e631fa803beb2ee85e0774d48e3) D:\windows\system32\drivers\RtkHDAud.sys
14:24:28.0953 1940  IntcAzAudAddService - ok
14:24:29.0109 1940  IntelIde - ok
14:24:29.0125 1940  Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) D:\windows\system32\drivers\ip6fw.sys
14:24:29.0250 1940  Ip6Fw - ok
14:24:29.0281 1940  IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) D:\windows\system32\DRIVERS\ipfltdrv.sys
14:24:29.0406 1940  IpFilterDriver - ok
14:24:29.0437 1940  IpInIp          (b87ab476dcf76e72010632b5550955f5) D:\windows\system32\DRIVERS\ipinip.sys
14:24:29.0546 1940  IpInIp - ok
14:24:29.0593 1940  IpNat           (cc748ea12c6effde940ee98098bf96bb) D:\windows\system32\DRIVERS\ipnat.sys
14:24:29.0750 1940  IpNat - ok
14:24:29.0765 1940  IPSec           (23c74d75e36e7158768dd63d92789a91) D:\windows\system32\DRIVERS\ipsec.sys
14:24:29.0921 1940  IPSec - ok
14:24:29.0937 1940  IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) D:\windows\system32\DRIVERS\irenum.sys
14:24:29.0984 1940  IRENUM - ok
14:24:30.0015 1940  isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) D:\windows\system32\DRIVERS\isapnp.sys
14:24:30.0140 1940  isapnp - ok
14:24:30.0281 1940  JavaQuickStarterService (0a5709543986843d37a92290b7838340) D:\Program Files\Java\jre6\bin\jqs.exe
14:24:30.0312 1940  JavaQuickStarterService - ok
14:24:30.0328 1940  Kbdclass        (463c1ec80cd17420a542b7f36a36f128) D:\windows\system32\DRIVERS\kbdclass.sys
14:24:30.0437 1940  Kbdclass - ok
14:24:30.0453 1940  kbdhid          (9ef487a186dea361aa06913a75b3fa99) D:\windows\system32\DRIVERS\kbdhid.sys
14:24:30.0562 1940  kbdhid - ok
14:24:30.0593 1940  kmixer          (692bcf44383d056aed41b045a323d378) D:\windows\system32\drivers\kmixer.sys
14:24:30.0781 1940  kmixer - ok
14:24:30.0812 1940  KSecDD          (b467646c54cc746128904e1654c750c1) D:\windows\system32\drivers\KSecDD.sys
14:24:30.0859 1940  KSecDD - ok
14:24:30.0890 1940  lanmanserver    (3a7c3cbe5d96b8ae96ce81f0b22fb527) D:\windows\System32\srvsvc.dll
14:24:30.0953 1940  lanmanserver - ok
14:24:31.0000 1940  lanmanworkstation (a8888a5327621856c0cec4e385f69309) D:\windows\System32\wkssvc.dll
14:24:31.0031 1940  lanmanworkstation - ok
14:24:31.0046 1940  lbrtfdc - ok
14:24:31.0062 1940  lirsgt          (8ccf9ed46d52af1375875f74a91ffacf) D:\windows\system32\DRIVERS\lirsgt.sys
14:24:31.0078 1940  lirsgt - ok
14:24:31.0109 1940  LmHosts         (a7db739ae99a796d91580147e919cc59) D:\windows\System32\lmhsvc.dll
14:24:31.0218 1940  LmHosts - ok
14:24:31.0281 1940  McciCMService   (f8b823414a22dbf3bec10dcaa5f93cd8) D:\Program Files\Common Files\Motive\McciCMService.exe
14:24:31.0312 1940  McciCMService ( UnsignedFile.Multi.Generic ) - warning
14:24:31.0312 1940  McciCMService - detected UnsignedFile.Multi.Generic (1)
14:24:31.0343 1940  Messenger       (986b1ff5814366d71e0ac5755c88f2d3) D:\windows\System32\msgsvc.dll
14:24:31.0453 1940  Messenger - ok
14:24:31.0484 1940  Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) D:\windows\system32\drivers\Modem.sys
14:24:31.0578 1940  Modem - ok
14:24:31.0718 1940  Monfilt         (c7d9f9717916b34c1b00dd4834af485c) D:\windows\system32\drivers\Monfilt.sys
14:24:31.0828 1940  Monfilt - ok
14:24:31.0875 1940  Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) D:\windows\system32\DRIVERS\mouclass.sys
14:24:32.0015 1940  Mouclass - ok
14:24:32.0031 1940  mouhid          (b1c303e17fb9d46e87a98e4ba6769685) D:\windows\system32\DRIVERS\mouhid.sys
14:24:32.0187 1940  mouhid - ok
14:24:32.0203 1940  MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) D:\windows\system32\drivers\MountMgr.sys
14:24:32.0312 1940  MountMgr - ok
14:24:32.0390 1940  MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:24:32.0421 1940  MozillaMaintenance - ok
14:24:32.0500 1940  MREMP50         (9bd4dcb5412921864a7aacdedfbd1923) D:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
14:24:32.0531 1940  MREMP50 ( UnsignedFile.Multi.Generic ) - warning
14:24:32.0531 1940  MREMP50 - detected UnsignedFile.Multi.Generic (1)
14:24:32.0531 1940  MREMPR5 - ok
14:24:32.0531 1940  MRENDIS5 - ok
14:24:32.0562 1940  MRESP50         (07c02c892e8e1a72d6bf35004f0e9c5e) D:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
14:24:32.0593 1940  MRESP50 ( UnsignedFile.Multi.Generic ) - warning
14:24:32.0593 1940  MRESP50 - detected UnsignedFile.Multi.Generic (1)
14:24:32.0609 1940  MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) D:\windows\system32\DRIVERS\mrxdav.sys
14:24:32.0765 1940  MRxDAV - ok
14:24:32.0828 1940  MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) D:\windows\system32\DRIVERS\mrxsmb.sys
14:24:32.0890 1940  MRxSmb - ok
14:24:32.0906 1940  MSDTC           (a137f1470499a205abbb9aafb3b6f2b1) D:\WINDOWS\system32\msdtc.exe
14:24:33.0046 1940  MSDTC - ok
14:24:33.0078 1940  Msfs            (c941ea2454ba8350021d774daf0f1027) D:\windows\system32\drivers\Msfs.sys
14:24:33.0218 1940  Msfs - ok
14:24:33.0218 1940  MSIServer - ok
14:24:33.0234 1940  MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) D:\windows\system32\drivers\MSKSSRV.sys
14:24:33.0359 1940  MSKSSRV - ok
14:24:33.0375 1940  MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) D:\windows\system32\drivers\MSPCLOCK.sys
14:24:33.0484 1940  MSPCLOCK - ok
14:24:33.0515 1940  MSPQM           (bad59648ba099da4a17680b39730cb3d) D:\windows\system32\drivers\MSPQM.sys
14:24:33.0640 1940  MSPQM - ok
14:24:33.0671 1940  mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) D:\windows\system32\DRIVERS\mssmbios.sys
14:24:33.0796 1940  mssmbios - ok
14:24:33.0828 1940  Mup             (de6a75f5c270e756c5508d94b6cf68f5) D:\windows\system32\drivers\Mup.sys
14:24:33.0875 1940  Mup - ok
14:24:33.0906 1940  napagent        (0102140028fad045756796e1c685d695) D:\windows\System32\qagentrt.dll
14:24:34.0062 1940  napagent - ok
14:24:34.0093 1940  NDIS            (1df7f42665c94b825322fae71721130d) D:\windows\system32\drivers\NDIS.sys
14:24:34.0218 1940  NDIS - ok
14:24:34.0250 1940  NdisTapi        (0109c4f3850dfbab279542515386ae22) D:\windows\system32\DRIVERS\ndistapi.sys
14:24:34.0281 1940  NdisTapi - ok
14:24:34.0312 1940  Ndisuio         (f927a4434c5028758a842943ef1a3849) D:\windows\system32\DRIVERS\ndisuio.sys
14:24:34.0437 1940  Ndisuio - ok
14:24:34.0453 1940  NdisWan         (edc1531a49c80614b2cfda43ca8659ab) D:\windows\system32\DRIVERS\ndiswan.sys
14:24:34.0625 1940  NdisWan - ok
14:24:34.0656 1940  NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) D:\windows\system32\drivers\NDProxy.sys
14:24:34.0703 1940  NDProxy - ok
14:24:34.0734 1940  Neo_VPN         (78a1eacf8da011715f7e0b3536f9845c) D:\windows\system32\DRIVERS\Neo_0029.sys
14:24:34.0765 1940  Neo_VPN - ok
14:24:34.0781 1940  NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) D:\windows\system32\DRIVERS\netbios.sys
14:24:34.0906 1940  NetBIOS - ok
14:24:34.0953 1940  NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) D:\windows\system32\DRIVERS\netbt.sys
14:24:35.0078 1940  NetBT - ok
14:24:35.0109 1940  NetDDE          (b857ba82860d7ff85ae29b095645563b) D:\windows\system32\netdde.exe
14:24:35.0250 1940  NetDDE - ok
14:24:35.0250 1940  NetDDEdsdm      (b857ba82860d7ff85ae29b095645563b) D:\windows\system32\netdde.exe
14:24:35.0375 1940  NetDDEdsdm - ok
14:24:35.0406 1940  Netlogon        (bf2466b3e18e970d8a976fb95fc1ca85) D:\windows\system32\lsass.exe
14:24:35.0531 1940  Netlogon - ok
14:24:35.0578 1940  Netman          (13e67b55b3abd7bf3fe7aae5a0f9a9de) D:\windows\System32\netman.dll
14:24:35.0765 1940  Netman - ok
14:24:35.0859 1940  NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) d:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:24:35.0875 1940  NetTcpPortSharing - ok
14:24:35.0921 1940  Nla             (943337d786a56729263071623bbb9de5) D:\windows\System32\mswsock.dll
14:24:35.0953 1940  Nla - ok
14:24:35.0968 1940  Npfs            (3182d64ae053d6fb034f44b6def8034a) D:\windows\system32\drivers\Npfs.sys
14:24:36.0109 1940  Npfs - ok
14:24:36.0171 1940  Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) D:\windows\system32\drivers\Ntfs.sys
14:24:36.0296 1940  Ntfs - ok
14:24:36.0296 1940  NtLmSsp         (bf2466b3e18e970d8a976fb95fc1ca85) D:\windows\system32\lsass.exe
14:24:36.0406 1940  NtLmSsp - ok
14:24:36.0468 1940  NtmsSvc         (156f64a3345bd23c600655fb4d10bc08) D:\windows\system32\ntmssvc.dll
14:24:36.0609 1940  NtmsSvc - ok
14:24:36.0656 1940  NuidFltr        (cf7e041663119e09d2e118521ada9300) D:\windows\system32\DRIVERS\NuidFltr.sys
14:24:36.0671 1940  NuidFltr - ok
14:24:36.0703 1940  Null            (73c1e1f395918bc2c6dd67af7591a3ad) D:\windows\system32\drivers\Null.sys
14:24:36.0812 1940  Null - ok
14:24:36.0812 1940  NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) D:\windows\system32\DRIVERS\nwlnkflt.sys
14:24:36.0937 1940  NwlnkFlt - ok
14:24:36.0937 1940  NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) D:\windows\system32\DRIVERS\nwlnkfwd.sys
14:24:37.0031 1940  NwlnkFwd - ok
14:24:37.0140 1940  ose             (9d10f99a6712e28f8acd5641e3a7ea6b) D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:24:37.0171 1940  ose - ok
14:24:37.0187 1940  Parport         (5575faf8f97ce5e713d108c2a58d7c7c) D:\windows\system32\DRIVERS\parport.sys
14:24:37.0312 1940  Parport - ok
14:24:37.0328 1940  PartMgr         (beb3ba25197665d82ec7065b724171c6) D:\windows\system32\drivers\PartMgr.sys
14:24:37.0468 1940  PartMgr - ok
14:24:37.0484 1940  ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) D:\windows\system32\drivers\ParVdm.sys
14:24:37.0593 1940  ParVdm - ok
14:24:37.0640 1940  PCI             (a219903ccf74233761d92bef471a07b1) D:\windows\system32\DRIVERS\pci.sys
14:24:37.0750 1940  PCI - ok
14:24:37.0765 1940  PCIDump - ok
14:24:37.0781 1940  PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) D:\windows\system32\DRIVERS\pciide.sys
14:24:37.0890 1940  PCIIde - ok
14:24:37.0906 1940  Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) D:\windows\system32\drivers\Pcmcia.sys
14:24:38.0015 1940  Pcmcia - ok
14:24:38.0015 1940  PDCOMP - ok
14:24:38.0031 1940  PDFRAME - ok
14:24:38.0031 1940  PDRELI - ok
14:24:38.0031 1940  PDRFRAME - ok
14:24:38.0078 1940  PlugPlay        (65df52f5b8b6e9bbd183505225c37315) D:\windows\system32\services.exe
14:24:38.0093 1940  PlugPlay - ok
14:24:38.0109 1940  PolicyAgent     (bf2466b3e18e970d8a976fb95fc1ca85) D:\windows\system32\lsass.exe
14:24:38.0203 1940  PolicyAgent - ok
14:24:38.0234 1940  PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) D:\windows\system32\DRIVERS\raspptp.sys
14:24:38.0390 1940  PptpMiniport - ok
14:24:38.0406 1940  Processor       (a32bebaf723557681bfc6bd93e98bd26) D:\windows\system32\DRIVERS\processr.sys
14:24:38.0515 1940  Processor - ok
14:24:38.0515 1940  ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) D:\windows\system32\lsass.exe
14:24:38.0640 1940  ProtectedStorage - ok
14:24:38.0656 1940  PSched          (09298ec810b07e5d582cb3a3f9255424) D:\windows\system32\DRIVERS\psched.sys
14:24:38.0796 1940  PSched - ok
14:24:38.0812 1940  Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) D:\windows\system32\DRIVERS\ptilink.sys
14:24:38.0937 1940  Ptilink - ok
14:24:38.0937 1940  RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) D:\windows\system32\DRIVERS\rasacd.sys
14:24:39.0031 1940  RasAcd - ok
14:24:39.0062 1940  RasAuto         (ad188be7bdf94e8df4ca0a55c00a5073) D:\windows\System32\rasauto.dll
14:24:39.0187 1940  RasAuto - ok
14:24:39.0203 1940  Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) D:\windows\system32\DRIVERS\rasl2tp.sys
14:24:39.0296 1940  Rasl2tp - ok
14:24:39.0328 1940  RasMan          (76a9a3cbeadd68cc57cda5e1d7448235) D:\windows\System32\rasmans.dll
14:24:39.0468 1940  RasMan - ok
