[A] Malwarebytes blocking outgoing/incoming to same ip

Inactive
By gBarrett
Jun 13, 2012
Topic Status:
Not open for further replies.
  1. Every 3-10 minutes Malwarebytes blocks an outgoing/incoming request, always the same ip.

    2012/06/13 09:46:16 -0700 EXPERIENCE Gregory IP-BLOCK 213.155.21.224 (Type: incoming)
    2012/06/13 16:06:21 -0700 EXPERIENCE Gregory IP-BLOCK 213.155.21.224 (Type: outgoing)

    mbam-log-2012-06-13 (10-38-05).txt

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.13.05

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 7.0.5730.11
    Gregory :: EXPERIENCE [administrator]

    Protection: Enabled

    6/13/2012 10:38:05 AM
    mbam-log-2012-06-13 (10-38-05).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 259464
    Time elapsed: 6 minute(s), 19 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    gmer.log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-06-13 10:49:33
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST3160023A rev.8.01
    Running: jpcegxmw.exe; Driver: C:\DOCUME~1\Gregory\LOCALS~1\Temp\pglyyaow.sys


    ---- System - GMER 1.0.15 ----

    Code F7A5EC9C ZwRequestPort
    Code F7A5ED3C ZwRequestWaitReplyPort
    Code F7A5EBFC ZwTraceEvent
    Code F7A5EC9B NtRequestPort
    Code F7A5ED3B NtRequestWaitReplyPort
    Code F7A5EBFB NtTraceEvent

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)

    ---- EOF - GMER 1.0.15 ----

    DDS.txt
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_31
    Run by Gregory at 13:21:07 on 2012-06-13
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1426 [GMT -7:00]
    .
    AV: G Data AntiVirus 2010 *Disabled/Outdated* {71310606-6F3B-49F2-9A81-8315AA75FBB3}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Program Files\Sandboxie\SbieSvc.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\netdde.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    svchost.exe
    C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Micro Niche Finder\srvany.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Micro Niche Finder\bggoogle.exe
    C:\WINDOWS\system32\HPZipm12.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
    C:\WINDOWS\system32\vmnat.exe
    C:\WINDOWS\system32\vmnetdhcp.exe
    C:\Program Files\VMware\VMware Player\vmware-authd.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\EVGA Precision\EVGAPrecision.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\AutoSizer\AutoSizer.exe
    C:\Program Files\Sandboxie\SbieCtrl.exe
    D:\Program Files\Steam\steam.exe
    C:\Documents and Settings\Gregory\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\Stickies\stickies.exe
    C:\Program Files\WallpaperToy\Wallpapertoy.Exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\PROGRAM FILES\GOOGLE\GMAIL NOTIFIER\GNOTIFY.EXE
    C:\WINDOWS\system32\RunDLL32.exe
    C:\PROGRAM FILES\ELABORATE BYTES\VIRTUALCLONEDRIVE\VCDDAEMON.EXE
    C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LIGHTSCRIBECONTROLPANEL.EXE
    C:\Program Files\Skype\Phone\Skype.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
    TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
    uRun: [AutoSizer] "c:\program files\autosizer\AutoSizer.exe"
    uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
    uRun: [Steam] "d:\program files\steam\steam.exe" -silent
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
    mRun: [WinPatrol] c:\program files\billp studios\winpatrol\WinPatrol.exe -expressboot
    mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [Nuance.ctfmngr] c:\program files\nuance\naturallyspeaking10\program\ctfmngr.exe /restore
    mRun: [EVGAPrecision] "c:\program files\evga precision\EVGAPrecision.exe" /s
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\gregory\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\gregory\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\gregory\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe
    StartupFolder: c:\docume~1\gregory\startm~1\programs\startup\wallpa~1.lnk - c:\program files\wallpapertoy\Wallpapertoy.Exe
    IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\msi\star key bluetooth software\btsendto_ie.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {0483894E-2422-45E0-8384-021AFF1AF3CD} - {0483894E-2422-45E0-8384-021AFF1AF3CD} - c:\program files\imacros\imacros.dll
    IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    LSP: %SystemRoot%\system32\vsocklib.dll
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
    DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268200405812
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268200521750
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: Interfaces\{2340376E-95A1-4AC8-B4C8-4381226E9DA3} : NameServer = 8.8.8.8,66.93.87.2,8.8.4.4,216.231.41.2
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\gregory\application data\mozilla\firefox\profiles\rm88ypaz.bigg\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama&hl=en
    FF - plugin: c:\documents and settings\gregory\local settings\application data\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\documents and settings\gregory\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
    FF - plugin: c:\program files\nos\bin\np_gp.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [2011-8-8 98928]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
    R1 MpKsl97a76a65;MpKsl97a76a65;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5f5d7587-76ee-45ab-8045-76562f0078fa}\MpKsl97a76a65.sys [2012-6-13 29904]
    R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2010-1-23 158512]
    R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2010-1-23 91440]
    R1 vcdrom;Virtual CD-ROM Device Driver;c:\installers\winxpvirtualcdcontrolpanel_21\VCdRom.sys [2009-3-3 8576]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-1-10 10448]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-7 654408]
    R2 Micro Niche Finder Background Download Service;Micro Niche Finder Background Download Service;c:\program files\micro niche finder\srvany.exe [2010-2-3 8192]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2012-1-3 2253120]
    R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2011-8-29 665200]
    R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2007-8-31 384896]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2010-8-24 40912]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-8-24 10448]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-7 22344]
    R3 RTCore32;RTCore32;c:\program files\evga precision\RTCore32.sys [2011-9-6 5632]
    R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-10-12 131344]
    R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2011-12-19 116016]
    S0 AmdAcpi;AmdAcpi Bus Filter Driver;c:\windows\system32\drivers\amdacpi.sys --> c:\windows\system32\drivers\AmdAcpi.sys [?]
    S1 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\amdtools.sys --> c:\windows\system32\drivers\amdtools.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]
    S3 123rootrepeal;123rootrepeal;c:\windows\system32\drivers\123rootrepeal.sys [2010-1-21 34816]
    S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-1-21 15944]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
    S3 ruby-hello;ruby-hello;c:\wamp\ruby\bin\mongrel_service.exe [2012-1-31 47616]
    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-12-17 104752]
    S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2010-1-23 82736]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 129976]
    S4 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
    .
    =============== Created Last 30 ================
    .
    2012-06-13 17:22:53 -------- d-----r- c:\program files\Skype
    2012-06-13 16:05:46 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5f5d7587-76ee-45ab-8045-76562f0078fa}\MpKsl97a76a65.sys
    2012-06-13 10:32:32 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5f5d7587-76ee-45ab-8045-76562f0078fa}\mpengine.dll
    2012-06-09 10:47:53 98816 ----a-w- c:\windows\sed.exe
    2012-06-09 10:47:53 518144 ----a-w- c:\windows\SWREG.exe
    .
    ==================== Find3M ====================
    .
    2012-05-01 21:00:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-05-01 21:00:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    ============= FINISH: 13:22:09.32 ===============


    Attach.txt
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/18/2007 3:16:54 AM
    System Uptime: 6/13/2012 9:04:47 AM (4 hours ago)
    .
    Motherboard: ECS | | GF7050VT-M
    Processor: Intel Pentium III Xeon processor | CPU 1 | 2666/267mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 149 GiB total, 36.288 GiB free.
    D: is FIXED (NTFS) - 466 GiB total, 85.768 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is CDROM ()
    H: is CDROM ()
    I: is CDROM ()
    J: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: VirtualBox Host-Only Ethernet Adapter
    Device ID: ROOT\NET\0000
    Manufacturer: Oracle Corporation
    Name: VirtualBox Host-Only Ethernet Adapter
    PNP Device ID: ROOT\NET\0000
    Service: VBoxNetAdp
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: VMware Virtual Ethernet Adapter for VMnet1
    Device ID: ROOT\VMWARE\0000
    Manufacturer: VMware, Inc.
    Name: VMware Virtual Ethernet Adapter for VMnet1
    PNP Device ID: ROOT\VMWARE\0000
    Service: VMnetAdapter
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: VMware Virtual Ethernet Adapter for VMnet8
    Device ID: ROOT\VMWARE\0001
    Manufacturer: VMware, Inc.
    Name: VMware Virtual Ethernet Adapter for VMnet8
    PNP Device ID: ROOT\VMWARE\0001
    Service: VMnetAdapter
    .
    ==== System Restore Points ===================
    .
    RP960: 4/25/2012 10:30:49 PM - Software Distribution Service 3.0
    RP961: 4/27/2012 3:14:04 AM - System Checkpoint
    RP962: 4/27/2012 4:27:50 PM - Software Distribution Service 3.0
    RP963: 4/28/2012 4:28:03 PM - Software Distribution Service 3.0
    RP964: 4/29/2012 3:40:41 AM - Software Distribution Service 3.0
    RP965: 4/29/2012 4:27:47 PM - Software Distribution Service 3.0
    RP966: 4/30/2012 4:27:12 PM - Software Distribution Service 3.0
    RP967: 5/1/2012 1:59:26 PM - Removed Java(TM) 6 Update 24
    RP968: 5/2/2012 12:03:22 AM - Software Distribution Service 3.0
    RP969: 5/2/2012 11:59:12 PM - Software Distribution Service 3.0
    RP970: 5/4/2012 3:21:03 AM - System Checkpoint
    RP971: 5/4/2012 11:46:28 AM - Software Distribution Service 3.0
    RP972: 5/5/2012 1:58:38 PM - System Checkpoint
    RP973: 5/6/2012 4:03:29 AM - Software Distribution Service 3.0
    RP974: 5/6/2012 11:19:24 AM - Software Distribution Service 3.0
    RP975: 5/7/2012 1:08:36 PM - System Checkpoint
    RP976: 5/7/2012 11:31:15 PM - Software Distribution Service 3.0
    RP977: 5/9/2012 4:40:08 AM - System Checkpoint
    RP978: 5/9/2012 11:04:56 PM - Software Distribution Service 3.0
    RP979: 5/10/2012 11:03:32 PM - Software Distribution Service 3.0
    RP980: 5/11/2012 11:04:22 PM - Software Distribution Service 3.0
    RP981: 5/12/2012 11:03:44 PM - Software Distribution Service 3.0
    RP982: 5/14/2012 2:34:06 AM - System Checkpoint
    RP983: 5/14/2012 11:33:55 AM - Software Distribution Service 3.0
    RP984: 5/15/2012 11:25:52 AM - Removed HP Update.
    RP985: 5/15/2012 11:33:41 AM - Removed Legal Library 2005
    RP986: 5/16/2012 11:23:02 AM - Software Distribution Service 3.0
    RP987: 5/17/2012 11:23:22 AM - Software Distribution Service 3.0
    RP988: 5/18/2012 12:36:56 PM - System Checkpoint
    RP989: 5/18/2012 10:17:21 PM - Software Distribution Service 3.0
    RP990: 5/19/2012 10:17:15 PM - Software Distribution Service 3.0
    RP991: 5/20/2012 4:25:01 AM - Software Distribution Service 3.0
    RP992: 5/21/2012 4:29:15 AM - System Checkpoint
    RP993: 5/21/2012 7:31:17 PM - Software Distribution Service 3.0
    RP994: 5/22/2012 7:31:25 PM - Software Distribution Service 3.0
    RP995: 5/23/2012 7:30:52 PM - Software Distribution Service 3.0
    RP996: 5/24/2012 9:48:57 PM - System Checkpoint
    RP997: 5/25/2012 10:45:25 AM - Software Distribution Service 3.0
    RP998: 5/26/2012 10:44:38 AM - Software Distribution Service 3.0
    RP999: 5/27/2012 4:10:47 AM - Software Distribution Service 3.0
    RP1000: 5/27/2012 10:44:09 AM - Software Distribution Service 3.0
    RP1001: 5/28/2012 12:38:54 PM - System Checkpoint
    RP1002: 5/29/2012 10:06:36 AM - Software Distribution Service 3.0
    RP1003: 5/30/2012 10:05:59 AM - Software Distribution Service 3.0
    RP1004: 5/31/2012 10:05:47 AM - Software Distribution Service 3.0
    RP1005: 6/1/2012 10:06:39 AM - Software Distribution Service 3.0
    RP1006: 6/2/2012 10:06:46 AM - Software Distribution Service 3.0
    RP1007: 6/3/2012 3:58:59 AM - Software Distribution Service 3.0
    RP1008: 6/3/2012 10:05:38 AM - Software Distribution Service 3.0
    RP1009: 6/4/2012 10:05:39 AM - Software Distribution Service 3.0
    RP1010: 6/5/2012 10:11:31 AM - System Checkpoint
    RP1011: 6/6/2012 12:12:33 AM - Software Distribution Service 3.0
    RP1012: 6/7/2012 12:12:47 AM - Software Distribution Service 3.0
    RP1013: 6/8/2012 12:12:44 AM - Software Distribution Service 3.0
    RP1014: 6/9/2012 12:12:42 AM - Software Distribution Service 3.0
    RP1015: 6/10/2012 3:59:04 AM - System Checkpoint
    RP1016: 6/10/2012 4:08:03 AM - Software Distribution Service 3.0
    RP1017: 6/11/2012 7:31:01 AM - System Checkpoint
    RP1018: 6/11/2012 4:03:13 PM - Removed Skype Click to Call
    RP1019: 6/11/2012 4:04:25 PM - Removed Skype™ 5.9
    RP1020: 6/11/2012 4:20:00 PM - Software Distribution Service 3.0