14:24:39.0484 1940  RasPppoe        (5bc962f2654137c9909c3d4603587dee) D:\windows\system32\DRIVERS\raspppoe.sys
14:24:39.0593 1940  RasPppoe - ok
14:24:39.0593 1940  Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) D:\windows\system32\DRIVERS\raspti.sys
14:24:39.0718 1940  Raspti - ok
14:24:39.0750 1940  Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) D:\windows\system32\DRIVERS\rdbss.sys
14:24:39.0890 1940  Rdbss - ok
14:24:39.0890 1940  RDPCDD          (4912d5b403614ce99c28420f75353332) D:\windows\system32\DRIVERS\RDPCDD.sys
14:24:40.0000 1940  RDPCDD - ok
14:24:40.0046 1940  RDPWD           (6589db6e5969f8eee594cf71171c5028) D:\windows\system32\drivers\RDPWD.sys
14:24:40.0125 1940  RDPWD - ok
14:24:40.0171 1940  RDSessMgr       (3c37bf86641bda977c3bf8a840f3b7fa) D:\WINDOWS\system32\sessmgr.exe
14:24:40.0296 1940  RDSessMgr - ok
14:24:40.0328 1940  redbook         (f828dd7e1419b6653894a8f97a0094c5) D:\windows\system32\DRIVERS\redbook.sys
14:24:40.0453 1940  redbook - ok
14:24:40.0484 1940  RemoteAccess    (7e699ff5f59b5d9de5390e3c34c67cf5) D:\windows\System32\mprdim.dll
14:24:40.0609 1940  RemoteAccess - ok
14:24:40.0640 1940  RpcLocator      (aaed593f84afa419bbae8572af87cf6a) D:\windows\system32\locator.exe
14:24:40.0781 1940  RpcLocator - ok
14:24:40.0828 1940  RpcSs           (6b27a5c03dfb94b4245739065431322c) D:\windows\system32\rpcss.dll
14:24:40.0875 1940  RpcSs - ok
14:24:40.0906 1940  RSVP            (471b3f9741d762abe75e9deea4787e47) D:\windows\system32\rsvp.exe
14:24:41.0046 1940  RSVP - ok
14:24:41.0078 1940  RTLE8023xp      (1323ba3ca4e8d863eb00cd81c0aaf356) D:\windows\system32\DRIVERS\Rtenicxp.sys
14:24:41.0109 1940  RTLE8023xp - ok
14:24:41.0140 1940  SamSs           (bf2466b3e18e970d8a976fb95fc1ca85) D:\windows\system32\lsass.exe
14:24:41.0265 1940  SamSs - ok
14:24:41.0281 1940  SCardSvr        (86d007e7a654b9a71d1d7d856b104353) D:\windows\System32\SCardSvr.exe
14:24:41.0421 1940  SCardSvr - ok
14:24:41.0453 1940  Schedule        (0a9a7365a1ca4319aa7c1d6cd8e4eafa) D:\windows\system32\schedsvc.dll
14:24:41.0593 1940  Schedule - ok
14:24:41.0625 1940  Secdrv          (90a3935d05b494a5a39d37e71f09a677) D:\windows\system32\DRIVERS\secdrv.sys
14:24:41.0703 1940  Secdrv - ok
14:24:41.0718 1940  seclogon        (cbe612e2bb6a10e3563336191eda1250) D:\windows\System32\seclogon.dll
14:24:41.0843 1940  seclogon - ok
14:24:41.0875 1940  SENS            (7fdd5d0684eca8c1f68b4d99d124dcd0) D:\windows\system32\sens.dll
14:24:42.0000 1940  SENS - ok
14:24:42.0031 1940  serenum         (0f29512ccd6bead730039fb4bd2c85ce) D:\windows\system32\DRIVERS\serenum.sys
14:24:42.0156 1940  serenum - ok
14:24:42.0171 1940  Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) D:\windows\system32\DRIVERS\serial.sys
14:24:42.0296 1940  Serial - ok
14:24:42.0328 1940  Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) D:\windows\system32\drivers\Sfloppy.sys
14:24:42.0468 1940  Sfloppy - ok
14:24:42.0515 1940  ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) D:\windows\System32\shsvcs.dll
14:24:42.0546 1940  ShellHWDetection - ok
14:24:42.0546 1940  Simbad - ok
14:24:42.0593 1940  splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) D:\windows\system32\drivers\splitter.sys
14:24:42.0718 1940  splitter - ok
14:24:42.0750 1940  sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) D:\windows\system32\DRIVERS\sr.sys
14:24:42.0812 1940  sr - ok
14:24:42.0843 1940  srservice       (3805df0ac4296a34ba4bf93b346cc378) D:\WINDOWS\system32\srsvc.dll
14:24:42.0921 1940  srservice - ok
14:24:42.0968 1940  Srv             (47ddfc2f003f7f9f0592c6874962a2e7) D:\windows\system32\DRIVERS\srv.sys
14:24:43.0031 1940  Srv - ok
14:24:43.0062 1940  SSDPSRV         (0a5679b3714edab99e357057ee88fca6) D:\windows\System32\ssdpsrv.dll
14:24:43.0140 1940  SSDPSRV - ok
14:24:43.0203 1940  Steam Client Service - ok
14:24:43.0250 1940  stisvc          (8bad69cbac032d4bbacfce0306174c30) D:\windows\system32\wiaservc.dll
14:24:43.0437 1940  stisvc - ok
14:24:43.0468 1940  swenum          (3941d127aef12e93addf6fe6ee027e0f) D:\windows\system32\DRIVERS\swenum.sys
14:24:43.0578 1940  swenum - ok
14:24:43.0625 1940  swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) D:\windows\system32\drivers\swmidi.sys
14:24:43.0734 1940  swmidi - ok
14:24:43.0750 1940  SwPrv - ok
14:24:43.0765 1940  sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) D:\windows\system32\drivers\sysaudio.sys
14:24:43.0875 1940  sysaudio - ok
14:24:43.0906 1940  SysmonLog       (c7abbc59b43274b1109df6b24d617051) D:\windows\system32\smlogsvc.exe
14:24:44.0031 1940  SysmonLog - ok
14:24:44.0062 1940  TapiSrv         (3cb78c17bb664637787c9a1c98f79c38) D:\windows\System32\tapisrv.dll
14:24:44.0187 1940  TapiSrv - ok
14:24:44.0250 1940  Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) D:\windows\system32\DRIVERS\tcpip.sys
14:24:44.0281 1940  Tcpip - ok
14:24:44.0312 1940  TDPIPE          (6471a66807f5e104e4885f5b67349397) D:\windows\system32\drivers\TDPIPE.sys
14:24:44.0437 1940  TDPIPE - ok
14:24:44.0453 1940  TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) D:\windows\system32\drivers\TDTCP.sys
14:24:44.0578 1940  TDTCP - ok
14:24:44.0625 1940  TermDD          (88155247177638048422893737429d9e) D:\windows\system32\DRIVERS\termdd.sys
14:24:44.0734 1940  TermDD - ok
14:24:44.0781 1940  TermService     (ff3477c03be7201c294c35f684b3479f) D:\windows\System32\termsrv.dll
14:24:44.0890 1940  TermService - ok
14:24:44.0921 1940  Themes          (99bc0b50f511924348be19c7c7313bbf) D:\windows\System32\shsvcs.dll
14:24:44.0953 1940  Themes - ok
14:24:44.0953 1940  TosIde - ok
14:24:44.0984 1940  TrkWks          (55bca12f7f523d35ca3cb833c725f54e) D:\windows\system32\trkwks.dll
14:24:45.0093 1940  TrkWks - ok
14:24:45.0359 1940  TunngleService  (4a531079746d39026d975d3b02f7e452) D:\Program Files\Tunngle\TnglCtrl.exe
14:24:45.0453 1940  TunngleService - ok
14:24:45.0484 1940  Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) D:\windows\system32\drivers\Udfs.sys
14:24:45.0609 1940  Udfs - ok
14:24:45.0703 1940  UMWdf           (ab0a7ca90d9e3d6a193905dc1715ded0) D:\windows\system32\wdfmgr.exe
14:24:45.0796 1940  UMWdf - ok
14:24:45.0875 1940  Update          (402ddc88356b1bac0ee3dd1580c76a31) D:\windows\system32\DRIVERS\update.sys
14:24:46.0015 1940  Update - ok
14:24:46.0062 1940  upnphost        (1ebafeb9a3fbdc41b8d9c7f0f687ad91) D:\windows\System32\upnphost.dll
14:24:46.0125 1940  upnphost - ok
14:24:46.0140 1940  UPS             (05365fb38fca1e98f7a566aaaf5d1815) D:\windows\System32\ups.exe
14:24:46.0281 1940  UPS - ok
14:24:46.0312 1940  usbccgp         (173f317ce0db8e21322e71b7e60a27e8) D:\windows\system32\DRIVERS\usbccgp.sys
14:24:46.0484 1940  usbccgp - ok
14:24:46.0531 1940  usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) D:\windows\system32\DRIVERS\usbehci.sys
14:24:46.0656 1940  usbehci - ok
14:24:46.0687 1940  usbfilter       (e5b14557793164db879ee56f5b59c3e2) D:\windows\system32\DRIVERS\usbfilter.sys
14:24:46.0703 1940  usbfilter - ok
14:24:46.0734 1940  usbhub          (1ab3cdde553b6e064d2e754efe20285c) D:\windows\system32\DRIVERS\usbhub.sys
14:24:46.0843 1940  usbhub - ok
14:24:46.0875 1940  usbohci         (0daecce65366ea32b162f85f07c6753b) D:\windows\system32\DRIVERS\usbohci.sys
14:24:47.0000 1940  usbohci - ok
14:24:47.0031 1940  USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) D:\windows\system32\DRIVERS\USBSTOR.SYS
14:24:47.0156 1940  USBSTOR - ok
14:24:47.0171 1940  VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) D:\windows\System32\drivers\vga.sys
14:24:47.0281 1940  VgaSave - ok
14:24:47.0296 1940  ViaIde - ok
14:24:47.0328 1940  VolSnap         (4c8fcb5cc53aab716d810740fe59d025) D:\windows\system32\drivers\VolSnap.sys
14:24:47.0453 1940  VolSnap - ok
14:24:47.0796 1940  VSS             (7a9db3a67c333bf0bd42e42b8596854b) D:\windows\System32\vssvc.exe
14:24:47.0890 1940  VSS - ok
14:24:48.0015 1940  W32Time         (54af4b1d5459500ef0937f6d33b1914f) D:\WINDOWS\system32\w32time.dll
14:24:48.0140 1940  W32Time - ok
14:24:48.0234 1940  Wanarp          (e20b95baedb550f32dd489265c1da1f6) D:\windows\system32\DRIVERS\wanarp.sys
14:24:48.0328 1940  Wanarp - ok
14:24:48.0375 1940  Wdf01000        (fd47474bd21794508af449d9d91af6e6) D:\windows\system32\DRIVERS\Wdf01000.sys
14:24:48.0406 1940  Wdf01000 - ok
14:24:48.0421 1940  WDICA - ok
14:24:48.0437 1940  wdmaud          (6768acf64b18196494413695f0c3a00f) D:\windows\system32\drivers\wdmaud.sys
14:24:48.0531 1940  wdmaud - ok
14:24:48.0578 1940  WebClient       (77a354e28153ad2d5e120a5a8687bc06) D:\windows\System32\webclnt.dll
14:24:48.0687 1940  WebClient - ok
14:24:48.0734 1940  winmgmt         (2d0e4ed081963804ccc196a0929275b5) D:\windows\system32\wbem\WMIsvc.dll
14:24:48.0828 1940  winmgmt - ok
14:24:49.0000 1940  wlidsvc         (5144ae67d60ec653f97ddf3feed29e77) d:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:24:49.0109 1940  wlidsvc - ok
14:24:49.0296 1940  WmdmPmSN        (140ef97b64f560fd78643cae2cdad838) D:\windows\system32\MsPMSNSv.dll
14:24:49.0343 1940  WmdmPmSN - ok
14:24:49.0406 1940  WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) D:\windows\system32\DRIVERS\wmiacpi.sys
14:24:49.0500 1940  WmiAcpi - ok
14:24:49.0531 1940  WmiApSrv        (e0673f1106e62a68d2257e376079f821) D:\WINDOWS\system32\wbem\wmiapsrv.exe
14:24:49.0796 1940  WmiApSrv - ok
14:24:49.0953 1940  WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) D:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:24:49.0984 1940  WPFFontCache_v0400 - ok
14:24:50.0015 1940  wuauserv        (35321fb577cdc98ce3eb3a3eb9e4610a) D:\windows\system32\wuauserv.dll
14:24:50.0125 1940  wuauserv - ok
14:24:50.0187 1940  WZCSVC          (81dc3f549f44b1c1fff022dec9ecf30b) D:\windows\System32\wzcsvc.dll
14:24:50.0328 1940  WZCSVC - ok
14:24:50.0375 1940  xmlprov         (295d21f14c335b53cb8154e5b1f892b9) D:\windows\System32\xmlprov.dll
14:24:50.0484 1940  xmlprov - ok
14:24:50.0515 1940  MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:24:50.0906 1940  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:24:50.0906 1940  \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:24:50.0906 1940  Boot (0x1200)   (15290f23ca57d4e8bc29020059344879) \Device\Harddisk0\DR0\Partition0
14:24:50.0906 1940  \Device\Harddisk0\DR0\Partition0 - ok
14:24:50.0906 1940  ============================================================
14:24:50.0906 1940  Scan finished
14:24:50.0906 1940  ============================================================
14:24:51.0015 2528  Detected object count: 7
14:24:51.0015 2528  Actual detected object count: 7
14:25:33.0750 2528  AODDriver ( UnsignedFile.Multi.Generic ) - skipped by user
14:25:33.0750 2528  AODDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:25:33.0750 2528  Apache2.2 ( UnsignedFile.Multi.Generic ) - skipped by user
14:25:33.0750 2528  Apache2.2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:25:33.0750 2528  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:25:33.0750 2528  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:25:33.0750 2528  McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
14:25:33.0750 2528  McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:25:33.0750 2528  MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
14:25:33.0750 2528  MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:25:33.0765 2528  MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
14:25:33.0765 2528  MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:25:33.0765 2528  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:25:33.0765 2528  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Sabre2th 0 Newbie Poster · Answer 4 · 2012-07-18T19:06:44+00:00