    RP1021: 6/12/2012 5:59:12 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    7-Zip 4.64
    AC-3 ACM Codec
    Add or Remove Adobe Creative Suite 3 Master Collection
    Adobe Acrobat 8.3.0 - CPSID_83708
    Adobe Acrobat 8.3.0 Professional
    Adobe AIR
    Adobe Color Common Settings
    Adobe Download Manager
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Flash Player 9 ActiveX
    AnswerAnalyst
    ArcExplorer Java Edition
    Audacity 1.3.13 (Unicode)
    Autodesk 3ds Max 9 32-bit
    Autodesk DWF Viewer 7
    AutoSizer
    blubell
    Boks
    Business Contact Manager for Outlook 2007 SP2
    CCleaner
    CleanMem
    Company of Heroes
    Daily Interest Calculator v3.1
    Defraggler
    DH Driver Cleaner Professional Edition
    DivX Setup
    Dragon NaturallySpeaking 10
    DriveImage XML (Private Edition)
    Driver Sweeper 2.1.0
    Dropbox
    EPSON Scan
    eReg
    ESET Online Scanner v3
    Everything 1.2.1.371
    EVGA Precision 2.1.0
    FBX Plugin 2006.08 for Max 9.0
    FeedDemon
    FeedStation
    FFmpeg v0.6.2 for Audacity
    FileZilla Client 3.5.3
    FlashFXP v3
    foobar2000 v1.1.7
    Foxit Reader
    FreeMind
    gedit 2.30.1
    GIMP 2.4.6
    Git version 1.7.9-preview20120201
    Google Chrome
    Google Earth
    Google Gmail Notifier
    GPL Ghostscript 8.63
    GTK2-Runtime
    HashTab 3.0.0
    HD Tune Pro 5.00
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB958655-v2)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB979306)
    Huffyuv AVI lossless video codec (Remove Only)
    IDT Audio
    iMacros V6.86
    ImgBurn
    InCtrl5
    Inkscape 0.46
    InterVideo FilterSDK for Hauppauge
    Java(TM) 6 Update 31
    LAME v3.98.3 for Audacity
    LastPass (uninstall only)
    LightScribe System Software
    Logitech SetPoint 6.20
    Magic ISO Maker v5.3 (build 0216)
    MagicDisc 2.5.79
    Malwarebytes Anti-Malware version 1.61.0.1400
    Market Samurai
    Micro Niche Finder
    Micro Niche Finder 5.0
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Antimalware
    Microsoft Default Manager
    Microsoft Help Viewer 1.0
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Accounting 2007
    Microsoft Office Accounting Equifax Addin
    Microsoft Office Accounting PayPal Addin
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual Basic 2010 Express - ENU
    Microsoft Visual C# 2010 Express - ENU
    Microsoft Windows Media Video 9 VCM
    Microsoft Windows XP Video Decoder Checkup Utility
    Morgan M-JPEG codec V3
    Mozilla Firefox 12.0 (x86 en-US)
    Mozilla Maintenance Service
    MusicBrainz Picard 0.7.2
    MyDefrag v4.2.5
    nanoPEG-Editor 2.6.0 for WinTV
    Nero 6 Ultra Edition
    Notepad++
    NVIDIA Control Panel 285.58
    NVIDIA Graphics Driver 285.58
    NVIDIA Install Application
    NVIDIA nView 135.95
    NVIDIA nView Desktop Manager
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.11.0621
    NVIDIA Update 1.5.20
    NVIDIA Update Components
    oggcodecs 0.71.0946
    PDF Info 2.02
    pdfsam
    Portal 2
    Prime95
    PSPad editor
    RadLight Ogg Media DirectShow filter (remove only)
    Realtek AC'97 Audio
    REALTEK GbE & FE Ethernet PCI NIC Driver
    Revo Uninstaller 1.94
    RivaTuner v2.0 Final Release
    SABnzbd (remove only)
    Sandboxie 3.60 (32-bit)
    Scribus 1.3.3.12
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Microsoft Visual Basic 2010 Express - ENU (KB2251489)
    Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB2544521)
    Security Update for Windows Internet Explorer 7 (KB2586448)
    Security Update for Windows Internet Explorer 7 (KB2618444)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Skype™ 5.9
    Source SDK
    SpeedFan (remove only)
    Stickies 7.1a
    Stylizer
    SuperMemo
    The Action Machine
    Traffic Travis 3.1.16
    TrueCrypt
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VirtualCloneDrive
    VirusTotal Uploader 2.0
    Visual C++ Runtime for Dragon NaturallySpeaking
    VLC media player 1.0.5
    VMware Player
    Wallpaper Changer for Windows XP
    WampServer 2.2
    Web Content Studio
    Winamp (remove only)
    Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Media Format Runtime
    Windows PowerShell(TM) 1.0
    Windows XP Service Pack 3
    WinPatrol
    WinPcap 4.1.1
    WinRAR archiver
    WinSCP 4.3.2
    WinZip
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/9/2012 4:24:15 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvport
    6/9/2012 4:06:27 AM, error: PlugPlayManager [11] - The device Root\LEGACY_ROOTREPEAL\0000 disappeared from the system without first being prepared for removal.
    6/9/2012 3:50:39 AM, error: Service Control Manager [7034] - The Micro Niche Finder Background Download Service service terminated unexpectedly. It has done this 1 time(s).
    6/9/2012 3:45:20 AM, error: NetDDE [206] - Listen failed: 23: The ncb_lana_num member did not specify a valid network number.
    6/9/2012 10:40:24 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Steam Client Service service to connect.
    6/9/2012 10:40:24 PM, error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/13/2012 12:59:19 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    6/13/2012 1:36:11 AM, error: NetDDE [206] - Listen failed: 15:
    .
    ==== End Of File ===========================
  2. Broni

    Broni Malware Annihilator Posts: 45,223   +243

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================================================

    You're running two AV programs, G Data AntiVirus and MSE.
    You must uninstall one of them.

    When done....

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    ===========================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  3. gBarrett

    gBarrett Newcomer, in training Topic Starter Posts: 22

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
  4. Broni

    Broni Malware Annihilator Posts: 45,223   +243

    Go on....
  5. gBarrett

    gBarrett Newcomer, in training Topic Starter Posts: 22

    The aswMBR scan took hours to complete.

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-06-13 16:54:18
    -----------------------------
    16:54:18.359 OS Version: Windows 5.1.2600 Service Pack 3
    16:54:18.359 Number of processors: 2 586 0x1706
    16:54:18.359 ComputerName: EXPERIENCE UserName: Gregory
    16:54:23.984 Initialize success
    17:03:29.062 AVAST engine defs: 12061301
    17:03:46.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    17:03:46.859 Disk 0 Vendor: ST3160023A 8.01 Size: 152627MB BusType: 3
    17:03:46.859 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
    17:03:46.859 Disk 1 Vendor: WDC_WD5000AAKB-22UKA0 07.01N01 Size: 476940MB BusType: 3
    17:03:47.000 Disk 0 MBR read successfully
    17:03:47.000 Disk 0 MBR scan
    17:03:47.046 Disk 0 Windows XP default MBR code
    17:03:47.062 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
    17:03:47.187 Disk 0 scanning sectors +312560640
    17:03:47.406 Disk 0 scanning C:\WINDOWS\system32\drivers
    17:04:41.843 Service scanning
    17:04:55.109 Service MpKsl38a3fb9c C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F9B4D8E-DA25-478A-8CA2-81F11B87A4DC}\MpKsl38a3fb9c.sys **LOCKED** 32
    17:05:19.546 Modules scanning
    17:06:15.375 Disk 0 trace - called modules:
    17:06:15.421 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    17:06:15.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a758ab8]
    17:06:15.421 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000086[0x8a798410]
    17:06:15.421 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a7dd300]
    17:06:16.562 AVAST engine scan C:\WINDOWS
    17:06:58.109 AVAST engine scan C:\WINDOWS\system32
    17:20:01.671 AVAST engine scan C:\WINDOWS\system32\drivers
    17:21:07.062 AVAST engine scan C:\Documents and Settings\Gregory
    19:52:01.031 AVAST engine scan C:\Documents and Settings\All Users
    19:59:19.968 Scan finished successfully
    22:57:44.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Gregory\Desktop\MBR.dat"
    22:57:44.578 The log file has been saved successfully to "C:\Documents and Settings\Gregory\Desktop\aswMBR.txt"
  6. Broni