Hi gerbil, thanks again for the help. Looks like we are getting closer however symptoms remain.
Immediately after TDSSKiller deleted the hd0\DR0 entry Avast was able to find and quarantine an Alureon infected file. Cannot find any further information in avast!.

TDSSKiller

18:54:32.0484 1084  TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
18:54:34.0484 1084  ============================================================
18:54:34.0484 1084  Current date / time: 2012/07/18 18:54:34.0484
18:54:34.0484 1084  SystemInfo:
18:54:34.0484 1084  
18:54:34.0484 1084  OS Version: 5.1.2600 ServicePack: 3.0
18:54:34.0484 1084  Product type: Workstation
18:54:34.0484 1084  ComputerName: SUFFICIENT
18:54:34.0484 1084  UserName: Sabre2th
18:54:34.0484 1084  Windows directory: D:\windows
18:54:34.0484 1084  System windows directory: D:\windows
18:54:34.0484 1084  Processor architecture: Intel x86
18:54:34.0484 1084  Number of processors: 2
18:54:34.0484 1084  Page size: 0x1000
18:54:34.0484 1084  Boot type: Normal boot
18:54:34.0484 1084  ============================================================
18:54:36.0687 1084  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:54:36.0718 1084  Drive \Device\Harddisk1\DR8 - Size: 0xF0D89000 (3.76 Gb), SectorSize: 0x200, Cylinders: 0x1EB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:54:36.0718 1084  ============================================================
18:54:36.0718 1084  \Device\Harddisk0\DR0:
18:54:36.0734 1084  MBR partitions:
18:54:36.0734 1084  \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
18:54:36.0734 1084  \Device\Harddisk1\DR8:
18:54:36.0734 1084  MBR partitions:
18:54:36.0734 1084  ============================================================
18:54:36.0859 1084  D: <-> \Device\Harddisk0\DR0\Partition0
18:54:36.0875 1084  ============================================================
18:54:36.0875 1084  Initialize success
18:54:36.0875 1084  ============================================================
18:54:47.0062 3900  ============================================================
18:54:47.0062 3900  Scan started
18:54:47.0062 3900  Mode: Manual; 
18:54:47.0062 3900  ============================================================
18:54:47.0390 3900  Aavmker4        (0b27ae82c113d3687024d18459440426) D:\windows\system32\drivers\Aavmker4.sys
18:54:47.0406 3900  Aavmker4 - ok
18:54:47.0406 3900  Abiosdsk - ok
18:54:47.0437 3900  ACPI            (8fd99680a539792a30e97944fdaecf17) D:\windows\system32\DRIVERS\ACPI.sys
18:54:47.0453 3900  ACPI - ok
18:54:47.0484 3900  ACPIEC          (9859c0f6936e723e4892d7141b1327d5) D:\windows\system32\drivers\ACPIEC.sys
18:54:47.0484 3900  ACPIEC - ok
18:54:47.0546 3900  AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) D:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:54:47.0562 3900  AdobeFlashPlayerUpdateSvc - ok
18:54:47.0578 3900  aec             (8bed39e3c35d6a489438b8141717a557) D:\windows\system32\drivers\aec.sys
18:54:47.0593 3900  aec - ok
18:54:47.0640 3900  AFD             (1e44bc1e83d8fd2305f8d452db109cf9) D:\windows\System32\drivers\afd.sys
18:54:47.0640 3900  AFD - ok
18:54:47.0687 3900  Alerter         (a9a3daa780ca6c9671a19d52456705b4) D:\windows\system32\alrsvc.dll
18:54:47.0687 3900  Alerter - ok
18:54:47.0703 3900  ALG             (8c515081584a38aa007909cd02020b3d) D:\windows\System32\alg.exe
18:54:47.0703 3900  ALG - ok
18:54:47.0703 3900  AliIde - ok
18:54:47.0812 3900  ALSysIO - ok
18:54:47.0937 3900  Ambfilt         (267fc636801edc5ab28e14036349e3be) D:\windows\system32\drivers\Ambfilt.sys
18:54:47.0984 3900  Ambfilt - ok
18:54:48.0156 3900  AmdLLD          (ad8fa28d8ed0d0a689a0559085ce0f18) D:\windows\system32\DRIVERS\AmdLLD.sys
18:54:48.0156 3900  AmdLLD - ok
18:54:48.0171 3900  AmdPPM          (033448d435e65c4bd72e70521fd05c76) D:\windows\system32\DRIVERS\AmdPPM.sys
18:54:48.0171 3900  AmdPPM - ok
18:54:48.0281 3900  AODDriver       (5bd30b502168013c9ea03a5c2f1c9776) D:\Program Files\GIGABYTE\ET6\i386\AODDriver.sys
18:54:48.0312 3900  AODDriver - ok
18:54:48.0421 3900  Apache2.2       (44ceaff41ede4297f30913ddf80d17c1) D:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
18:54:48.0421 3900  Apache2.2 - ok
18:54:48.0437 3900  AppleCharger    (75a8b998eb259dd512f01ea25bec7f3b) D:\windows\system32\DRIVERS\AppleCharger.sys
18:54:48.0453 3900  AppleCharger - ok
18:54:48.0468 3900  AppleChargerSrv (95ef7247c50c7241fdae39a9b3aff4ae) D:\windows\system32\AppleChargerSrv.exe
18:54:48.0468 3900  AppleChargerSrv - ok
18:54:48.0468 3900  AppMgmt - ok
18:54:48.0578 3900  aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) D:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:54:48.0609 3900  aspnet_state - ok
18:54:48.0640 3900  aswFsBlk        (1c1f3d6dddc046c920c493a779649f66) D:\windows\system32\drivers\aswFsBlk.sys
18:54:48.0640 3900  aswFsBlk - ok
18:54:48.0687 3900  aswMon2         (9e912fe7b41650701ef2b227aca440f3) D:\windows\system32\drivers\aswMon2.sys
18:54:48.0687 3900  aswMon2 - ok
18:54:48.0703 3900  aswRdr          (982e275d1c5801042fe94209fb0160fb) D:\windows\system32\drivers\aswRdr.sys
18:54:48.0703 3900  aswRdr - ok
18:54:48.0781 3900  aswSnx          (73dbcf808e00580f2a47f93dd9b03876) D:\windows\system32\drivers\aswSnx.sys
18:54:48.0812 3900  aswSnx - ok
18:54:48.0843 3900  aswSP           (6cbd7d3a33f498d09c831cdd732da2e0) D:\windows\system32\drivers\aswSP.sys
18:54:48.0859 3900  aswSP - ok
18:54:48.0890 3900  aswTdi          (7109a9aa551f37cd168c02368465957e) D:\windows\system32\drivers\aswTdi.sys
18:54:48.0890 3900  aswTdi - ok
18:54:48.0921 3900  AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) D:\windows\system32\DRIVERS\asyncmac.sys
18:54:48.0921 3900  AsyncMac - ok
18:54:48.0937 3900  atapi           (9f3a2f5aa6875c72bf062c712cfa2674) D:\windows\system32\DRIVERS\atapi.sys
18:54:48.0937 3900  atapi - ok
18:54:48.0937 3900  Atdisk - ok
18:54:49.0000 3900  Ati HotKey Poller (c434b72352fadd9249d5541274021570) D:\windows\system32\Ati2evxx.exe
18:54:49.0031 3900  Ati HotKey Poller - ok
18:54:49.0515 3900  ati2mtag        (b4368b39a18630c3ec8d7f496f76f19b) D:\windows\system32\DRIVERS\ati2mtag.sys
18:54:49.0625 3900  ati2mtag - ok
18:54:49.0796 3900  AtiHDAudioService (bd9ca8136738040d3257363ed12be693) D:\windows\system32\drivers\AtihdXP3.sys
18:54:49.0796 3900  AtiHDAudioService - ok
18:54:49.0843 3900  atksgt          (f9c24d25d9ff29f894995a64812b4d85) D:\windows\system32\DRIVERS\atksgt.sys
18:54:49.0859 3900  atksgt - ok
18:54:49.0890 3900  Atmarpc         (9916c1225104ba14794209cfa8012159) D:\windows\system32\DRIVERS\atmarpc.sys
18:54:49.0890 3900  Atmarpc - ok
18:54:49.0921 3900  AudioSrv        (def7a7882bec100fe0b2ce2549188f9d) D:\windows\System32\audiosrv.dll
18:54:49.0921 3900  AudioSrv - ok
18:54:49.0953 3900  audstub         (d9f724aa26c010a217c97606b160ed68) D:\windows\system32\DRIVERS\audstub.sys
18:54:49.0953 3900  audstub - ok
18:54:50.0015 3900  avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:54:50.0015 3900  avast! Antivirus - ok
18:54:50.0046 3900  Beep            (da1f27d85e0d1525f6621372e7b685e9) D:\windows\system32\drivers\Beep.sys
18:54:50.0046 3900  Beep - ok
18:54:50.0078 3900  BITS            (574738f61fca2935f5265dc4e5691314) D:\windows\system32\qmgr.dll
18:54:50.0125 3900  BITS - ok
18:54:50.0156 3900  Bridge          (f934d1b230f84e1d19dd00ac5a7a83ed) D:\windows\system32\DRIVERS\bridge.sys
18:54:50.0156 3900  Bridge - ok
18:54:50.0156 3900  BridgeMP        (f934d1b230f84e1d19dd00ac5a7a83ed) D:\windows\system32\DRIVERS\bridge.sys
18:54:50.0156 3900  BridgeMP - ok
18:54:50.0187 3900  Browser         (a06ce3399d16db864f55faeb1f1927a9) D:\windows\System32\browser.dll
18:54:50.0187 3900  Browser - ok
18:54:50.0218 3900  Cdaudio         (c1b486a7658353d33a10cc15211a873b) D:\windows\system32\drivers\Cdaudio.sys
18:54:50.0218 3900  Cdaudio - ok
18:54:50.0234 3900  Cdfs            (c885b02847f5d2fd45a24e219ed93b32) D:\windows\system32\drivers\Cdfs.sys
18:54:50.0234 3900  Cdfs - ok
18:54:50.0265 3900  Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) D:\windows\system32\DRIVERS\cdrom.sys
18:54:50.0265 3900  Cdrom - ok
18:54:50.0281 3900  Changer - ok
18:54:50.0296 3900  CiSvc           (1cfe720eb8d93a7158a4ebc3ab178bde) D:\windows\system32\cisvc.exe
18:54:50.0296 3900  CiSvc - ok
18:54:50.0343 3900  ClipSrv         (34cbe729f38138217f9c80212a2a0c82) D:\windows\system32\clipsrv.exe
18:54:50.0343 3900  ClipSrv - ok
18:54:50.0421 3900  clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:54:50.0453 3900  clr_optimization_v2.0.50727_32 - ok
18:54:50.0515 3900  clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) D:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:54:50.0578 3900  clr_optimization_v4.0.30319_32 - ok
18:54:50.0687 3900  cmdAgent        (907324001ae25ac5959c91eaa34cabae) D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
18:54:50.0765 3900  cmdAgent - ok
18:54:50.0953 3900  cmdGuard        (bee235831f8e3f0baaca18b39d285cf5) D:\windows\system32\DRIVERS\cmdguard.sys
18:54:50.0968 3900  cmdGuard - ok
18:54:50.0984 3900  cmdHlp          (de548946f36cab62fec2e6aa0149a619) D:\windows\system32\DRIVERS\cmdhlp.sys
18:54:50.0984 3900  cmdHlp - ok
18:54:50.0984 3900  CmdIde - ok
18:54:50.0984 3900  COMSysApp - ok
18:54:51.0031 3900  cpuz135         (c2eb4539a4f6ab6edd01bdc191619975) D:\windows\system32\drivers\cpuz135_x32.sys
18:54:51.0031 3900  cpuz135 - ok
18:54:51.0062 3900  CryptSvc        (3d4e199942e29207970e04315d02ad3b) D:\windows\System32\cryptsvc.dll
18:54:51.0062 3900  CryptSvc - ok
18:54:51.0109 3900  DcomLaunch      (6b27a5c03dfb94b4245739065431322c) D:\windows\system32\rpcss.dll
18:54:51.0171 3900  DcomLaunch - ok
18:54:51.0203 3900  Dhcp            (5e38d7684a49cacfb752b046357e0589) D:\windows\System32\dhcpcsvc.dll
18:54:51.0218 3900  Dhcp - ok
18:54:51.0250 3900  Disk            (044452051f3e02e7963599fc8f4f3e25) D:\windows\system32\DRIVERS\disk.sys
18:54:51.0250 3900  Disk - ok
18:54:51.0250 3900  dmadmin - ok
18:54:51.0359 3900  dmboot          (d992fe1274bde0f84ad826acae022a41) D:\windows\system32\drivers\dmboot.sys
18:54:51.0375 3900  dmboot - ok
18:54:51.0406 3900  dmio            (7c824cf7bbde77d95c08005717a95f6f) D:\windows\system32\drivers\dmio.sys
18:54:51.0421 3900  dmio - ok
18:54:51.0453 3900  dmload          (e9317282a63ca4d188c0df5e09c6ac5f) D:\windows\system32\drivers\dmload.sys
18:54:51.0453 3900  dmload - ok
18:54:51.0468 3900  dmserver        (57edec2e5f59f0335e92f35184bc8631) D:\windows\System32\dmserver.dll
18:54:51.0484 3900  dmserver - ok
18:54:51.0500 3900  DMusic          (8a208dfcf89792a484e76c40e5f50b45) D:\windows\system32\drivers\DMusic.sys
18:54:51.0515 3900  DMusic - ok
18:54:51.0546 3900  Dnscache        (5f7e24fa9eab896051ffb87f840730d2) D:\windows\System32\dnsrslvr.dll
18:54:51.0562 3900  Dnscache - ok
18:54:51.0609 3900  Dot3svc         (0f0f6e687e5e15579ef4da8dd6945814) D:\windows\System32\dot3svc.dll
18:54:51.0625 3900  Dot3svc - ok
18:54:51.0656 3900  drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) D:\windows\system32\drivers\drmkaud.sys
18:54:51.0656 3900  drmkaud - ok
18:54:51.0703 3900  dtsoftbus01     (687af6bb383885ff6a64071b189a7f3e) D:\windows\system32\DRIVERS\dtsoftbus01.sys
18:54:51.0718 3900  dtsoftbus01 - ok
18:54:51.0765 3900  EapHost         (2187855a7703adef0cef9ee4285182cc) D:\windows\System32\eapsvc.dll
18:54:51.0781 3900  EapHost - ok
18:54:51.0812 3900  ERSvc           (bc93b4a066477954555966d77fec9ecb) D:\windows\System32\ersvc.dll
18:54:51.0828 3900  ERSvc - ok
18:54:51.0875 3900  etdrv           (3af0ae042afe486b22644cd3fbebf2e2) D:\windows\etdrv.sys
18:54:51.0875 3900  etdrv - ok
18:54:51.0906 3900  Eventlog        (65df52f5b8b6e9bbd183505225c37315) D:\windows\system32\services.exe
18:54:51.0937 3900  Eventlog - ok
18:54:51.0984 3900  EventSystem     (d4991d98f2db73c60d042f1aef79efae) D:\WINDOWS\system32\es.dll
18:54:52.0000 3900  EventSystem - ok
18:54:52.0015 3900  Fastfat         (38d332a6d56af32635675f132548343e) D:\windows\system32\drivers\Fastfat.sys
18:54:52.0031 3900  Fastfat - ok
18:54:52.0062 3900  FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) D:\windows\System32\shsvcs.dll
18:54:52.0125 3900  FastUserSwitchingCompatibility - ok
18:54:52.0156 3900  Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) D:\windows\system32\DRIVERS\fdc.sys
18:54:52.0156 3900  Fdc - ok
18:54:52.0171 3900  Fips            (d45926117eb9fa946a6af572fbe1caa3) D:\windows\system32\drivers\Fips.sys
18:54:52.0171 3900  Fips - ok
18:54:52.0187 3900  Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) D:\windows\system32\DRIVERS\flpydisk.sys
18:54:52.0187 3900  Flpydisk - ok
18:54:52.0218 3900  FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) D:\windows\system32\drivers\fltmgr.sys
18:54:52.0234 3900  FltMgr - ok
18:54:52.0359 3900  FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) d:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:54:52.0375 3900  FontCache3.0.0.0 - ok
18:54:52.0406 3900  Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) D:\windows\system32\drivers\Fs_Rec.sys
18:54:52.0406 3900  Fs_Rec - ok
18:54:52.0406 3900  Ftdisk          (6ac26732762483366c3969c9e4d2259d) D:\windows\system32\DRIVERS\ftdisk.sys
18:54:52.0421 3900  Ftdisk - ok
18:54:52.0437 3900  gdrv            (d556cb79967e92b5cc69686d16c1d846) D:\windows\gdrv.sys
18:54:52.0437 3900  gdrv - ok
18:54:52.0468 3900  Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) D:\windows\system32\DRIVERS\msgpc.sys
18:54:52.0468 3900  Gpc - ok
18:54:52.0500 3900  GVTDrv          (689a8eef2a2d62b28a0a578a6196531c) D:\windows\system32\Drivers\GVTDrv.sys
18:54:52.0500 3900  GVTDrv - ok
18:54:52.0531 3900  hamachi         (833051c6c6c42117191935f734cfbd97) D:\windows\system32\DRIVERS\hamachi.sys
18:54:52.0531 3900  hamachi - ok
18:54:52.0703 3900  Hamachi2Svc     (f31d7f8a7699575dbb3b3a3ab4aa6216) D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
18:54:52.0734 3900  Hamachi2Svc - ok
18:54:52.0796 3900  HDAudBus        (573c7d0a32852b48f3058cfd8026f511) D:\windows\system32\DRIVERS\HDAudBus.sys
18:54:52.0796 3900  HDAudBus - ok
18:54:52.0859 3900  helpsvc         (4fcca060dfe0c51a09dd5c3843888bcd) D:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:54:52.0859 3900  helpsvc - ok
18:54:52.0890 3900  HidServ         (deb04da35cc871b6d309b77e1443c796) D:\windows\System32\hidserv.dll
18:54:52.0906 3900  HidServ - ok
18:54:52.0937 3900  hidusb          (ccf82c5ec8a7326c3066de870c06daf1) D:\windows\system32\DRIVERS\hidusb.sys
18:54:52.0953 3900  hidusb - ok
18:54:53.0000 3900  hkmsvc          (8878bd685e490239777bfe51320b88e9) D:\windows\System32\kmsvc.dll
18:54:53.0015 3900  hkmsvc - ok
18:54:53.0062 3900  HTTP            (f80a415ef82cd06ffaf0d971528ead38) D:\windows\system32\Drivers\HTTP.sys
18:54:53.0078 3900  HTTP - ok
18:54:53.0125 3900  HTTPFilter      (6100a808600f44d999cebdef8841c7a3) D:\windows\System32\w3ssl.dll
18:54:53.0156 3900  HTTPFilter - ok
18:54:53.0171 3900  i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) D:\windows\system32\DRIVERS\i8042prt.sys
18:54:53.0171 3900  i8042prt - ok
18:54:53.0296 3900  IDriverT        (1cf03c69b49acb70c722df92755c0c8c) D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:54:53.0296 3900  IDriverT - ok
18:54:53.0453 3900  idsvc           (c01ac32dc5c03076cfb852cb5da5229c) d:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:54:53.0515 3900  idsvc - ok
18:54:53.0531 3900  Imapi           (083a052659f5310dd8b6a6cb05edcf8e) D:\windows\system32\DRIVERS\imapi.sys
18:54:53.0531 3900  Imapi - ok
18:54:53.0578 3900  ImapiService    (30deaf54a9755bb8546168cfe8a6b5e1) D:\WINDOWS\system32\imapi.exe
18:54:53.0593 3900  ImapiService - ok
18:54:53.0656 3900  Inspect         (f89849cf13805ef49da64a8a63193af7) D:\windows\system32\DRIVERS\inspect.sys
18:54:53.0671 3900  Inspect - ok
18:54:54.0078 3900  IntcAzAudAddService (7a1d5e631fa803beb2ee85e0774d48e3) D:\windows\system32\drivers\RtkHDAud.sys
18:54:54.0187 3900  IntcAzAudAddService - ok
18:54:54.0343 3900  IntelIde - ok
18:54:54.0375 3900  Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) D:\windows\system32\drivers\ip6fw.sys
18:54:54.0375 3900  Ip6Fw - ok