    Broni Malware Annihilator Posts: 45,223   +243

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  7. gBarrett

    gBarrett Newcomer, in training Topic Starter Posts: 22

    ComboFix 12-06-14.04 - Gregory 06/14/2012 20:59:10.12.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1508 [GMT -7:00]
    Running from: c:\documents and settings\Gregory\Desktop\ComboFix.exe
    AV: G Data AntiVirus 2010 *Disabled/Outdated* {71310606-6F3B-49F2-9A81-8315AA75FBB3}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\program files\Mozilla Maintenance Service
    c:\program files\Mozilla Maintenance Service\maintenanceservice.exe
    c:\program files\Mozilla Maintenance Service\Uninstall.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_MozillaMaintenance
    -------\Service_MozillaMaintenance
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-15 04:28 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B5CE95A1-AA80-48D0-A709-C9F2FD92BEBE}\mpengine.dll
    2012-06-13 17:22 . 2012-06-13 17:22 -------- d-----w- c:\program files\Common Files\Skype
    2012-06-13 17:22 . 2012-06-13 17:22 -------- d-----r- c:\program files\Skype
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-08 16:40 . 2011-06-30 09:23 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-05-01 21:00 . 2011-03-23 03:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-05-01 21:00 . 2008-06-10 10:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-04-04 22:56 . 2011-11-07 09:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-24 23:47 . 2011-03-22 17:42 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-06-09_11.06.34 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-06-13 17:23 . 2012-06-13 17:23 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
    - 2012-06-07 20:16 . 2012-06-07 20:16 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
    + 2012-06-13 17:23 . 2012-06-13 17:23 1648128 c:\windows\Installer\47580e.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AutoSizer"="c:\program files\AutoSizer\AutoSizer.exe" [2009-04-08 131072]
    "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-10-12 438544]
    "Steam"="d:\program files\Steam\steam.exe" [2011-12-25 1242448]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
    "WinPatrol"="c:\program files\BillP Studios\WinPatrol\WinPatrol.exe" [2010-11-04 329096]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "Nuance.ctfmngr"="c:\program files\Nuance\NaturallySpeaking10\Program\ctfmngr.exe" [2009-03-17 50536]
    "EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2011-11-22 359528]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
    "NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
    "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2011-10-08 203072]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
    .
    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    Install LastPass FF RunOnce.lnk - c:\windows\Temp\lpuninstall.exe [N/A]
    Install LastPass IE RunOnce.lnk - c:\windows\Temp\lpuninstall.exe [N/A]
    .
    c:\documents and settings\Gregory\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\Gregory\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    Stickies.lnk - c:\program files\Stickies\stickies.exe [2011-9-10 1122304]
    Wallpaper Changer.lnk - c:\program files\WallpaperToy\Wallpapertoy.Exe [2010-4-8 110592]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
    @=""
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
    "c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
    "c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
    "c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
    "c:\\Program Files\\Market Samurai\\Market Samurai.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
    "c:\\Documents and Settings\\Gregory\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\Oracle\\VirtualBox\\VirtualBox.exe"=
    "c:\\Program Files\\Notepad++\\notepad++.exe"=
    "c:\\Program Files\\PSPad editor\\PSPad.exe"=
    "c:\\Program Files\\Stickies\\stickies.exe"=
    "d:\\Program Files\\Steam\\Steam.exe"=
    "d:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicDownloader\\RelicDownloader.exe"=
    "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
    "d:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicCOH.exe"=
    "c:\\wamp\\bin\\apache\\Apache2.2.21\\bin\\httpd.exe"=
    "c:\\wamp\\ruby\\bin\\ruby.exe"=
    "c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
    "d:\\Program Files\\Steam\\steamapps\\common\\orcs must die!\\Build\\release\\OrcsMustDie.exe"=
    "c:\\Program Files\\eclipse-php\\eclipse-php.exe"=
    "d:\\Program Files\\Steam\\steamapps\\common\\portal 2\\portal2.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
    "27014:TCP"= 27014:TCP:port-range 27014
    "27015:TCP"= 27015:TCP:port-range 27015
    "27016:TCP"= 27016:TCP:port-range 27016
    "27017:TCP"= 27017:TCP:port-range 27017
    "27018:TCP"= 27018:TCP:port-range 27018
    "27019:TCP"= 27019:TCP:port-range 27019
    "27020:TCP"= 27020:TCP:port-range 27020
    "27021:TCP"= 27021:TCP:port-range 27021
    "27022:TCP"= 27022:TCP:port-range 27022
    "27023:TCP"= 27023:TCP:port-range 27023
    "27024:TCP"= 27024:TCP:port-range 27024
    "27025:TCP"= 27025:TCP:port-range 27025
    "27026:TCP"= 27026:TCP:port-range 27026
    "27027:TCP"= 27027:TCP:port-range 27027
    "27028:TCP"= 27028:TCP:port-range 27028
    "27029:TCP"= 27029:TCP:port-range 27029
    "27030:TCP"= 27030:TCP:port-range 27030
    "27031:TCP"= 27031:TCP:port-range 27031
    "27032:TCP"= 27032:TCP:port-range 27032
    "27033:TCP"= 27033:TCP:port-range 27033
    "27034:TCP"= 27034:TCP:port-range 27034
    "27035:TCP"= 27035:TCP:port-range 27035
    "27036:TCP"= 27036:TCP:port-range 27036
    "27037:TCP"= 27037:TCP:port-range 27037
    "27038:TCP"= 27038:TCP:port-range 27038
    "27039:TCP"= 27039:TCP:port-range 27039
    "27040:TCP"= 27040:TCP:port-range 27040
    "27041:TCP"= 27041:TCP:port-range 27041
    "27042:TCP"= 27042:TCP:port-range 27042
    "27043:TCP"= 27043:TCP:port-range 27043
    "27044:TCP"= 27044:TCP:port-range 27044
    "27045:TCP"= 27045:TCP:port-range 27045
    "27046:TCP"= 27046:TCP:port-range 27046
    "27047:TCP"= 27047:TCP:port-range 27047
    "27048:TCP"= 27048:TCP:port-range 27048
    "27049:TCP"= 27049:TCP:port-range 27049
    "27050:TCP"= 27050:TCP:port-range 27050
    "27014:UDP"= 27014:UDP:port-range 27014
    "27015:UDP"= 27015:UDP:port-range 27015
    "27016:UDP"= 27016:UDP:port-range 27016
    "27017:UDP"= 27017:UDP:port-range 27017
    "27018:UDP"= 27018:UDP:port-range 27018
    "27019:UDP"= 27019:UDP:port-range 27019
    "27020:UDP"= 27020:UDP:port-range 27020
    "27021:UDP"= 27021:UDP:port-range 27021
    "27022:UDP"= 27022:UDP:port-range 27022
    "27023:UDP"= 27023:UDP:port-range 27023
    "27024:UDP"= 27024:UDP:port-range 27024
    "27025:UDP"= 27025:UDP:port-range 27025
    "27026:UDP"= 27026:UDP:port-range 27026
    "27027:UDP"= 27027:UDP:port-range 27027
    "27028:UDP"= 27028:UDP:port-range 27028
    "27029:UDP"= 27029:UDP:port-range 27029
    "27030:UDP"= 27030:UDP:port-range 27030
    "4380:UDP"= 4380:UDP:port-UDP 4380
    "27000:UDP"= 27000:UDP:port-range 27000
    "27001:UDP"= 27001:UDP:port-range 27001
    "27002:UDP"= 27002:UDP:port-range 27002
    "27003:UDP"= 27003:UDP:port-range 27003
    "27004:UDP"= 27004:UDP:port-range 27004
    "27005:UDP"= 27005:UDP:port-range 27005
    "27006:UDP"= 27006:UDP:port-range 27006
    "27007:UDP"= 27007:UDP:port-range 27007
    "27008:UDP"= 27008:UDP:port-range 27008
    "27009:UDP"= 27009:UDP:port-range 27009
    "27010:UDP"= 27010:UDP:port-range 27010
    "27011:UDP"= 27011:UDP:port-range 27011
    "27012:UDP"= 27012:UDP:port-range 27012
    "27013:UDP"= 27013:UDP:port-range 27013
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundMaskRequest"= 1 (0x1)
    "AllowInboundRouterRequest"= 1 (0x1)
    "AllowInboundTimestampRequest"= 1 (0x1)
    "AllowOutboundDestinationUnreachable"= 1 (0x1)
    "AllowOutboundPacketTooBig"= 1 (0x1)
    "AllowOutboundParameterProblem"= 1 (0x1)
    "AllowOutboundSourceQuench"= 1 (0x1)
    "AllowOutboundTimeExceeded"= 1 (0x1)
    "AllowRedirect"= 1 (0x1)
    .
    R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [8/8/2011 3:58 PM 98928]
    R1 MpKsl33628768;MpKsl33628768;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F9B4D8E-DA25-478A-8CA2-81F11B87A4DC}\MpKsl33628768.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F9B4D8E-DA25-478A-8CA2-81F11B87A4DC}\MpKsl33628768.sys [?]
    R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [1/23/2010 10:50 PM 158512]
    R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [1/23/2010 10:50 PM 91440]
    R1 vcdrom;Virtual CD-ROM Device Driver;c:\installers\winxpvirtualcdcontrolpanel_21\VCdRom.sys [3/3/2009 6:57 AM 8576]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [1/10/2011 8:51 PM 10448]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/7/2011 2:55 AM 654408]
    R2 Micro Niche Finder Background Download Service;Micro Niche Finder Background Download Service;c:\program files\Micro Niche Finder\srvany.exe [2/3/2010 3:50 AM 8192]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1/3/2012 3:14 PM 2253120]
    R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [8/29/2011 11:11 PM 665200]
    R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [8/31/2007 12:13 PM 384896]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [8/24/2010 10:30 AM 40912]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [8/24/2010 10:30 AM 10448]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/7/2011 2:55 AM 22344]
    R3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [9/6/2011 5:24 PM 5632]
    R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [12/19/2011 3:11 PM 116016]
    S0 AmdAcpi;AmdAcpi Bus Filter Driver;c:\windows\system32\DRIVERS\AmdAcpi.sys --> c:\windows\system32\DRIVERS\AmdAcpi.sys [?]