18:54:54.0390 3900  IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) D:\windows\system32\DRIVERS\ipfltdrv.sys
18:54:54.0406 3900  IpFilterDriver - ok
18:54:54.0421 3900  IpInIp          (b87ab476dcf76e72010632b5550955f5) D:\windows\system32\DRIVERS\ipinip.sys
18:54:54.0437 3900  IpInIp - ok
18:54:54.0453 3900  IpNat           (cc748ea12c6effde940ee98098bf96bb) D:\windows\system32\DRIVERS\ipnat.sys
18:54:54.0468 3900  IpNat - ok
18:54:54.0484 3900  IPSec           (23c74d75e36e7158768dd63d92789a91) D:\windows\system32\DRIVERS\ipsec.sys
18:54:54.0484 3900  IPSec - ok
18:54:54.0500 3900  IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) D:\windows\system32\DRIVERS\irenum.sys
18:54:54.0500 3900  IRENUM - ok
18:54:54.0531 3900  isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) D:\windows\system32\DRIVERS\isapnp.sys
18:54:54.0531 3900  isapnp - ok
18:54:54.0671 3900  JavaQuickStarterService (0a5709543986843d37a92290b7838340) D:\Program Files\Java\jre6\bin\jqs.exe
18:54:54.0687 3900  JavaQuickStarterService - ok
18:54:54.0703 3900  Kbdclass        (463c1ec80cd17420a542b7f36a36f128) D:\windows\system32\DRIVERS\kbdclass.sys
18:54:54.0703 3900  Kbdclass - ok
18:54:54.0703 3900  kbdhid          (9ef487a186dea361aa06913a75b3fa99) D:\windows\system32\DRIVERS\kbdhid.sys
18:54:54.0718 3900  kbdhid - ok
18:54:54.0734 3900  kmixer          (692bcf44383d056aed41b045a323d378) D:\windows\system32\drivers\kmixer.sys
18:54:54.0750 3900  kmixer - ok
18:54:54.0781 3900  KSecDD          (b467646c54cc746128904e1654c750c1) D:\windows\system32\drivers\KSecDD.sys
18:54:54.0796 3900  KSecDD - ok
18:54:54.0828 3900  lanmanserver    (3a7c3cbe5d96b8ae96ce81f0b22fb527) D:\windows\System32\srvsvc.dll
18:54:54.0843 3900  lanmanserver - ok
18:54:54.0890 3900  lanmanworkstation (a8888a5327621856c0cec4e385f69309) D:\windows\System32\wkssvc.dll
18:54:54.0906 3900  lanmanworkstation - ok
18:54:54.0921 3900  lbrtfdc - ok
18:54:54.0937 3900  lirsgt          (8ccf9ed46d52af1375875f74a91ffacf) D:\windows\system32\DRIVERS\lirsgt.sys
18:54:54.0953 3900  lirsgt - ok
18:54:54.0968 3900  LmHosts         (a7db739ae99a796d91580147e919cc59) D:\windows\System32\lmhsvc.dll
18:54:54.0984 3900  LmHosts - ok
18:54:55.0062 3900  McciCMService   (f8b823414a22dbf3bec10dcaa5f93cd8) D:\Program Files\Common Files\Motive\McciCMService.exe
18:54:55.0078 3900  McciCMService - ok
18:54:55.0109 3900  Messenger       (986b1ff5814366d71e0ac5755c88f2d3) D:\windows\System32\msgsvc.dll
18:54:55.0156 3900  Messenger - ok
18:54:55.0187 3900  Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) D:\windows\system32\drivers\Modem.sys
18:54:55.0187 3900  Modem - ok
18:54:55.0296 3900  Monfilt         (c7d9f9717916b34c1b00dd4834af485c) D:\windows\system32\drivers\Monfilt.sys
18:54:55.0375 3900  Monfilt - ok
18:54:55.0437 3900  Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) D:\windows\system32\DRIVERS\mouclass.sys
18:54:55.0437 3900  Mouclass - ok
18:54:55.0468 3900  mouhid          (b1c303e17fb9d46e87a98e4ba6769685) D:\windows\system32\DRIVERS\mouhid.sys
18:54:55.0468 3900  mouhid - ok
18:54:55.0484 3900  MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) D:\windows\system32\drivers\MountMgr.sys
18:54:55.0500 3900  MountMgr - ok
18:54:55.0593 3900  MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:54:55.0609 3900  MozillaMaintenance - ok
18:54:55.0671 3900  MREMP50         (9bd4dcb5412921864a7aacdedfbd1923) D:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
18:54:55.0671 3900  MREMP50 - ok
18:54:55.0687 3900  MREMPR5 - ok
18:54:55.0687 3900  MRENDIS5 - ok
18:54:55.0734 3900  MRESP50         (07c02c892e8e1a72d6bf35004f0e9c5e) D:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
18:54:55.0734 3900  MRESP50 - ok
18:54:55.0765 3900  MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) D:\windows\system32\DRIVERS\mrxdav.sys
18:54:55.0781 3900  MRxDAV - ok
18:54:55.0843 3900  MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) D:\windows\system32\DRIVERS\mrxsmb.sys
18:54:55.0859 3900  MRxSmb - ok
18:54:55.0890 3900  MSDTC           (a137f1470499a205abbb9aafb3b6f2b1) D:\WINDOWS\system32\msdtc.exe
18:54:55.0906 3900  MSDTC - ok
18:54:55.0953 3900  Msfs            (c941ea2454ba8350021d774daf0f1027) D:\windows\system32\drivers\Msfs.sys
18:54:55.0953 3900  Msfs - ok
18:54:55.0953 3900  MSIServer - ok
18:54:55.0968 3900  MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) D:\windows\system32\drivers\MSKSSRV.sys
18:54:55.0968 3900  MSKSSRV - ok
18:54:55.0984 3900  MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) D:\windows\system32\drivers\MSPCLOCK.sys
18:54:55.0984 3900  MSPCLOCK - ok
18:54:56.0015 3900  MSPQM           (bad59648ba099da4a17680b39730cb3d) D:\windows\system32\drivers\MSPQM.sys
18:54:56.0015 3900  MSPQM - ok
18:54:56.0046 3900  mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) D:\windows\system32\DRIVERS\mssmbios.sys
18:54:56.0046 3900  mssmbios - ok
18:54:56.0093 3900  Mup             (de6a75f5c270e756c5508d94b6cf68f5) D:\windows\system32\drivers\Mup.sys
18:54:56.0093 3900  Mup - ok
18:54:56.0140 3900  napagent        (0102140028fad045756796e1c685d695) D:\windows\System32\qagentrt.dll
18:54:56.0171 3900  napagent - ok
18:54:56.0218 3900  NDIS            (1df7f42665c94b825322fae71721130d) D:\windows\system32\drivers\NDIS.sys
18:54:56.0265 3900  NDIS - ok
18:54:56.0312 3900  NdisTapi        (0109c4f3850dfbab279542515386ae22) D:\windows\system32\DRIVERS\ndistapi.sys
18:54:56.0312 3900  NdisTapi - ok
18:54:56.0343 3900  Ndisuio         (f927a4434c5028758a842943ef1a3849) D:\windows\system32\DRIVERS\ndisuio.sys
18:54:56.0343 3900  Ndisuio - ok
18:54:56.0359 3900  NdisWan         (edc1531a49c80614b2cfda43ca8659ab) D:\windows\system32\DRIVERS\ndiswan.sys
18:54:56.0375 3900  NdisWan - ok
18:54:56.0406 3900  NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) D:\windows\system32\drivers\NDProxy.sys
18:54:56.0406 3900  NDProxy - ok
18:54:56.0437 3900  Neo_VPN         (78a1eacf8da011715f7e0b3536f9845c) D:\windows\system32\DRIVERS\Neo_0029.sys
18:54:56.0437 3900  Neo_VPN - ok
18:54:56.0453 3900  NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) D:\windows\system32\DRIVERS\netbios.sys
18:54:56.0468 3900  NetBIOS - ok
18:54:56.0500 3900  NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) D:\windows\system32\DRIVERS\netbt.sys
18:54:56.0515 3900  NetBT - ok
18:54:56.0562 3900  NetDDE          (b857ba82860d7ff85ae29b095645563b) D:\windows\system32\netdde.exe
18:54:56.0578 3900  NetDDE - ok
18:54:56.0578 3900  NetDDEdsdm      (b857ba82860d7ff85ae29b095645563b) D:\windows\system32\netdde.exe
18:54:56.0593 3900  NetDDEdsdm - ok
18:54:56.0609 3900  Netlogon        (bf2466b3e18e970d8a976fb95fc1ca85) D:\windows\system32\lsass.exe
18:54:56.0625 3900  Netlogon - ok
18:54:56.0656 3900  Netman          (13e67b55b3abd7bf3fe7aae5a0f9a9de) D:\windows\System32\netman.dll
18:54:56.0671 3900  Netman - ok
18:54:56.0781 3900  NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) d:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:54:56.0796 3900  NetTcpPortSharing - ok
18:54:56.0828 3900  Nla             (943337d786a56729263071623bbb9de5) D:\windows\System32\mswsock.dll
18:54:56.0843 3900  Nla - ok
18:54:56.0859 3900  Npfs            (3182d64ae053d6fb034f44b6def8034a) D:\windows\system32\drivers\Npfs.sys
18:54:56.0875 3900  Npfs - ok
18:54:56.0937 3900  Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) D:\windows\system32\drivers\Ntfs.sys
18:54:56.0953 3900  Ntfs - ok
18:54:56.0953 3900  NtLmSsp         (bf2466b3e18e970d8a976fb95fc1ca85) D:\windows\system32\lsass.exe
18:54:56.0968 3900  NtLmSsp - ok
18:54:57.0031 3900  NtmsSvc         (156f64a3345bd23c600655fb4d10bc08) D:\windows\system32\ntmssvc.dll
18:54:57.0046 3900  NtmsSvc - ok
18:54:57.0093 3900  NuidFltr        (cf7e041663119e09d2e118521ada9300) D:\windows\system32\DRIVERS\NuidFltr.sys
18:54:57.0093 3900  NuidFltr - ok
18:54:57.0125 3900  Null            (73c1e1f395918bc2c6dd67af7591a3ad) D:\windows\system32\drivers\Null.sys
18:54:57.0125 3900  Null - ok
18:54:57.0125 3900  NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) D:\windows\system32\DRIVERS\nwlnkflt.sys
18:54:57.0125 3900  NwlnkFlt - ok
18:54:57.0140 3900  NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) D:\windows\system32\DRIVERS\nwlnkfwd.sys
18:54:57.0140 3900  NwlnkFwd - ok
18:54:57.0250 3900  ose             (9d10f99a6712e28f8acd5641e3a7ea6b) D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:54:57.0250 3900  ose - ok
18:54:57.0312 3900  Parport         (5575faf8f97ce5e713d108c2a58d7c7c) D:\windows\system32\DRIVERS\parport.sys
18:54:57.0328 3900  Parport - ok
18:54:57.0343 3900  PartMgr         (beb3ba25197665d82ec7065b724171c6) D:\windows\system32\drivers\PartMgr.sys
18:54:57.0343 3900  PartMgr - ok
18:54:57.0359 3900  ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) D:\windows\system32\drivers\ParVdm.sys
18:54:57.0359 3900  ParVdm - ok
18:54:57.0390 3900  PCI             (a219903ccf74233761d92bef471a07b1) D:\windows\system32\DRIVERS\pci.sys
18:54:57.0406 3900  PCI - ok
18:54:57.0406 3900  PCIDump - ok
18:54:57.0437 3900  PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) D:\windows\system32\DRIVERS\pciide.sys
18:54:57.0437 3900  PCIIde - ok
18:54:57.0468 3900  Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) D:\windows\system32\drivers\Pcmcia.sys
18:54:57.0468 3900  Pcmcia - ok
18:54:57.0484 3900  PDCOMP - ok
18:54:57.0484 3900  PDFRAME - ok
18:54:57.0484 3900  PDRELI - ok
18:54:57.0500 3900  PDRFRAME - ok
18:54:57.0546 3900  PlugPlay        (65df52f5b8b6e9bbd183505225c37315) D:\windows\system32\services.exe
18:54:57.0562 3900  PlugPlay - ok
18:54:57.0578 3900  PolicyAgent     (bf2466b3e18e970d8a976fb95fc1ca85) D:\windows\system32\lsass.exe
18:54:57.0578 3900  PolicyAgent - ok
18:54:57.0609 3900  PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) D:\windows\system32\DRIVERS\raspptp.sys
18:54:57.0609 3900  PptpMiniport - ok
18:54:57.0625 3900  Processor       (a32bebaf723557681bfc6bd93e98bd26) D:\windows\system32\DRIVERS\processr.sys
18:54:57.0640 3900  Processor - ok
18:54:57.0640 3900  ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) D:\windows\system32\lsass.exe
18:54:57.0656 3900  ProtectedStorage - ok
18:54:57.0671 3900  PSched          (09298ec810b07e5d582cb3a3f9255424) D:\windows\system32\DRIVERS\psched.sys
18:54:57.0671 3900  PSched - ok
18:54:57.0703 3900  Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) D:\windows\system32\DRIVERS\ptilink.sys
18:54:57.0703 3900  Ptilink - ok
18:54:57.0703 3900  RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) D:\windows\system32\DRIVERS\rasacd.sys
18:54:57.0718 3900  RasAcd - ok
18:54:57.0750 3900  RasAuto         (ad188be7bdf94e8df4ca0a55c00a5073) D:\windows\System32\rasauto.dll
18:54:57.0765 3900  RasAuto - ok
18:54:57.0796 3900  Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) D:\windows\system32\DRIVERS\rasl2tp.sys
18:54:57.0796 3900  Rasl2tp - ok
18:54:57.0843 3900  RasMan          (76a9a3cbeadd68cc57cda5e1d7448235) D:\windows\System32\rasmans.dll
18:54:57.0859 3900  RasMan - ok
18:54:57.0875 3900  RasPppoe        (5bc962f2654137c9909c3d4603587dee) D:\windows\system32\DRIVERS\raspppoe.sys
18:54:57.0875 3900  RasPppoe - ok
18:54:57.0875 3900  Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) D:\windows\system32\DRIVERS\raspti.sys
18:54:57.0890 3900  Raspti - ok
18:54:57.0906 3900  Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) D:\windows\system32\DRIVERS\rdbss.sys
18:54:57.0921 3900  Rdbss - ok
18:54:57.0921 3900  RDPCDD          (4912d5b403614ce99c28420f75353332) D:\windows\system32\DRIVERS\RDPCDD.sys
18:54:57.0937 3900  RDPCDD - ok
18:54:57.0984 3900  RDPWD           (6589db6e5969f8eee594cf71171c5028) D:\windows\system32\drivers\RDPWD.sys
18:54:58.0000 3900  RDPWD - ok
18:54:58.0046 3900  RDSessMgr       (3c37bf86641bda977c3bf8a840f3b7fa) D:\WINDOWS\system32\sessmgr.exe
18:54:58.0078 3900  RDSessMgr - ok
18:54:58.0109 3900  redbook         (f828dd7e1419b6653894a8f97a0094c5) D:\windows\system32\DRIVERS\redbook.sys
18:54:58.0109 3900  redbook - ok
18:54:58.0156 3900  RemoteAccess    (7e699ff5f59b5d9de5390e3c34c67cf5) D:\windows\System32\mprdim.dll
18:54:58.0171 3900  RemoteAccess - ok
18:54:58.0203 3900  RpcLocator      (aaed593f84afa419bbae8572af87cf6a) D:\windows\system32\locator.exe
18:54:58.0250 3900  RpcLocator - ok
18:54:58.0296 3900  RpcSs           (6b27a5c03dfb94b4245739065431322c) D:\windows\system32\rpcss.dll
18:54:58.0312 3900  RpcSs - ok
18:54:58.0343 3900  RSVP            (471b3f9741d762abe75e9deea4787e47) D:\windows\system32\rsvp.exe
18:54:58.0359 3900  RSVP - ok
18:54:58.0406 3900  RTLE8023xp      (1323ba3ca4e8d863eb00cd81c0aaf356) D:\windows\system32\DRIVERS\Rtenicxp.sys
18:54:58.0406 3900  RTLE8023xp - ok
18:54:58.0437 3900  SamSs           (bf2466b3e18e970d8a976fb95fc1ca85) D:\windows\system32\lsass.exe
18:54:58.0453 3900  SamSs - ok
18:54:58.0468 3900  SCardSvr        (86d007e7a654b9a71d1d7d856b104353) D:\windows\System32\SCardSvr.exe
18:54:58.0468 3900  SCardSvr - ok
18:54:58.0515 3900  Schedule        (0a9a7365a1ca4319aa7c1d6cd8e4eafa) D:\windows\system32\schedsvc.dll
18:54:58.0531 3900  Schedule - ok
18:54:58.0562 3900  Secdrv          (90a3935d05b494a5a39d37e71f09a677) D:\windows\system32\DRIVERS\secdrv.sys
18:54:58.0562 3900  Secdrv - ok
18:54:58.0593 3900  seclogon        (cbe612e2bb6a10e3563336191eda1250) D:\windows\System32\seclogon.dll
18:54:58.0609 3900  seclogon - ok
18:54:58.0625 3900  SENS            (7fdd5d0684eca8c1f68b4d99d124dcd0) D:\windows\system32\sens.dll
18:54:58.0640 3900  SENS - ok
18:54:58.0656 3900  serenum         (0f29512ccd6bead730039fb4bd2c85ce) D:\windows\system32\DRIVERS\serenum.sys
18:54:58.0656 3900  serenum - ok
18:54:58.0671 3900  Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) D:\windows\system32\DRIVERS\serial.sys
18:54:58.0671 3900  Serial - ok
18:54:58.0687 3900  Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) D:\windows\system32\drivers\Sfloppy.sys
18:54:58.0687 3900  Sfloppy - ok
18:54:58.0734 3900  ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) D:\windows\System32\shsvcs.dll
18:54:58.0734 3900  ShellHWDetection - ok
18:54:58.0734 3900  Simbad - ok
18:54:58.0765 3900  splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) D:\windows\system32\drivers\splitter.sys
18:54:58.0781 3900  splitter - ok
18:54:58.0812 3900  sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) D:\windows\system32\DRIVERS\sr.sys
18:54:58.0812 3900  sr - ok
18:54:58.0843 3900  srservice       (3805df0ac4296a34ba4bf93b346cc378) D:\WINDOWS\system32\srsvc.dll
18:54:58.0859 3900  srservice - ok
18:54:58.0906 3900  Srv             (47ddfc2f003f7f9f0592c6874962a2e7) D:\windows\system32\DRIVERS\srv.sys
18:54:58.0906 3900  Srv - ok
18:54:58.0937 3900  SSDPSRV         (0a5679b3714edab99e357057ee88fca6) D:\windows\System32\ssdpsrv.dll
18:54:58.0953 3900  SSDPSRV - ok
18:54:59.0015 3900  Steam Client Service - ok
18:54:59.0046 3900  stisvc          (8bad69cbac032d4bbacfce0306174c30) D:\windows\system32\wiaservc.dll
18:54:59.0062 3900  stisvc - ok
18:54:59.0109 3900  swenum          (3941d127aef12e93addf6fe6ee027e0f) D:\windows\system32\DRIVERS\swenum.sys
18:54:59.0109 3900  swenum - ok
18:54:59.0125 3900  swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) D:\windows\system32\drivers\swmidi.sys
18:54:59.0125 3900  swmidi - ok
18:54:59.0125 3900  SwPrv - ok
18:54:59.0140 3900  sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) D:\windows\system32\drivers\sysaudio.sys
18:54:59.0140 3900  sysaudio - ok
18:54:59.0171 3900  SysmonLog       (c7abbc59b43274b1109df6b24d617051) D:\windows\system32\smlogsvc.exe
18:54:59.0187 3900  SysmonLog - ok
18:54:59.0203 3900  TapiSrv         (3cb78c17bb664637787c9a1c98f79c38) D:\windows\System32\tapisrv.dll
18:54:59.0250 3900  TapiSrv - ok
18:54:59.0296 3900  Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) D:\windows\system32\DRIVERS\tcpip.sys
18:54:59.0312 3900  Tcpip - ok
18:54:59.0343 3900  TDPIPE          (6471a66807f5e104e4885f5b67349397) D:\windows\system32\drivers\TDPIPE.sys
18:54:59.0343 3900  TDPIPE - ok
18:54:59.0343 3900  TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) D:\windows\system32\drivers\TDTCP.sys
18:54:59.0359 3900  TDTCP - ok