    S1 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\amdtools.sys --> c:\windows\system32\DRIVERS\amdtools.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/5/2012 3:17 PM 160944]
    S3 123rootrepeal;123rootrepeal;c:\windows\system32\drivers\123rootrepeal.sys [1/21/2010 10:01 AM 34816]
    S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [1/21/2010 9:17 PM 15944]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 11:19 AM 50704]
    S3 ruby-hello;ruby-hello;c:\wamp\ruby\bin\mongrel_service.exe [1/31/2012 1:37 PM 47616]
    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [12/17/2009 4:02 PM 104752]
    S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [1/23/2010 10:50 PM 82736]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
    S4 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 5:00 AM 14336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-02-25 18:12 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-15 c:\windows\Tasks\Clean System Memory.job
    - c:\windows\system32\CleanMem.exe [2009-11-11 23:22]
    .
    2012-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1645522239-839522115-1015Core.job
    - c:\documents and settings\Gregory\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-11 03:44]
    .
    2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1645522239-839522115-1015UA.job
    - c:\documents and settings\Gregory\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-11 03:44]
    .
    2012-06-15 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
    .
    2012-06-14 c:\windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
    - c:\program files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-17 03:45]
    .
    2012-06-14 c:\windows\Tasks\NatSpeak Periodic Language Model Optimization.job
    - c:\program files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-17 03:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    LSP: %SystemRoot%\system32\vsocklib.dll
    TCP: Interfaces\{2340376E-95A1-4AC8-B4C8-4381226E9DA3}: NameServer = 8.8.8.8,66.93.87.2,8.8.4.4,216.231.41.2
    FF - ProfilePath - c:\documents and settings\Gregory\Application Data\Mozilla\Firefox\Profiles\rm88ypaz.bigG\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama&hl=en
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-MozillaMaintenanceService - c:\program files\Mozilla Maintenance Service\uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-06-14 21:59
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ruby-hello]
    "ImagePath"="\"C:/wamp/ruby/bin/mongrel_service.exe\" service single -e development -p 3001 -a 0.0.0.0 -l \"log/mongrel.log\" -P \"log/mongrel.pid\" -c \"c:/wamp/www/rails/hello\" -t 0 -r \"public\" -n 1024"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ruby-hello]
    "ImagePath"="\"C:/wamp/ruby/bin/mongrel_service.exe\" service single -e development -p 3001 -a 0.0.0.0 -l \"log/mongrel.log\" -P \"log/mongrel.pid\" -c \"c:/wamp/www/rails/hello\" -t 0 -r \"public\" -n 1024"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:74,63,79,64,0b,2b,41,2c,de,f0,c2,19,db,b6,b1,3c,be,2d,3b,ee,ed,
    31,3d,bb,3a,4c,77,d1,77,d4,c2,ef,9d,99,52,64,9c,89,c2,15,83,2d,19,68,b8,a0,\
    .
    [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:74,63,79,64,0b,2b,41,2c,de,f0,c2,19,db,b6,b1,3c,be,2d,3b,ee,ed,
    31,3d,bb,3a,4c,77,d1,77,d4,c2,ef,9d,99,52,64,9c,89,c2,15,83,2d,19,68,b8,a0,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(952)
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    .
    - - - - - - - > 'explorer.exe'(1696)
    c:\windows\system32\WININET.dll
    c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
    c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
    c:\program files\AutoSizer\AutoSizer.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\msi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\program files\Sandboxie\SbieSvc.exe
    c:\windows\system32\netdde.exe
    c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    c:\program files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\nvsvc32.exe
    c:\program files\Micro Niche Finder\bggoogle.exe
    c:\windows\system32\HPZipm12.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\vmnat.exe
    c:\windows\system32\vmnetdhcp.exe
    c:\program files\VMware\VMware Player\vmware-authd.exe
    c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\RunDLL32.exe
    c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    c:\program files\GOOGLE\GMAIL NOTIFIER\GNOTIFY.EXE
    .
    **************************************************************************
    .
    Completion time: 2012-06-14 22:09:24 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-06-15 05:09
    ComboFix2.txt 2012-06-10 21:00
    .
    Pre-Run: 40,879,992,832 bytes free
    Post-Run: 40,661,991,424 bytes free
    .
    - - End Of File - - EECCCE0970BEF2940813EF266DEC1AFA
  8. gBarrett