18:54:59.0359 3900  TermDD          (88155247177638048422893737429d9e) D:\windows\system32\DRIVERS\termdd.sys
18:54:59.0359 3900  TermDD - ok
18:54:59.0406 3900  TermService     (ff3477c03be7201c294c35f684b3479f) D:\windows\System32\termsrv.dll
18:54:59.0437 3900  TermService - ok
18:54:59.0484 3900  Themes          (99bc0b50f511924348be19c7c7313bbf) D:\windows\System32\shsvcs.dll
18:54:59.0484 3900  Themes - ok
18:54:59.0484 3900  TosIde - ok
18:54:59.0531 3900  TrkWks          (55bca12f7f523d35ca3cb833c725f54e) D:\windows\system32\trkwks.dll
18:54:59.0546 3900  TrkWks - ok
18:54:59.0671 3900  TunngleService  (4a531079746d39026d975d3b02f7e452) D:\Program Files\Tunngle\TnglCtrl.exe
18:54:59.0703 3900  TunngleService - ok
18:54:59.0718 3900  Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) D:\windows\system32\drivers\Udfs.sys
18:54:59.0734 3900  Udfs - ok
18:54:59.0796 3900  UMWdf           (ab0a7ca90d9e3d6a193905dc1715ded0) D:\windows\system32\wdfmgr.exe
18:54:59.0812 3900  UMWdf - ok
18:54:59.0875 3900  Update          (402ddc88356b1bac0ee3dd1580c76a31) D:\windows\system32\DRIVERS\update.sys
18:54:59.0890 3900  Update - ok
18:54:59.0937 3900  upnphost        (1ebafeb9a3fbdc41b8d9c7f0f687ad91) D:\windows\System32\upnphost.dll
18:54:59.0953 3900  upnphost - ok
18:54:59.0984 3900  UPS             (05365fb38fca1e98f7a566aaaf5d1815) D:\windows\System32\ups.exe
18:55:00.0015 3900  UPS - ok
18:55:00.0046 3900  usbccgp         (173f317ce0db8e21322e71b7e60a27e8) D:\windows\system32\DRIVERS\usbccgp.sys
18:55:00.0046 3900  usbccgp - ok
18:55:00.0078 3900  usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) D:\windows\system32\DRIVERS\usbehci.sys
18:55:00.0093 3900  usbehci - ok
18:55:00.0125 3900  usbfilter       (e5b14557793164db879ee56f5b59c3e2) D:\windows\system32\DRIVERS\usbfilter.sys
18:55:00.0125 3900  usbfilter - ok
18:55:00.0156 3900  usbhub          (1ab3cdde553b6e064d2e754efe20285c) D:\windows\system32\DRIVERS\usbhub.sys
18:55:00.0171 3900  usbhub - ok
18:55:00.0218 3900  usbohci         (0daecce65366ea32b162f85f07c6753b) D:\windows\system32\DRIVERS\usbohci.sys
18:55:00.0218 3900  usbohci - ok
18:55:00.0265 3900  USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) D:\windows\system32\DRIVERS\USBSTOR.SYS
18:55:00.0265 3900  USBSTOR - ok
18:55:00.0281 3900  VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) D:\windows\System32\drivers\vga.sys
18:55:00.0281 3900  VgaSave - ok
18:55:00.0296 3900  ViaIde - ok
18:55:00.0328 3900  VolSnap         (4c8fcb5cc53aab716d810740fe59d025) D:\windows\system32\drivers\VolSnap.sys
18:55:00.0328 3900  VolSnap - ok
18:55:00.0375 3900  VSS             (7a9db3a67c333bf0bd42e42b8596854b) D:\windows\System32\vssvc.exe
18:55:00.0421 3900  VSS - ok
18:55:00.0515 3900  W32Time         (54af4b1d5459500ef0937f6d33b1914f) D:\WINDOWS\system32\w32time.dll
18:55:00.0578 3900  W32Time - ok
18:55:00.0609 3900  Wanarp          (e20b95baedb550f32dd489265c1da1f6) D:\windows\system32\DRIVERS\wanarp.sys
18:55:00.0609 3900  Wanarp - ok
18:55:00.0656 3900  Wdf01000        (fd47474bd21794508af449d9d91af6e6) D:\windows\system32\DRIVERS\Wdf01000.sys
18:55:00.0687 3900  Wdf01000 - ok
18:55:00.0687 3900  WDICA - ok
18:55:00.0703 3900  wdmaud          (6768acf64b18196494413695f0c3a00f) D:\windows\system32\drivers\wdmaud.sys
18:55:00.0718 3900  wdmaud - ok
18:55:00.0750 3900  WebClient       (77a354e28153ad2d5e120a5a8687bc06) D:\windows\System32\webclnt.dll
18:55:00.0765 3900  WebClient - ok
18:55:00.0828 3900  winmgmt         (2d0e4ed081963804ccc196a0929275b5) D:\windows\system32\wbem\WMIsvc.dll
18:55:00.0843 3900  winmgmt - ok
18:55:01.0062 3900  wlidsvc         (5144ae67d60ec653f97ddf3feed29e77) d:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:55:01.0109 3900  wlidsvc - ok
18:55:01.0312 3900  WmdmPmSN        (140ef97b64f560fd78643cae2cdad838) D:\windows\system32\MsPMSNSv.dll
18:55:01.0328 3900  WmdmPmSN - ok
18:55:01.0406 3900  WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) D:\windows\system32\DRIVERS\wmiacpi.sys
18:55:01.0421 3900  WmiAcpi - ok
18:55:01.0484 3900  WmiApSrv        (e0673f1106e62a68d2257e376079f821) D:\WINDOWS\system32\wbem\wmiapsrv.exe
18:55:01.0500 3900  WmiApSrv - ok
18:55:01.0656 3900  WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) D:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:55:01.0687 3900  WPFFontCache_v0400 - ok
18:55:01.0718 3900  wuauserv        (35321fb577cdc98ce3eb3a3eb9e4610a) D:\windows\system32\wuauserv.dll
18:55:01.0750 3900  wuauserv - ok
18:55:01.0796 3900  WZCSVC          (81dc3f549f44b1c1fff022dec9ecf30b) D:\windows\System32\wzcsvc.dll
18:55:01.0859 3900  WZCSVC - ok
18:55:01.0906 3900  xmlprov         (295d21f14c335b53cb8154e5b1f892b9) D:\windows\System32\xmlprov.dll
18:55:01.0921 3900  xmlprov - ok
18:55:01.0953 3900  MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:55:02.0437 3900  \Device\Harddisk0\DR0 - ok
18:55:02.0437 3900  MBR (0x1B8)     (197fce9295e9a3ec406a03e335785ecb) \Device\Harddisk1\DR8
18:55:02.0453 3900  \Device\Harddisk1\DR8 - ok
18:55:02.0453 3900  Boot (0x1200)   (15290f23ca57d4e8bc29020059344879) \Device\Harddisk0\DR0\Partition0
18:55:02.0453 3900  \Device\Harddisk0\DR0\Partition0 - ok
18:55:02.0453 3900  ============================================================
18:55:02.0453 3900  Scan finished
18:55:02.0453 3900  ============================================================
18:55:02.0468 3316  Detected object count: 0
18:55:02.0468 3316  Actual detected object count: 0
18:55:19.0343 3924  ============================================================
18:55:19.0359 3924  Scan started
18:55:19.0359 3924  Mode: Manual; SigCheck; TDLFS; 
18:55:19.0359 3924  ============================================================
18:55:19.0531 3924  Aavmker4        (0b27ae82c113d3687024d18459440426) D:\windows\system32\drivers\Aavmker4.sys
18:55:19.0843 3924  Aavmker4 - ok
18:55:19.0843 3924  Abiosdsk - ok
18:55:19.0875 3924  ACPI            (8fd99680a539792a30e97944fdaecf17) D:\windows\system32\DRIVERS\ACPI.sys
18:55:20.0968 3924  ACPI - ok
18:55:21.0000 3924  ACPIEC          (9859c0f6936e723e4892d7141b1327d5) D:\windows\system32\drivers\ACPIEC.sys
18:55:21.0125 3924  ACPIEC - ok
18:55:21.0187 3924  AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) D:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:55:21.0203 3924  AdobeFlashPlayerUpdateSvc - ok
18:55:21.0218 3924  aec             (8bed39e3c35d6a489438b8141717a557) D:\windows\system32\drivers\aec.sys
18:55:21.0343 3924  aec - ok
18:55:21.0390 3924  AFD             (1e44bc1e83d8fd2305f8d452db109cf9) D:\windows\System32\drivers\afd.sys
18:55:21.0453 3924  AFD - ok
18:55:21.0484 3924  Alerter         (a9a3daa780ca6c9671a19d52456705b4) D:\windows\system32\alrsvc.dll
18:55:21.0625 3924  Alerter - ok
18:55:21.0656 3924  ALG             (8c515081584a38aa007909cd02020b3d) D:\windows\System32\alg.exe
18:55:21.0734 3924  ALG - ok
18:55:21.0750 3924  AliIde - ok
18:55:21.0828 3924  ALSysIO - ok
18:55:21.0937 3924  Ambfilt         (267fc636801edc5ab28e14036349e3be) D:\windows\system32\drivers\Ambfilt.sys
18:55:22.0046 3924  Ambfilt - ok
18:55:22.0203 3924  AmdLLD          (ad8fa28d8ed0d0a689a0559085ce0f18) D:\windows\system32\DRIVERS\AmdLLD.sys
18:55:22.0265 3924  AmdLLD - ok
18:55:22.0281 3924  AmdPPM          (033448d435e65c4bd72e70521fd05c76) D:\windows\system32\DRIVERS\AmdPPM.sys
18:55:22.0343 3924  AmdPPM - ok
18:55:22.0437 3924  AODDriver       (5bd30b502168013c9ea03a5c2f1c9776) D:\Program Files\GIGABYTE\ET6\i386\AODDriver.sys
18:55:22.0453 3924  AODDriver ( UnsignedFile.Multi.Generic ) - warning
18:55:22.0453 3924  AODDriver - detected UnsignedFile.Multi.Generic (1)
18:55:22.0546 3924  Apache2.2       (44ceaff41ede4297f30913ddf80d17c1) D:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
18:55:22.0562 3924  Apache2.2 ( UnsignedFile.Multi.Generic ) - warning
18:55:22.0562 3924  Apache2.2 - detected UnsignedFile.Multi.Generic (1)
18:55:22.0578 3924  AppleCharger    (75a8b998eb259dd512f01ea25bec7f3b) D:\windows\system32\DRIVERS\AppleCharger.sys
18:55:22.0593 3924  AppleCharger - ok
18:55:22.0625 3924  AppleChargerSrv (95ef7247c50c7241fdae39a9b3aff4ae) D:\windows\system32\AppleChargerSrv.exe
18:55:22.0640 3924  AppleChargerSrv - ok
18:55:22.0640 3924  AppMgmt - ok
18:55:22.0781 3924  aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) D:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:55:22.0796 3924  aspnet_state - ok
18:55:22.0828 3924  aswFsBlk        (1c1f3d6dddc046c920c493a779649f66) D:\windows\system32\drivers\aswFsBlk.sys
18:55:22.0859 3924  aswFsBlk - ok
18:55:22.0890 3924  aswMon2         (9e912fe7b41650701ef2b227aca440f3) D:\windows\system32\drivers\aswMon2.sys
18:55:22.0921 3924  aswMon2 - ok
18:55:22.0953 3924  aswRdr          (982e275d1c5801042fe94209fb0160fb) D:\windows\system32\drivers\aswRdr.sys
18:55:22.0984 3924  aswRdr - ok
18:55:23.0031 3924  aswSnx          (73dbcf808e00580f2a47f93dd9b03876) D:\windows\system32\drivers\aswSnx.sys
18:55:23.0093 3924  aswSnx - ok
18:55:23.0125 3924  aswSP           (6cbd7d3a33f498d09c831cdd732da2e0) D:\windows\system32\drivers\aswSP.sys
18:55:23.0140 3924  aswSP - ok
18:55:23.0171 3924  aswTdi          (7109a9aa551f37cd168c02368465957e) D:\windows\system32\drivers\aswTdi.sys
18:55:23.0203 3924  aswTdi - ok
18:55:23.0234 3924  AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) D:\windows\system32\DRIVERS\asyncmac.sys
18:55:23.0375 3924  AsyncMac - ok
18:55:23.0390 3924  atapi           (9f3a2f5aa6875c72bf062c712cfa2674) D:\windows\system32\DRIVERS\atapi.sys
18:55:23.0515 3924  atapi - ok
18:55:23.0515 3924  Atdisk - ok
18:55:23.0578 3924  Ati HotKey Poller (c434b72352fadd9249d5541274021570) D:\windows\system32\Ati2evxx.exe
18:55:23.0671 3924  Ati HotKey Poller - ok
18:55:24.0015 3924  ati2mtag        (b4368b39a18630c3ec8d7f496f76f19b) D:\windows\system32\DRIVERS\ati2mtag.sys
18:55:24.0265 3924  ati2mtag - ok
18:55:24.0421 3924  AtiHDAudioService (bd9ca8136738040d3257363ed12be693) D:\windows\system32\drivers\AtihdXP3.sys
18:55:24.0437 3924  AtiHDAudioService - ok
18:55:24.0484 3924  atksgt          (f9c24d25d9ff29f894995a64812b4d85) D:\windows\system32\DRIVERS\atksgt.sys
18:55:24.0500 3924  atksgt - ok
18:55:24.0531 3924  Atmarpc         (9916c1225104ba14794209cfa8012159) D:\windows\system32\DRIVERS\atmarpc.sys
18:55:24.0656 3924  Atmarpc - ok
18:55:24.0703 3924  AudioSrv        (def7a7882bec100fe0b2ce2549188f9d) D:\windows\System32\audiosrv.dll
18:55:24.0906 3924  AudioSrv - ok
18:55:24.0921 3924  audstub         (d9f724aa26c010a217c97606b160ed68) D:\windows\system32\DRIVERS\audstub.sys
18:55:25.0093 3924  audstub - ok
18:55:25.0171 3924  avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:55:25.0187 3924  avast! Antivirus - ok
18:55:25.0218 3924  Beep            (da1f27d85e0d1525f6621372e7b685e9) D:\windows\system32\drivers\Beep.sys
18:55:25.0390 3924  Beep - ok
18:55:25.0421 3924  BITS            (574738f61fca2935f5265dc4e5691314) D:\windows\system32\qmgr.dll
18:55:25.0578 3924  BITS - ok
18:55:25.0625 3924  Bridge          (f934d1b230f84e1d19dd00ac5a7a83ed) D:\windows\system32\DRIVERS\bridge.sys
18:55:25.0750 3924  Bridge - ok
18:55:25.0750 3924  BridgeMP        (f934d1b230f84e1d19dd00ac5a7a83ed) D:\windows\system32\DRIVERS\bridge.sys
18:55:25.0796 3924  BridgeMP - ok
18:55:25.0828 3924  Browser         (a06ce3399d16db864f55faeb1f1927a9) D:\windows\System32\browser.dll
18:55:25.0984 3924  Browser - ok
18:55:26.0000 3924  Cdaudio         (c1b486a7658353d33a10cc15211a873b) D:\windows\system32\drivers\Cdaudio.sys
18:55:26.0140 3924  Cdaudio - ok
18:55:26.0156 3924  Cdfs            (c885b02847f5d2fd45a24e219ed93b32) D:\windows\system32\drivers\Cdfs.sys
18:55:26.0312 3924  Cdfs - ok
18:55:26.0328 3924  Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) D:\windows\system32\DRIVERS\cdrom.sys
18:55:26.0484 3924  Cdrom - ok
18:55:26.0484 3924  Changer - ok
18:55:26.0515 3924  CiSvc           (1cfe720eb8d93a7158a4ebc3ab178bde) D:\windows\system32\cisvc.exe
18:55:26.0609 3924  CiSvc - ok
18:55:26.0656 3924  ClipSrv         (34cbe729f38138217f9c80212a2a0c82) D:\windows\system32\clipsrv.exe
18:55:26.0796 3924  ClipSrv - ok
18:55:26.0875 3924  clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:55:26.0890 3924  clr_optimization_v2.0.50727_32 - ok
18:55:26.0953 3924  clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) D:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:55:26.0968 3924  clr_optimization_v4.0.30319_32 - ok
18:55:27.0109 3924  cmdAgent        (907324001ae25ac5959c91eaa34cabae) D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
18:55:27.0203 3924  cmdAgent - ok
18:55:27.0390 3924  cmdGuard        (bee235831f8e3f0baaca18b39d285cf5) D:\windows\system32\DRIVERS\cmdguard.sys
18:55:27.0406 3924  cmdGuard - ok
18:55:27.0421 3924  cmdHlp          (de548946f36cab62fec2e6aa0149a619) D:\windows\system32\DRIVERS\cmdhlp.sys
18:55:27.0453 3924  cmdHlp - ok
18:55:27.0453 3924  CmdIde - ok
18:55:27.0453 3924  COMSysApp - ok
18:55:27.0500 3924  cpuz135         (c2eb4539a4f6ab6edd01bdc191619975) D:\windows\system32\drivers\cpuz135_x32.sys
18:55:27.0515 3924  cpuz135 - ok
18:55:27.0546 3924  CryptSvc        (3d4e199942e29207970e04315d02ad3b) D:\windows\System32\cryptsvc.dll
18:55:27.0687 3924  CryptSvc - ok
18:55:27.0750 3924  DcomLaunch      (6b27a5c03dfb94b4245739065431322c) D:\windows\system32\rpcss.dll
18:55:27.0843 3924  DcomLaunch - ok
18:55:27.0875 3924  Dhcp            (5e38d7684a49cacfb752b046357e0589) D:\windows\System32\dhcpcsvc.dll
18:55:28.0031 3924  Dhcp - ok
18:55:28.0062 3924  Disk            (044452051f3e02e7963599fc8f4f3e25) D:\windows\system32\DRIVERS\disk.sys
18:55:28.0203 3924  Disk - ok
18:55:28.0203 3924  dmadmin - ok
18:55:28.0265 3924  dmboot          (d992fe1274bde0f84ad826acae022a41) D:\windows\system32\drivers\dmboot.sys
18:55:28.0468 3924  dmboot - ok
18:55:28.0515 3924  dmio            (7c824cf7bbde77d95c08005717a95f6f) D:\windows\system32\drivers\dmio.sys
18:55:28.0671 3924  dmio - ok
18:55:28.0703 3924  dmload          (e9317282a63ca4d188c0df5e09c6ac5f) D:\windows\system32\drivers\dmload.sys
18:55:28.0906 3924  dmload - ok
18:55:28.0937 3924  dmserver        (57edec2e5f59f0335e92f35184bc8631) D:\windows\System32\dmserver.dll
18:55:29.0093 3924  dmserver - ok
18:55:29.0125 3924  DMusic          (8a208dfcf89792a484e76c40e5f50b45) D:\windows\system32\drivers\DMusic.sys
18:55:29.0265 3924  DMusic - ok
18:55:29.0296 3924  Dnscache        (5f7e24fa9eab896051ffb87f840730d2) D:\windows\System32\dnsrslvr.dll
18:55:29.0375 3924  Dnscache - ok
18:55:29.0406 3924  Dot3svc         (0f0f6e687e5e15579ef4da8dd6945814) D:\windows\System32\dot3svc.dll
18:55:29.0546 3924  Dot3svc - ok
18:55:29.0593 3924  drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) D:\windows\system32\drivers\drmkaud.sys
18:55:29.0703 3924  drmkaud - ok
18:55:29.0765 3924  dtsoftbus01     (687af6bb383885ff6a64071b189a7f3e) D:\windows\system32\DRIVERS\dtsoftbus01.sys
18:55:29.0781 3924  dtsoftbus01 - ok
18:55:29.0812 3924  EapHost         (2187855a7703adef0cef9ee4285182cc) D:\windows\System32\eapsvc.dll
18:55:30.0000 3924  EapHost - ok
18:55:30.0031 3924  ERSvc           (bc93b4a066477954555966d77fec9ecb) D:\windows\System32\ersvc.dll
18:55:30.0156 3924  ERSvc - ok
18:55:30.0171 3924  etdrv           (3af0ae042afe486b22644cd3fbebf2e2) D:\windows\etdrv.sys
18:55:30.0187 3924  etdrv - ok
18:55:30.0218 3924  Eventlog        (65df52f5b8b6e9bbd183505225c37315) D:\windows\system32\services.exe
18:55:30.0234 3924  Eventlog - ok
18:55:30.0281 3924  EventSystem     (d4991d98f2db73c60d042f1aef79efae) D:\WINDOWS\system32\es.dll
18:55:30.0359 3924  EventSystem - ok
18:55:30.0390 3924  Fastfat         (38d332a6d56af32635675f132548343e) D:\windows\system32\drivers\Fastfat.sys
18:55:30.0531 3924  Fastfat - ok
18:55:30.0562 3924  FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) D:\windows\System32\shsvcs.dll
18:55:30.0671 3924  FastUserSwitchingCompatibility - ok
18:55:30.0703 3924  Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) D:\windows\system32\DRIVERS\fdc.sys
18:55:30.0875 3924  Fdc - ok
18:55:30.0890 3924  Fips            (d45926117eb9fa946a6af572fbe1caa3) D:\windows\system32\drivers\Fips.sys
18:55:31.0078 3924  Fips - ok
18:55:31.0093 3924  Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) D:\windows\system32\DRIVERS\flpydisk.sys
18:55:31.0218 3924  Flpydisk - ok
18:55:31.0250 3924  FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) D:\windows\system32\drivers\fltmgr.sys
18:55:31.0437 3924  FltMgr - ok
18:55:31.0562 3924  FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) d:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:55:31.0578 3924  FontCache3.0.0.0 - ok
18:55:31.0625 3924  Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) D:\windows\system32\drivers\Fs_Rec.sys
18:55:31.0781 3924  Fs_Rec - ok
18:55:31.0796 3924  Ftdisk          (6ac26732762483366c3969c9e4d2259d) D:\windows\system32\DRIVERS\ftdisk.sys
18:55:31.0921 3924  Ftdisk - ok
18:55:31.0937 3924  gdrv            (d556cb79967e92b5cc69686d16c1d846) D:\windows\gdrv.sys
18:55:31.0953 3924  gdrv - ok
18:55:31.0984 3924  Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) D:\windows\system32\DRIVERS\msgpc.sys
18:55:32.0093 3924  Gpc - ok
18:55:32.0125 3924  GVTDrv          (689a8eef2a2d62b28a0a578a6196531c) D:\windows\system32\Drivers\GVTDrv.sys
18:55:32.0140 3924  GVTDrv - ok
18:55:32.0156 3924  hamachi         (833051c6c6c42117191935f734cfbd97) D:\windows\system32\DRIVERS\hamachi.sys
18:55:32.0171 3924  hamachi - ok
18:55:32.0312 3924  Hamachi2Svc     (f31d7f8a7699575dbb3b3a3ab4aa6216) D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
18:55:32.0390 3924  Hamachi2Svc - ok
18:55:32.0437 3924  HDAudBus        (573c7d0a32852b48f3058cfd8026f511) D:\windows\system32\DRIVERS\HDAudBus.sys
18:55:32.0531 3924  HDAudBus - ok
18:55:32.0593 3924  helpsvc         (4fcca060dfe0c51a09dd5c3843888bcd) D:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:55:32.0687 3924  helpsvc - ok
18:55:32.0718 3924  HidServ         (deb04da35cc871b6d309b77e1443c796) D:\windows\System32\hidserv.dll
18:55:32.0859 3924  HidServ - ok
18:55:32.0890 3924  hidusb          (ccf82c5ec8a7326c3066de870c06daf1) D:\windows\system32\DRIVERS\hidusb.sys
18:55:33.0000 3924  hidusb - ok
18:55:33.0031 3924  hkmsvc          (8878bd685e490239777bfe51320b88e9) D:\windows\System32\kmsvc.dll
18:55:33.0125 3924  hkmsvc - ok
18:55:33.0171 3924  HTTP            (f80a415ef82cd06ffaf0d971528ead38) D:\windows\system32\Drivers\HTTP.sys
18:55:33.0250 3924  HTTP - ok
18:55:33.0265 3924  HTTPFilter      (6100a808600f44d999cebdef8841c7a3) D:\windows\System32\w3ssl.dll
18:55:33.0375 3924  HTTPFilter - ok
18:55:33.0390 3924  i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) D:\windows\system32\DRIVERS\i8042prt.sys
18:55:33.0500 3924  i8042prt - ok
18:55:33.0593 3924  IDriverT        (1cf03c69b49acb70c722df92755c0c8c) D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:55:33.0656 3924  IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:55:33.0656 3924  IDriverT - detected UnsignedFile.Multi.Generic (1)
18:55:33.0796 3924  idsvc           (c01ac32dc5c03076cfb852cb5da5229c) d:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:55:33.0843 3924  idsvc - ok
18:55:33.0890 3924  Imapi           (083a052659f5310dd8b6a6cb05edcf8e) D:\windows\system32\DRIVERS\imapi.sys
18:55:34.0000 3924  Imapi - ok
18:55:34.0031 3924  ImapiService    (30deaf54a9755bb8546168cfe8a6b5e1) D:\WINDOWS\system32\imapi.exe
18:55:34.0328 3924  ImapiService - ok
18:55:34.0390 3924  Inspect         (f89849cf13805ef49da64a8a63193af7) D:\windows\system32\DRIVERS\inspect.sys
18:55:34.0421 3924  Inspect - ok
18:55:34.0828 3924  IntcAzAudAddService (7a1d5e631fa803beb2ee85e0774d48e3) D:\windows\system32\drivers\RtkHDAud.sys
18:55:35.0187 3924  IntcAzAudAddService - ok
18:55:35.0312 3924  IntelIde - ok
18:55:35.0343 3924  Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) D:\windows\system32\drivers\ip6fw.sys
18:55:35.0531 3924  Ip6Fw - ok
18:55:35.0562 3924  IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) D:\windows\system32\DRIVERS\ipfltdrv.sys
18:55:35.0687 3924  IpFilterDriver - ok
18:55:35.0750 3924  IpInIp          (b87ab476dcf76e72010632b5550955f5) D:\windows\system32\DRIVERS\ipinip.sys
18:55:35.0875 3924  IpInIp - ok
18:55:35.0890 3924  IpNat           (cc748ea12c6effde940ee98098bf96bb) D:\windows\system32\DRIVERS\ipnat.sys
18:55:36.0046 3924  IpNat - ok
18:55:36.0062 3924  IPSec           (23c74d75e36e7158768dd63d92789a91) D:\windows\system32\DRIVERS\ipsec.sys
18:55:36.0218 3924  IPSec - ok
18:55:36.0218 3924  IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) D:\windows\system32\DRIVERS\irenum.sys
18:55:36.0281 3924  IRENUM - ok
18:55:36.0312 3924  isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) D:\windows\system32\DRIVERS\isapnp.sys
18:55:36.0468 3924  isapnp - ok
18:55:36.0593 3924  JavaQuickStarterService (0a5709543986843d37a92290b7838340) D:\Program Files\Java\jre6\bin\jqs.exe
18:55:36.0609 3924  JavaQuickStarterService - ok
18:55:36.0640 3924  Kbdclass        (463c1ec80cd17420a542b7f36a36f128) D:\windows\system32\DRIVERS\kbdclass.sys
18:55:36.0750 3924  Kbdclass - ok
18:55:36.0765 3924  kbdhid          (9ef487a186dea361aa06913a75b3fa99) D:\windows\system32\DRIVERS\kbdhid.sys
18:55:36.0906 3924  kbdhid - ok
18:55:36.0921 3924  kmixer          (692bcf44383d056aed41b045a323d378) D:\windows\system32\drivers\kmixer.sys
18:55:37.0062 3924  kmixer - ok
18:55:37.0093 3924  KSecDD          (b467646c54cc746128904e1654c750c1) D:\windows\system32\drivers\KSecDD.sys
18:55:37.0171 3924  KSecDD - ok
18:55:37.0203 3924  lanmanserver    (3a7c3cbe5d96b8ae96ce81f0b22fb527) D:\windows\System32\srvsvc.dll
18:55:37.0265 3924  lanmanserver - ok
18:55:37.0296 3924  lanmanworkstation (a8888a5327621856c0cec4e385f69309) D:\windows\System32\wkssvc.dll
18:55:37.0343 3924  lanmanworkstation - ok
18:55:37.0359 3924  lbrtfdc - ok
18:55:37.0375 3924  lirsgt          (8ccf9ed46d52af1375875f74a91ffacf) D:\windows\system32\DRIVERS\lirsgt.sys
18:55:37.0390 3924  lirsgt - ok
18:55:37.0421 3924  LmHosts         (a7db739ae99a796d91580147e919cc59) D:\windows\System32\lmhsvc.dll
18:55:37.0562 3924  LmHosts - ok
18:55:37.0625 3924  McciCMService   (f8b823414a22dbf3bec10dcaa5f93cd8) D:\Program Files\Common Files\Motive\McciCMService.exe
18:55:37.0687 3924  McciCMService ( UnsignedFile.Multi.Generic ) - warning
18:55:37.0687 3924  McciCMService - detected UnsignedFile.Multi.Generic (1)
18:55:37.0703 3924  Messenger       (986b1ff5814366d71e0ac5755c88f2d3) D:\windows\System32\msgsvc.dll
18:55:37.0843 3924  Messenger - ok
18:55:37.0875 3924  Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) D:\windows\system32\drivers\Modem.sys
18:55:38.0031 3924  Modem - ok
18:55:38.0140 3924  Monfilt         (c7d9f9717916b34c1b00dd4834af485c) D:\windows\system32\drivers\Monfilt.sys
18:55:38.0203 3924  Monfilt - ok
18:55:38.0250 3924  Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) D:\windows\system32\DRIVERS\mouclass.sys
18:55:38.0390 3924  Mouclass - ok
18:55:38.0406 3924  mouhid          (b1c303e17fb9d46e87a98e4ba6769685) D:\windows\system32\DRIVERS\mouhid.sys
18:55:38.0609 3924  mouhid - ok
18:55:38.0640 3924  MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) D:\windows\system32\drivers\MountMgr.sys
18:55:38.0843 3924  MountMgr - ok
18:55:38.0921 3924  MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:55:38.0953 3924  MozillaMaintenance - ok
18:55:39.0015 3924  MREMP50         (9bd4dcb5412921864a7aacdedfbd1923) D:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
18:55:39.0046 3924  MREMP50 ( UnsignedFile.Multi.Generic ) - warning
18:55:39.0046 3924  MREMP50 - detected UnsignedFile.Multi.Generic (1)
18:55:39.0046 3924  MREMPR5 - ok
18:55:39.0046 3924  MRENDIS5 - ok
18:55:39.0078 3924  MRESP50         (07c02c892e8e1a72d6bf35004f0e9c5e) D:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
18:55:39.0125 3924  MRESP50 ( UnsignedFile.Multi.Generic ) - warning
18:55:39.0125 3924  MRESP50 - detected UnsignedFile.Multi.Generic (1)
18:55:39.0156 3924  MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) D:\windows\system32\DRIVERS\mrxdav.sys
18:55:39.0390 3924  MRxDAV - ok
18:55:39.0437 3924  MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) D:\windows\system32\DRIVERS\mrxsmb.sys
18:55:39.0546 3924  MRxSmb - ok
18:55:39.0578 3924  MSDTC           (a137f1470499a205abbb9aafb3b6f2b1) D:\WINDOWS\system32\msdtc.exe
18:55:39.0796 3924  MSDTC - ok
18:55:39.0843 3924  Msfs            (c941ea2454ba8350021d774daf0f1027) D:\windows\system32\drivers\Msfs.sys
18:55:40.0015 3924  Msfs - ok
18:55:40.0031 3924  MSIServer - ok
18:55:40.0046 3924  MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) D:\windows\system32\drivers\MSKSSRV.sys
18:55:40.0156 3924  MSKSSRV - ok
18:55:40.0171 3924  MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) D:\windows\system32\drivers\MSPCLOCK.sys
18:55:40.0296 3924  MSPCLOCK - ok
18:55:40.0312 3924  MSPQM           (bad59648ba099da4a17680b39730cb3d) D:\windows\system32\drivers\MSPQM.sys
18:55:40.0437 3924  MSPQM - ok
18:55:40.0453 3924  mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) D:\windows\system32\DRIVERS\mssmbios.sys
18:55:40.0593 3924  mssmbios - ok
18:55:40.0656 3924  Mup             (de6a75f5c270e756c5508d94b6cf68f5) D:\windows\system32\drivers\Mup.sys
18:55:40.0687 3924  Mup - ok
18:55:40.0718 3924  napagent        (0102140028fad045756796e1c685d695) D:\windows\System32\qagentrt.dll
18:55:40.0828 3924  napagent - ok
18:55:40.0843 3924  NDIS            (1df7f42665c94b825322fae71721130d) D:\windows\system32\drivers\NDIS.sys
18:55:40.0921 3924  NDIS - ok
18:55:40.0953 3924  NdisTapi        (0109c4f3850dfbab279542515386ae22) D:\windows\system32\DRIVERS\ndistapi.sys
18:55:41.0000 3924  NdisTapi - ok
18:55:41.0031 3924  Ndisuio         (f927a4434c5028758a842943ef1a3849) D:\windows\system32\DRIVERS\ndisuio.sys
18:55:41.0125 3924  Ndisuio - ok
18:55:41.0140 3924  NdisWan         (edc1531a49c80614b2cfda43ca8659ab) D:\windows\system32\DRIVERS\ndiswan.sys
18:55:41.0234 3924  NdisWan - ok
18:55:41.0265 3924  NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) D:\windows\system32\drivers\NDProxy.sys
18:55:41.0328 3924  NDProxy - ok
18:55:41.0343 3924  Neo_VPN         (78a1eacf8da011715f7e0b3536f9845c) D:\windows\system32\DRIVERS\Neo_0029.sys
18:55:41.0359 3924  Neo_VPN - ok
18:55:41.0375 3924  NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) D:\windows\system32\DRIVERS\netbios.sys
18:55:41.0484 3924  NetBIOS - ok
18:55:41.0515 3924  NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) D:\windows\system32\DRIVERS\netbt.sys
18:55:41.0625 3924  NetBT - ok
18:55:41.0671 3924  NetDDE          (b857ba82860d7ff85ae29b095645563b) D:\windows\system32\netdde.exe
18:55:41.0765 3924  NetDDE - ok
18:55:41.0765 3924  NetDDEdsdm      (b857ba82860d7ff85ae29b095645563b) D:\windows\system32\netdde.exe
18:55:41.0875 3924  NetDDEdsdm - ok
18:55:41.0906 3924  Netlogon        (bf2466b3e18e970d8a976fb95fc1ca85) D:\windows\system32\lsass.exe
18:55:42.0000 3924  Netlogon - ok
18:55:42.0031 3924  Netman          (13e67b55b3abd7bf3fe7aae5a0f9a9de) D:\windows\System32\netman.dll
18:55:42.0140 3924  Netman - ok
18:55:42.0234 3924  NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) d:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:55:42.0250 3924  NetTcpPortSharing - ok
18:55:42.0296 3924  Nla             (943337d786a56729263071623bbb9de5) D:\windows\System32\mswsock.dll
18:55:42.0328 3924  Nla - ok
18:55:42.0343 3924  Npfs            (3182d64ae053d6fb034f44b6def8034a) D:\windows\system32\drivers\Npfs.sys
18:55:42.0437 3924  Npfs - ok
18:55:42.0484 3924  Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) D:\windows\system32\drivers\Ntfs.sys
18:55:42.0578 3924  Ntfs - ok
18:55:42.0593 3924  NtLmSsp         (bf2466b3e18e970d8a976fb95fc1ca85) D:\windows\system32\lsass.exe
18:55:42.0687 3924  NtLmSsp - ok
18:55:42.0750 3924  NtmsSvc         (156f64a3345bd23c600655fb4d10bc08) D:\windows\system32\ntmssvc.dll
18:55:42.0843 3924  NtmsSvc - ok
18:55:42.0890 3924  NuidFltr        (cf7e041663119e09d2e118521ada9300) D:\windows\system32\DRIVERS\NuidFltr.sys
18:55:42.0890 3924  NuidFltr - ok
18:55:42.0921 3924  Null            (73c1e1f395918bc2c6dd67af7591a3ad) D:\windows\system32\drivers\Null.sys
18:55:43.0015 3924  Null - ok
18:55:43.0015 3924  NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) D:\windows\system32\DRIVERS\nwlnkflt.sys
18:55:43.0109 3924  NwlnkFlt - ok
18:55:43.0109 3924  NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) D:\windows\system32\DRIVERS\nwlnkfwd.sys
18:55:43.0203 3924  NwlnkFwd - ok
18:55:43.0281 3924  ose             (9d10f99a6712e28f8acd5641e3a7ea6b) D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:55:43.0296 3924  ose - ok
18:55:43.0312 3924  Parport         (5575faf8f97ce5e713d108c2a58d7c7c) D:\windows\system32\DRIVERS\parport.sys
18:55:43.0421 3924  Parport - ok
18:55:43.0421 3924  PartMgr         (beb3ba25197665d82ec7065b724171c6) D:\windows\system32\drivers\PartMgr.sys
18:55:43.0515 3924  PartMgr - ok
18:55:43.0531 3924  ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) D:\windows\system32\drivers\ParVdm.sys
18:55:43.0625 3924  ParVdm - ok
18:55:43.0671 3924  PCI             (a219903ccf74233761d92bef471a07b1) D:\windows\system32\DRIVERS\pci.sys
18:55:43.0781 3924  PCI - ok
18:55:43.0781 3924  PCIDump - ok
18:55:43.0796 3924  PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) D:\windows\system32\DRIVERS\pciide.sys
18:55:43.0890 3924  PCIIde - ok
18:55:43.0906 3924  Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) D:\windows\system32\drivers\Pcmcia.sys
18:55:44.0000 3924  Pcmcia - ok
18:55:44.0000 3924  PDCOMP - ok
18:55:44.0000 3924  PDFRAME - ok
18:55:44.0000 3924  PDRELI - ok
18:55:44.0000 3924  PDRFRAME - ok
18:55:44.0031 3924  PlugPlay        (65df52f5b8b6e9bbd183505225c37315) D:\windows\system32\services.exe
18:55:44.0062 3924  PlugPlay - ok
18:55:44.0062 3924  PolicyAgent     (bf2466b3e18e970d8a976fb95fc1ca85) D:\windows\system32\lsass.exe
18:55:44.0140 3924  PolicyAgent - ok
18:55:44.0187 3924  PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) D:\windows\system32\DRIVERS\raspptp.sys
18:55:44.0281 3924  PptpMiniport - ok
18:55:44.0296 3924  Processor       (a32bebaf723557681bfc6bd93e98bd26) D:\windows\system32\DRIVERS\processr.sys
18:55:44.0406 3924  Processor - ok
18:55:44.0406 3924  ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) D:\windows\system32\lsass.exe
18:55:44.0500 3924  ProtectedStorage - ok
18:55:44.0515 3924  PSched          (09298ec810b07e5d582cb3a3f9255424) D:\windows\system32\DRIVERS\psched.sys
18:55:44.0625 3924  PSched - ok
18:55:44.0656 3924  Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) D:\windows\system32\DRIVERS\ptilink.sys
18:55:44.0750 3924  Ptilink - ok
18:55:44.0750 3924  RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) D:\windows\system32\DRIVERS\rasacd.sys
18:55:44.0843 3924  RasAcd - ok
18:55:44.0875 3924  RasAuto         (ad188be7bdf94e8df4ca0a55c00a5073) D:\windows\System32\rasauto.dll
18:55:44.0968 3924  RasAuto - ok
18:55:44.0984 3924  Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) D:\windows\system32\DRIVERS\rasl2tp.sys
18:55:45.0078 3924  Rasl2tp - ok
18:55:45.0109 3924  RasMan          (76a9a3cbeadd68cc57cda5e1d7448235) D:\windows\System32\rasmans.dll
18:55:45.0218 3924  RasMan - ok
18:55:45.0234 3924  RasPppoe        (5bc962f2654137c9909c3d4603587dee) D:\windows\system32\DRIVERS\raspppoe.sys
18:55:45.0343 3924  RasPppoe - ok
18:55:45.0343 3924  Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) D:\windows\system32\DRIVERS\raspti.sys
18:55:45.0437 3924  Raspti - ok
18:55:45.0453 3924  Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) D:\windows\system32\DRIVERS\rdbss.sys
18:55:45.0562 3924  Rdbss - ok
18:55:45.0562 3924  RDPCDD          (4912d5b403614ce99c28420f75353332) D:\windows\system32\DRIVERS\RDPCDD.sys
18:55:45.0656 3924  RDPCDD - ok
18:55:45.0703 3924  RDPWD           (6589db6e5969f8eee594cf71171c5028) D:\windows\system32\drivers\RDPWD.sys
18:55:45.0796 3924  RDPWD - ok
18:55:45.0828 3924  RDSessMgr       (3c37bf86641bda977c3bf8a840f3b7fa) D:\WINDOWS\system32\sessmgr.exe
18:55:45.0937 3924  RDSessMgr - ok
18:55:45.0968 3924  redbook         (f828dd7e1419b6653894a8f97a0094c5) D:\windows\system32\DRIVERS\redbook.sys
18:55:46.0062 3924  redbook - ok
18:55:

Sabre2th 0 Newbie Poster · Answer 5 · 2012-07-19T15:12:37+00:00

All real time shields in avast show as active.

I attempted to run rkill in all the ways you provided, all with the same results;
-command box would open for less than a second occasionaly
-avast is now alerting iexplorer and explorer processes as being suspicious (presumably blocking rkill from running)
-rkill process shows in task manager and I can wait for 10 minutes with no response

So I terminated rkill every time after 10 minutes assuming they hadn't worked. Is this correct and would this work in safe mode?

Sabre2th 0 Newbie Poster · Answer 6 · 2012-07-22T02:53:08+00:00

scanned explorer.exe - nothing found
scanned iexplorer.exe - nothing found

Rkill successfull after disabling avast filesystem shield temporarily
TDSSKiller did not find said entries
mbam completed and removed infections
no desktop.ini file found
no folders matching exactly so deleted 2 close matches wirh contents of little use.
combofix completed
otl completed

mbam log

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.21.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Sabre2th :: SUFFICIENT [administrator]

21/07/2012 22:14:24
mbam-log-2012-07-21 (22-14-24).txt

Scan type: Full scan (D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 306138
Time elapsed: 1 hour(s), 25 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
D:\Documents and Settings\Sabre2th\Local Settings\Application Data\{156cc7ff-8a28-25e2-b67c-d02b1d0250a9}\n (Trojan.Agent.BVXGen) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{84B6AE5E-DC92-41E0-A1AE-874CDD045680}\RP351\A0092204.exe (Backdoor.Bot.H) -> Quarantined and deleted successfully.
D:\WINDOWS\Installer\{156cc7ff-8a28-25e2-b67c-d02b1d0250a9}\n (Trojan.Agent.BVXGen) -> Quarantined and deleted successfully.
D:\WINDOWS\Installer\{156cc7ff-8a28-25e2-b67c-d02b1d0250a9}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
D:\WINDOWS\assembly\GAC\Desktop.ini (Trojan.0access) -> Quarantined and deleted successfully.

(end)

combofix log

ComboFix 12-07-21.01 - Sabre2th 22/07/2012   3:07.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.44.1033.18.2045.1352 [GMT 1:00]
Running from: d:\documents and settings\Sabre2th\Desktop\Virus hunting\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\documents and settings\All Users\Application Data\TEMP
d:\documents and settings\Sabre2th\Application Data\trzF8.tmp
d:\documents and settings\Sabre2th\WINDOWS
D:\Install.exe
d:\program files\INSTALL.LOG
d:\windows\EventSystem.log
d:\windows\system32\c_8755.nls
d:\windows\system32\ctypee.nls
d:\windows\system32\dllcache\dlimport.exe
d:\windows\system32\localle.nls
d:\windows\system32\unicodee.nls
d:\windows\system32\unicoode.nls
.
.
(((((((((((((((((((((((((   Files Created from 2012-06-22 to 2012-07-22  )))))))))))))))))))))))))))))))
.
.
2012-07-18 18:01 . 2012-07-18 18:01 --------    d-----w-    D:\TDSSKiller_Quarantine
2012-07-16 01:08 . 2012-07-16 17:52 --------    d-----w-    d:\program files\Bullfrog
2012-07-16 00:39 . 2012-07-21 10:38 --------    d-----w-    d:\documents and settings\Sabre2th\Application Data\xsecva
2012-07-13 23:40 . 2012-07-13 23:40 --------    d-----w-    d:\program files\AGEIA Technologies
2012-07-13 23:40 . 2012-07-13 23:40 --------    d-----w-    d:\windows\system32\AGEIA
2012-07-13 23:38 . 2012-07-13 23:38 --------    d-----w-    d:\program files\Common Files\Wise Installation Wizard
2012-07-13 23:38 . 2012-07-13 23:38 --------    d-----w-    d:\program files\OpenAL
2012-07-09 14:10 . 2012-07-09 14:10 242240  ----a-w-    d:\windows\system32\drivers\dtsoftbus01.sys
2012-07-09 14:06 . 2012-07-09 14:10 --------    d-----w-    d:\program files\DAEMON Tools Lite
2012-07-09 13:49 . 2012-07-09 13:49 279712  ----a-w-    d:\windows\system32\drivers\atksgt.sys
2012-07-09 13:49 . 2012-07-09 13:49 25888   ----a-w-    d:\windows\system32\drivers\lirsgt.sys
2012-07-09 13:47 . 2005-01-28 12:44 819200  ----a-w-    d:\program files\Windows Media Player\wmsetsdk.exe
2012-07-09 13:47 . 2005-01-28 12:44 47616   ----a-w-    d:\program files\Windows Media Player\msoobci.dll
2012-07-09 13:22 . 2012-07-09 13:22 --------    d-----w-    d:\program files\EGOSOFT
2012-07-02 10:40 . 2012-07-02 10:40 --------    d-----w-    d:\program files\LogMeIn Hamachi
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 23:38 . 2011-08-24 20:33 413696  ----a-w-    d:\windows\system32\wrap_oal.dll
2012-07-13 23:38 . 2011-08-24 20:33 110592  ----a-w-    d:\windows\system32\OpenAL32.dll
2012-07-11 20:31 . 2012-03-31 13:15 426184  ----a-w-    d:\windows\system32\FlashPlayerApp.exe
2012-07-11 20:31 . 2011-07-08 10:15 70344   ----a-w-    d:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-09 14:10 . 2011-09-18 11:48 24944   ----a-w-    d:\windows\system32\drivers\GVTDrv.sys
2012-07-09 14:09 . 2011-09-18 11:45 17488   ----a-w-    d:\windows\gdrv.sys
2012-07-03 16:21 . 2011-07-14 16:45 54232   ----a-w-    d:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2011-07-14 16:45 353688  ----a-w-    d:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2011-07-14 16:45 21256   ----a-w-    d:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2011-07-14 16:45 721000  ----a-w-    d:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2011-07-14 16:45 35928   ----a-w-    d:\windows\system32\drivers\aswRdr.sys
2012-07-03 16:21 . 2011-07-14 16:45 97608   ----a-w-    d:\windows\system32\drivers\aswmon2.sys
2012-07-03 16:21 . 2011-07-14 16:45 89624   ----a-w-    d:\windows\system32\drivers\aswmon.sys
2012-07-03 16:21 . 2011-07-14 16:45 25256   ----a-w-    d:\windows\system32\drivers\aavmker4.sys
2012-07-03 16:21 . 2011-07-14 16:45 41224   ----a-w-    d:\windows\avastSS.scr
2012-07-03 16:21 . 2011-07-14 16:45 227648  ----a-w-    d:\windows\system32\aswBoot.exe
2012-07-03 12:46 . 2011-07-08 10:25 22344   ----a-w-    d:\windows\system32\drivers\mbam.sys
2012-06-13 13:19 . 2004-08-04 12:00 1866112 ----a-w-    d:\windows\system32\win32k.sys
2012-06-05 15:50 . 2011-07-08 12:15 1372672 ------w-    d:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 12:00 1172480 ----a-w-    d:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 12:00 152576  ----a-w-    d:\windows\system32\schannel.dll
2012-06-02 14:19 . 2009-08-06 18:24 22040   ----a-w-    d:\windows\system32\wucltui.dll.mui
2012-06-02 14:19 . 2011-07-08 05:58 329240  ----a-w-    d:\windows\system32\wucltui.dll
2012-06-02 14:19 . 2011-07-08 05:58 210968  ----a-w-    d:\windows\system32\wuweb.dll
2012-06-02 14:19 . 2011-07-08 05:57 219160  ----a-w-    d:\windows\system32\wuaucpl.cpl
2012-06-02 14:19 . 2009-08-06 18:24 15384   ----a-w-    d:\windows\system32\wuaucpl.cpl.mui
2012-06-02 14:19 . 2011-07-08 05:57 53784   ----a-w-    d:\windows\system32\wuauclt.exe
2012-06-02 14:19 . 2011-07-08 05:57 35864   ----a-w-    d:\windows\system32\wups.dll
2012-06-02 14:19 . 2009-08-06 18:24 45080   ----a-w-    d:\windows\system32\wups2.dll
2012-06-02 14:19 . 2009-08-06 18:24 15384   ----a-w-    d:\windows\system32\wuapi.dll.mui
2012-06-02 14:19 . 2004-08-04 12:00 97304   ----a-w-    d:\windows\system32\cdm.dll
2012-06-02 14:19 . 2009-08-06 18:24 17944   ----a-w-    d:\windows\system32\wuaueng.dll.mui
2012-06-02 14:19 . 2011-07-08 05:57 577048  ----a-w-    d:\windows\system32\wuapi.dll
2012-06-02 14:19 . 2011-07-08 05:57 1933848 ----a-w-    d:\windows\system32\wuaueng.dll
2012-06-02 14:18 . 2011-12-23 05:09 275696  ----a-w-    d:\windows\system32\mucltui.dll
2012-06-02 14:18 . 2011-12-23 05:09 214256  ----a-w-    d:\windows\system32\muweb.dll
2012-06-02 14:18 . 2011-12-23 05:09 17136   ----a-w-    d:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-04 12:00 599040  ----a-w-    d:\windows\system32\crypt32.dll
2012-05-27 20:35 . 2012-05-20 16:12 43520   ----a-w-    d:\windows\system32\CmdLineExt03.dll
2012-05-16 15:08 . 2004-08-04 12:00 916992  ----a-w-    d:\windows\system32\wininet.dll
2012-05-11 14:42 . 2009-03-08 03:34 43520   ------w-    d:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-04 12:00 1469440 ----a-w-    d:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2009-03-08 03:35 385024  ------w-    d:\windows\system32\html.iec
2012-05-10 23:19 . 2011-09-18 11:50 17488   ----a-w-    d:\windows\etdrv.sys
2012-05-04 13:16 . 2004-08-04 12:00 2148352 ----a-w-    d:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-04 05:59 2026496 ----a-w-    d:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2011-07-08 05:56 139656  ----a-w-    d:\windows\system32\drivers\rdpwd.sys
2012-07-18 23:45 . 2011-07-08 10:23 136672  ----a-w-    d:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\spoolsv.exe
.
d:\windows\System32\spoolsv.exe ... is missing !!
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21    121528  ----a-w-    d:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="d:\documents and settings\Sabre2th\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2012-06-06 932528]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="d:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"avast"="d:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"amd_dc_opt"="d:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 98304]
"LogMeIn Hamachi Ui"="d:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0aswBoot.exe /M:10e9687168042
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   schannel.dll, digest.dll
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^PacketiX VPN Client Task Tray.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\PacketiX VPN Client Task Tray.lnk
backup=d:\windows\pss\PacketiX VPN Client Task Tray.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
d:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37    843712  ----a-w-    d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-04-17 15:19    3671872 ----a-w-    d:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-03 15:27    136176  ----atw-    d:\documents and settings\Sabre2th\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-17 06:15    81920   ----a-w-    d:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-06-27 11:29    1996200 ----a-w-    d:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2011-04-14 05:36    20053608    ----a-w-    d:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 09:27    17351304    ----a-r-    d:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2012-06-06 14:40    9478320 ----a-w-    d:\documents and settings\Sabre2th\Application Data\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-29 06:04    1242448 ----a-w-    d:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AppleChargerSrv"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 AppleCharger;AppleCharger;d:\windows\system32\drivers\AppleCharger.sys [09/07/2011 14:22 19496]
R1 aswSnx;aswSnx;d:\windows\system32\drivers\aswSnx.sys [14/07/2011 17:45 721000]
R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [14/07/2011 17:45 353688]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;d:\windows\system32\drivers\cmdGuard.sys [30/06/2011 09:38 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;d:\windows\system32\drivers\cmdhlp.sys [30/06/2011 09:38 31704]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;d:\windows\system32\drivers\dtsoftbus01.sys [09/07/2012 15:10 242240]
R2 Apache2.2;Apache2.2;d:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [09/09/2011 11:26 20549]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [14/07/2011 17:45 21256]
R2 cpuz135;cpuz135;d:\windows\system32\drivers\cpuz135_x32.sys [08/07/2011 11:17 21992]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\program files\LogMeIn Hamachi\hamachi-2.exe [27/06/2012 12:29 1385896]
R2 TunngleService;TunngleService;d:\program files\Tunngle\TnglCtrl.exe [06/09/2011 15:48 741224]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;d:\windows\system32\drivers\AtihdXP3.sys [22/11/2011 18:21 100368]
R3 usbfilter;AMD USB Filter Driver;d:\windows\system32\drivers\usbfilter.sys [22/11/2011 18:43 30392]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [31/03/2012 14:15 250056]
S3 ALSysIO;ALSysIO;\??\d:\docume~1\Sabre2th\LOCALS~1\Temp\ALSysIO.sys --> d:\docume~1\Sabre2th\LOCALS~1\Temp\ALSysIO.sys [?]
S3 Ambfilt;Ambfilt;d:\windows\system32\drivers\Ambfilt.sys [08/07/2011 11:09 1691480]
S3 AODDriver;AODDriver;d:\program files\GIGABYTE\ET6\i386\AODDriver.sys [12/03/2010 05:35 36864]
S3 etdrv;etdrv;d:\windows\etdrv.sys [18/09/2011 12:50 17488]
S3 GVTDrv;GVTDrv;d:\windows\system32\drivers\GVTDrv.sys [18/09/2011 12:48 24944]
S3 MozillaMaintenance;Mozilla Maintenance Service;d:\program files\Mozilla Maintenance Service\maintenanceservice.exe [25/04/2012 09:55 113120]
S3 Neo_VPN;VPN Client Device Driver - VPN;d:\windows\system32\drivers\Neo_0029.sys [07/09/2011 15:58 22000]
S4 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-22 d:\windows\Tasks\Adobe Flash Player Updater.job
- d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 20:31]
.
2012-07-22 d:\windows\Tasks\avast! Emergency Update.job
- d:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-16 16:21]
.
2012-07-21 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-287218729-839522115-1003Core.job
- d:\documents and settings\Sabre2th\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-03 15:27]
.
2012-07-22 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-287218729-839522115-1003UA.job
- d:\documents and settings\Sabre2th\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-03 15:27]
.
2012-03-27 d:\windows\Tasks\prismShakeIcon.job
- d:\program files\NCH Software\Prism\prism.exe [2012-02-28 14:23]
.
2012-04-08 d:\windows\Tasks\switchShakeIcon.job
- d:\program files\NCH Software\Switch\switch.exe [2011-10-24 20:27]
.
.
------- Supplementary Scan -------
.
uStart Page = my.daemon-search.com
uInternet Connection Wizard,ShellNext = "d:\program files\Outlook Express\msimn.exe" //mailurl:mailto:community@ageofempiresonline.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - d:\documents and settings\Sabre2th\Application Data\Mozilla\Firefox\Profiles\rdvvc98g.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
.
.
------- File Associations -------
.
.txt=Notepad++_file
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-BattlEye A2 Free - d:\program files\steam\steamapps\common\arma 2 freeBattlEye\UnInstallBE.exe
AddRemove-Flashpoint - c:\program files\Codemasters\UnInstall.exe
AddRemove-Pharaoh - d:\sierra\Pharaoh\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-22 03:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
.
D:\avast! sandbox
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\07\00\0a\17\03\19?"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(876)
d:\windows\system32\Ati2evxx.dll
d:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3444)
d:\windows\system32\WININET.dll
d:\windows\system32\msi.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\mshtml.dll
d:\windows\system32\msls31.dll
d:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\Ati2evxx.exe
d:\program files\COMODO\COMODO Internet Security\cmdagent.exe
d:\windows\system32\Ati2evxx.exe
d:\program files\AVAST Software\Avast\AvastSvc.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Common Files\Motive\McciCMService.exe
d:\windows\system32\wdfmgr.exe
d:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
d:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2012-07-22  03:26:32 - machine was rebooted
ComboFix-quarantined-files.txt  2012-07-22 02:26
.
Pre-Run: 16,280,756,224 bytes free
Post-Run: 16,705,409,024 bytes free
.
- - End Of File - - DCD8427EC2A0E3D540CBDE57CF6B6325

otl

OTL logfile created on: 22/07/2012 03:32:15 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = D:\Documents and Settings\Sabre2th\Desktop\Virus hunting
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.40% Memory free
3.85 Gb Paging File | 3.28 Gb Available in Paging File | 85.18% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\windows | %ProgramFiles% = D:\Program Files
Drive D: | 149.04 Gb Total Space | 15.43 Gb Free Space | 10.36% Space Free | Partition Type: NTFS
Drive F: | 495.48 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SUFFICIENT | User Name: Sabre2th | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/07/19 15:09:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Sabre2th\Desktop\Virus hunting\OTL.exe
PRC - [2012/07/19 00:45:25 | 000,913,888 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/03 17:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 17:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/06/27 12:29:26 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/06/27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2012/06/06 15:40:50 | 000,932,528 | ---- | M] () -- D:\Documents and Settings\Sabre2th\Application Data\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/03/11 22:13:21 | 001,983,232 | ---- | M] (COMODO) -- D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012/03/11 22:13:00 | 006,749,512 | ---- | M] (COMODO) -- D:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/08/09 22:04:38 | 000,741,224 | ---- | M] (Tunngle.net GmbH) -- D:\Program Files\Tunngle\TnglCtrl.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/07/21 20:53:03 | 001,787,392 | ---- | M] () -- D:\Program Files\AVAST Software\Avast\defs\12072101\algo.dll
MOD - [2012/07/21 11:26:32 | 001,787,392 | ---- | M] () -- D:\Program Files\AVAST Software\Avast\defs\12072100\algo.dll
MOD - [2012/07/19 00:45:22 | 002,003,424 | ---- | M] () -- D:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/07/11 21:31:10 | 009,465,032 | ---- | M] () -- D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012/06/15 17:32:36 | 011,817,472 | ---- | M] () -- D:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/15 15:03:48 | 012,433,920 | ---- | M] () -- D:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/15 15:03:38 | 001,592,320 | ---- | M] () -- D:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/15 04:37:57 | 000,303,104 | ---- | M] () -- D:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/06/06 15:40:50 | 000,932,528 | ---- | M] () -- D:\Documents and Settings\Sabre2th\Application Data\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/05/14 11:37:11 | 000,971,264 | ---- | M] () -- D:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/14 11:36:07 | 000,025,600 | ---- | M] () -- D:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/14 04:59:07 | 005,450,752 | ---- | M] () -- D:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/14 04:57:42 | 007,953,408 | ---- | M] () -- D:\windows\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/14 04:57:30 | 011,492,352 | ---- | M] () -- D:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/02/14 21:45:52 | 000,270,336 | ---- | M] () -- d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012/01/08 14:41:12 | 000,093,696 | ---- | M] () -- D:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/05/31 17:07:34 | 001,852,759 | ---- | M] () -- D:\Program Files\Tunngle\libeay32.dll
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- D:\Program Files\WinRAR\RarExt.dll
MOD - [2010/03/16 11:22:12 | 000,014,848 | ---- | M] () -- d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - File not found [Auto | Stopped] -- D:\windows\system32\spoolsv.exe -- (Spooler)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/19 00:45:24 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/11 21:31:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 17:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/06/27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/04/20 15:16:34 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- D:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/03/11 22:13:21 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/08/09 22:04:38 | 000,741,224 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- D:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [Disabled | Stopped] -- D:\WINDOWS\system32\AppleChargerSrv.exe -- (AppleChargerSrv)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Unknown] -- D:\DOCUME~1\Sabre2th\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- D:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\DOCUME~1\Sabre2th\LOCALS~1\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2012/07/09 15:10:30 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\GVTDrv.sys -- (GVTDrv)
DRV - [2012/07/09 15:10:29 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/07/09 15:09:43 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2012/07/09 14:49:25 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2012/07/09 14:49:25 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2012/07/03 17:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- D:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 17:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- D:\windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 17:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- D:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 17:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- D:\windows\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/07/03 17:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- D:\windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/07/03 17:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- D:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 17:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- D:\windows\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/05/11 00:19:30 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\etdrv.sys -- (etdrv)
DRV - [2012/03/25 21:47:57 | 000,100,368 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2012/03/25 21:47:34 | 007,585,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2012/03/11 22:13:46 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012/03/11 22:13:45 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/03/11 22:13:44 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- D:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/09/07 15:58:57 | 000,022,000 | ---- | M] (SoftEther Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\Neo_0029.sys -- (Neo_VPN)
DRV - [2011/05/26 16:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- D:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 16:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- D:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/05/10 11:24:24 | 006,406,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011/01/14 08:06:40 | 000,277,352 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/11/09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/04/27 11:56:44 | 000,019,496 | ---- | M] () [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\AppleCharger.sys -- (AppleCharger)
DRV - [2010/03/12 05:35:48 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- D:\Program Files\GIGABYTE\ET6\i386\AODDriver.sys -- (AODDriver)
DRV - [2009/12/22 03:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/11/18 00:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 00:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007/06/29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/04/16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)


[color=#E56717]========== Standard Registry (All) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-299502267-287218729-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\windows\system32\blank.htm
IE - HKU\S-1-5-21-299502267-287218729-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-299502267-287218729-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-299502267-287218729-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKU\S-1-5-21-299502267-287218729-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-299502267-287218729-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 4B 87 08 6B 3D CC 01  [binary data]
IE - HKU\S-1-5-21-299502267-287218729-839522115-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-299502267-287218729-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-299502267-287218729-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-299502267-287218729-839522115-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-299502267-287218729-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: D:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: D:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: D:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: D:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Documents and Settings\Sabre2th\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Documents and Settings\Sabre2th\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: D:\Documents and Settings\Sabre2th\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: D:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/07/15 15:25:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: D:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/16 01:54:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: D:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/09 02:49:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: D:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012/03/08 14:17:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012/07/19 00:45:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012/04/11 16:14:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{3A056AA9-CEDF-11E1-8270-B8AC6F996F26}: D:\Documents and Settings\Sabre2th\Local Settings\Application Data\{3A056AA9-CEDF-11E1-8270-B8AC6F996F26}\

[2011/07/08 11:23:10 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Sabre2th\Application Data\Mozilla\Extensions
[2012/07/15 23:45:43 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Sabre2th\Application Data\Mozilla\Firefox\Profiles\rdvvc98g.default\extensions
[2012/06/09 18:29:45 | 000,000,000 | ---D | M] (Ant Video Downloader) -- D:\Documents and Settings\Sabre2th\Application Data\Mozilla\Firefox\Profiles\rdvvc98g.default\extensions\anttoolbar@ant.com
[2011/07/11 11:07:43 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- D:\Documents and Settings\Sabre2th\Application Data\Mozilla\Firefox\Profiles\rdvvc98g.default\extensions\DTToolbar@toolbarnet.com
[2011/07/11 11:07:33 | 000,002,055 | ---- | M] () -- D:\Documents and Settings\Sabre2th\Application Data\Mozilla\Firefox\Profiles\rdvvc98g.default\searchplugins\daemon-search.xml
[2012/03/18 12:32:17 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
[2011/11/07 20:43:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- D:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/19 00:45:27 | 000,000,000 | ---D | M] (Default) -- D:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/06/04 00:38:20 | 000,030,312 | ---- | M] () (No name found) -- D:\DOCUMENTS AND SETTINGS\SABRE2TH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RDVVC98G.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
[2012/02/09 02:49:38 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- D:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/07/19 00:45:26 | 000,136,672 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/04 06:53:56 | 000,182,160 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2012/01/08 16:34:21 | 000,001,394 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2012/01/08 16:34:21 | 000,002,252 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/08 16:34:21 | 000,001,131 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2012/07/19 00:45:18 | 000,003,368 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\google.xml
[2012/01/08 16:34:21 | 000,002,040 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/01/08 16:34:21 | 000,001,178 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2012/01/08 16:34:21 | 000,001,096 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yahoo.xml

[color=#E56717]========== Chrome  ==========[/color]

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = D:\Documents and Settings\Sabre2th\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = D:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = D:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = D:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = D:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = D:\Documents and Settings\Sabre2th\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = D:\Documents and Settings\Sabre2th\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = D:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = D:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = D:\Documents and Settings\Sabre2th\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = D:\Documents and Settings\Sabre2th\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = D:\Documents and Settings\Sabre2th\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = D:\Documents and Settings\Sabre2th\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = D:\Documents and Settings\Sabre2th\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: avast! WebRep = D:\Documents and Settings\Sabre2th\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Skype Click to Call = D:\Documents and Settings\Sabre2th\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = D:\Documents and Settings\Sabre2th\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = D:\Documents and Settings\Sabre2th\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/22 03:18:18 | 000,000,027 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - d:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-299502267-287218729-839522115-1003\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-299502267-287218729-839522115-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [amd_dc_opt] D:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avast] D:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Internet Security] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-299502267-287218729-839522115-1003..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-299502267-287218729-839522115-1003..\Run: [Spotify Web Helper] D:\Documents and Settings\Sabre2th\Application Data\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [_nltide_3] D:\windows\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [_nltide_3] D:\windows\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-21-299502267-287218729-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-299502267-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-299502267-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-299502267-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-299502267-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-299502267-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-299502267-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-299502267-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-21-299502267-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-299502267-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - D:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-299502267-287218729-839522115-1003\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-299502267-287218729-839522115-1003\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-299502267-287218729-839522115-1003\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-299502267-287218729-839522115-1003\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{266B92E4-CBA0-4A26-8F67-9E464D0AFE3C}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - D:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96

Sabre2th 0 Newbie Poster · Answer 7 · 2012-07-22T12:48:58+00:00

gerbil, as far as symptoms at present go, there are no more rogue iexplorer processes and the system seems a lot more stable.

gerbil 216 Industrious Poster · Answer 8 · 2012-07-23T06:20:06+00:00

Use this codebox instead for the OTL fix - I added 3 more files/folders to be removed.

:OTL
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
DRV - File not found [Kernel | On_Demand | Unknown] -- D:\DOCUME~1\Sabre2th\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\DOCUME~1\Sabre2th\LOCALS~1\Temp\ALSysIO.sys -- (ALSysIO)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-299502267-287218729-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-299502267-287218729-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-299502267-287218729-839522115-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{3A056AA9-CEDF-11E1-8270-B8AC6F996F26}: D:\Documents and Settings\Sabre2th\Local Settings\Application Data\{3A056AA9-CEDF-11E1-8270-B8AC6F996F26}\
O18 - Protocol\Handler\msdaipp - No CLSID value found
:Files
d:\documents and settings\sabre2th\local settings\application data\{3A05A615-CEDF-11E1-8270-B8AC6F996F26}
d:\documents and settings\sabre2th\local settings\application data\{3A056AA9-CEDF-11E1-8270-B8AC6F996F26}
d:\documents and settings\sabre2th\application data\mdgfi.dll
d:\windows\System32\spoolsv.exe|d:\windows\ServicePackFiles\i386\spoolsv.exe /replace
:cleanup
GMER
TDSSKiller
:Commands
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]

Sabre2th 0 Newbie Poster · Answer 9 · 2012-07-23T12:47:48+00:00

Don't worry about the missing spoolsv.exe as I didn't include it when I installed XP. I don't print from this machine.

rkill is deleted
combofix successfully uninstalled

OTL log

All processes killed
========== OTL ==========
Service wuauserv stopped successfully!
Service wuauserv deleted successfully!
File C:\WINDOWS\system32\wuauserv.dll not found.
Error: No service named mbr was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mbr deleted successfully.
File D:\DOCUME~1\Sabre2th\LOCALS~1\Temp\mbr.sys not found.
Service ALSysIO stopped successfully!
Service ALSysIO deleted successfully!
File D:\DOCUME~1\Sabre2th\LOCALS~1\Temp\ALSysIO.sys not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\S-1-5-21-299502267-287218729-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-299502267-287218729-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-299502267-287218729-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{3A056AA9-CEDF-11E1-8270-B8AC6F996F26}: D:\Documents and Settings\Sabre2th\Local Settings\Application Data\{3A056AA9-CEDF-11E1-8270-B8AC6F996F26} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
File PTYTEMP] not found.
File PTYFLASH] not found.
File PTYJAVA] not found.

OTL by OldTimer - Version 3.2.54.0 log created on 07232012_130233

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

gerbil 216 Industrious Poster · Answer 10 · 2012-07-24T01:27:41+00:00

Hmmm, that didn't go fully well...and I don't know why I put in a Combofix service to remove, late nights, I guess.. :), no harm. But this is quite wrong:
File PTYTEMP] not found.
File PTYFLASH] not found.
File PTYJAVA] not found. - It appears that the first 3 characters of each line were missed when you pasted? No problem, no need to rerun the tool.

You are going to have to find a copy of this file on your sys: C:\WINDOWS\system32\wuauserv.dll - perhaps in ServicePackFiles\i386, or Software Distribution, or on an installation cd, or just download it, and copy it over to system32.
Then in a cmd window run this [press Enter each time it waits]:
regsvr32 wuapi.dll wuaueng.dll wups.dll wups2.dll wuwebv.dll wucltux.dll
If that does not restart the update service then I offer this set of commands [you could make a .cmd file of them in Notepad, and run by dclick]:

net stop bits
regsvr32 /u wuaueng.dll /s
regsvr32 wuaueng.dll /s
net start bits
net start wuauserv
wuauclt.exe /resetauthorization /detectnow

And if that doesn't work, then there is the whole hog here: http://support.microsoft.com/kb/971058/en-us
Say how it all goes.

Sabre2th 0 Newbie Poster · Answer 11 · 2012-07-24T15:07:29+00:00

Might it be the 4 space gap at the beginning of every line that seems to be inserted when I copy from that <ol> or 'code' block that messes with OTL? I have just noticed this...

Seems I already had wuauserv.dll in system32 but replaced anyway.
After running first method all except last succeeded, returning this error:

LoadLibrary("wuwebv.dll") failed - The specified module could not be found

So I downloaded wuwebv.dll also into system32, rerun the command which returned the same error.

Running as .cmd file had mixed results. The first instance returned an error when starting wuauserv saying something like 'wrong name' however the first 2 commands involving wuaueng completed successfully.

Eventually this was the result:

D:\Documents and Settings\Sabre2th\Desktop\Virus hunting>net stop bits
The Background Intelligent Transfer Service service is stopping.
The Background Intelligent Transfer Service service was stopped successfully.


D:\Documents and Settings\Sabre2th\Desktop\Virus hunting>regsvr32 /u wuaueng.dll /s

D:\Documents and Settings\Sabre2th\Desktop\Virus hunting>regsvr32 wuaueng.dll /s

D:\Documents and Settings\Sabre2th\Desktop\Virus hunting>net start bits
The Background Intelligent Transfer Service service is starting.
The Background Intelligent Transfer Service service was started successfully.


D:\Documents and Settings\Sabre2th\Desktop\Virus hunting>net start wuauserv
The Automatic Updates service is starting.
The Automatic Updates service was started successfully.


D:\Documents and Settings\Sabre2th\Desktop\Virus hunting>wuauclt.exe /resetauthorization /detectnow

D:\Documents and Settings\Sabre2th\Desktop\Virus hunting>pause
Press any key to continue . . .

I have 5 svchost processes running. Is this normal?

gerbil 216 Industrious Poster · Answer 12 · 2012-07-25T02:15:38+00:00

I made a slip in that list of registration files. I gave you wuwebv.dll, which is for Vista. It should be wuweb.dll for XP. You should have the latter in system32, delete wuwebv.dll, and run:
regsvr32 wuapi.dll wuaueng.dll wups.dll wups2.dll wuweb.dll wucltux.dll
Sigh.
Try checking for updates manually. There is always one to download...
Svchost instances... yes you can have several running. My sys has 8 just now. Each Svchost holds a group of service libraries that together form a single process which performs some task, say net services. I think.

Sabre2th 0 Newbie Poster · Answer 13 · 2012-07-25T15:30:24+00:00

This time it was wucltux.dll that failed with the same "The specified module could not be found" error.

Ok so I went to http://support.microsoft.com/kb/971058/en-us and used the downloadable autofixer which fixed 2 unspecified items.

There were updates for me to install. One might be relevant and the other was for VB 2010 which failed to install.

I see Auto Updates service is active and set to automatic start in services.msc, the system is stable with no apparent signs of malware and if manual updating is the worst I get out of this I will still be happy.

I really appreciate the time you have given to help me in this dilemma; it is a godsend that there is support for these issues available for free.

gerbil 216 Industrious Poster · Answer 14 · 2012-07-26T01:18:38+00:00

regsvr32 wucltui.dll was one I confused with wucltux.dll. Some vista stuff crept into my fix, but no matter. Just another reason to loathe vista... That auto-fix from M$ that you ran covers it [it includes all the terms for xp, vista and W7].
I only let Windows notify me of the available updates, I like to choose what I feel is relevant.
After a virus, sometimes near enough is as good as you can hope for after it is killed. Tracking some minor changes can be exhausting, and unfulfilling.
Cheers.