    gBarrett Newcomer, in training Topic Starter Posts: 22

    I noticed the following repeated in the Combofix log;

    AV: G Data AntiVirus 2010 *Disabled/Outdated* {71310606-6F3B-49F2-9A81-8315AA75FBB3}

    G Data did not show up in "Add or Remove Programs", nor was it listed in Revo Unistaller. I used G Data's AVCleaner 2012 tool when you initially directed me to uninstall one of the AV programs. I thought it removed all traces. All that I can find now of G Data are an empty Folder and some Registry entries.
  9. Broni

    Broni Malware Annihilator Posts: 45,223   +243

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    SecCenter::
    {71310606-6F3B-49F2-9A81-8315AA75FBB3}
    
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "27014:TCP"=-
    "27015:TCP"=-
    "27016:TCP"=-
    "27017:TCP"=-
    "27018:TCP"=-
    "27019:TCP"=-
    "27020:TCP"=-
    "27021:TCP"=-
    "27022:TCP"=-
    "27023:TCP"=-
    "27024:TCP"=-
    "27025:TCP"=- 
    "27026:TCP"=-
    "27027:TCP"=-
    "27028:TCP"=-
    "27029:TCP"=-
    "27030:TCP"=-
    "27031:TCP"=-
    "27032:TCP"=- 
    "27033:TCP"=-
    "27034:TCP"=-
    "27035:TCP"=-
    "27036:TCP"=-
    "27037:TCP"=-
    "27038:TCP"=-
    "27039:TCP"=-
    "27040:TCP"=-
    "27041:TCP"=-
    "27042:TCP"=-
    "27043:TCP"=-
    "27044:TCP"=-
    "27045:TCP"=-
    "27046:TCP"=-
    "27047:TCP"=-
    "27048:TCP"=-
    "27049:TCP"=-
    "27050:TCP"=-
    "27014:UDP"=-
    "27015:UDP"=-
    "27016:UDP"=-
    "27017:UDP"=-
    "27018:UDP"=-
    "27019:UDP"=-
    "27020:UDP"=-
    "27021:UDP"=-
    "27022:UDP"=-
    "27023:UDP"=-
    "27024:UDP"=-
    "27025:UDP"=-
    "27026:UDP"=-
    "27027:UDP"=-
    "27028:UDP"=-
    "27029:UDP"=-
    "27030:UDP"=-
    "4380:UDP"=-
    "27000:UDP"=-
    "27001:UDP"=-
    "27002:UDP"=-
    "27003:UDP"=-
    "27004:UDP"=-
    "27005:UDP"=-
    "27006:UDP"=-
    "27007:UDP"=-
    "27008:UDP"=-
    "27009:UDP"=-
    "27010:UDP"=-
    "27011:UDP"=-
    "27012:UDP"=-
    "27013:UDP"=-
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  10. gBarrett

    gBarrett Newcomer, in training Topic Starter Posts: 22

    Prompted to update Combofix after dragging CFScript.txt. Do I upgrade?
  11. Broni

    Broni Malware Annihilator Posts: 45,223   +243

    Always as my instructions say.
  12. gBarrett

    gBarrett Newcomer, in training Topic Starter Posts: 22

    Will I need to restart again with CFScript.txt?
  13. Broni

    Broni Malware Annihilator Posts: 45,223   +243

    I'm not sure what you're saying.
     
  14. gBarrett

    gBarrett Newcomer, in training Topic Starter Posts: 22

    Combofix appeared to me to restart after the upgrade and I am unsure if it retained the CFScritpt.txt. Question was, do I need to restart Combofix again by dragging the CFScritp.txt onto the CF icon?
  15. Broni

    Broni Malware Annihilator Posts: 45,223   +243

    Yes go ahead.
  16. gBarrett

    gBarrett Newcomer, in training Topic Starter Posts: 22

    ComboFix 12-06-15.03 - Gregory 06/15/2012 9:45.14.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1487 [GMT -7:00]
    Running from: c:\documents and settings\Gregory\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Gregory\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-15 05:30 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{87010546-B2D6-4744-86CE-41D7D0F62DF7}\mpengine.dll
    2012-06-15 05:06 . 2012-06-15 05:06 -------- d-----w- c:\program files\Dropbox
    2012-06-13 17:22 . 2012-06-13 17:22 -------- d-----w- c:\program files\Common Files\Skype
    2012-06-13 17:22 . 2012-06-13 17:22 -------- d-----r- c:\program files\Skype
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-08 16:40 . 2011-06-30 09:23 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-05-01 21:00 . 2011-03-23 03:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-05-01 21:00 . 2008-06-10 10:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-04-04 22:56 . 2011-11-07 09:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-24 23:47 . 2011-03-22 17:42 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-06-09_11.06.34 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-06-13 17:23 . 2012-06-13 17:23 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
    - 2012-06-07 20:16 . 2012-06-07 20:16 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
    + 2012-06-13 17:23 . 2012-06-13 17:23 1648128 c:\windows\Installer\47580e.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AutoSizer"="c:\program files\AutoSizer\AutoSizer.exe" [2009-04-08 131072]
    "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-10-12 438544]
    "Steam"="d:\program files\Steam\steam.exe" [2011-12-25 1242448]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
    "WinPatrol"="c:\program files\BillP Studios\WinPatrol\WinPatrol.exe" [2010-11-04 329096]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "Nuance.ctfmngr"="c:\program files\Nuance\NaturallySpeaking10\Program\ctfmngr.exe" [2009-03-17 50536]
    "EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2011-11-22 359528]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
    "NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
    "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2011-10-08 203072]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
    .
    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    Install LastPass FF RunOnce.lnk - c:\windows\Temp\lpuninstall.exe [N/A]
    Install LastPass IE RunOnce.lnk - c:\windows\Temp\lpuninstall.exe [N/A]
    .
    c:\documents and settings\Gregory\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\Gregory\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    Stickies.lnk - c:\program files\Stickies\stickies.exe [2011-9-10 1122304]
    Wallpaper Changer.lnk - c:\program files\WallpaperToy\Wallpapertoy.Exe [2010-4-8 110592]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
    @=""
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
    "c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
    "c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
    "c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
    "c:\\Program Files\\Market Samurai\\Market Samurai.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
    "c:\\Documents and Settings\\Gregory\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\Oracle\\VirtualBox\\VirtualBox.exe"=
    "c:\\Program Files\\Notepad++\\notepad++.exe"=
    "c:\\Program Files\\PSPad editor\\PSPad.exe"=
    "c:\\Program Files\\Stickies\\stickies.exe"=
    "d:\\Program Files\\Steam\\Steam.exe"=
    "d:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicDownloader\\RelicDownloader.exe"=
    "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
    "d:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicCOH.exe"=
    "c:\\wamp\\bin\\apache\\Apache2.2.21\\bin\\httpd.exe"=
    "c:\\wamp\\ruby\\bin\\ruby.exe"=
    "c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
    "d:\\Program Files\\Steam\\steamapps\\common\\orcs must die!\\Build\\release\\OrcsMustDie.exe"=
    "c:\\Program Files\\eclipse-php\\eclipse-php.exe"=
    "d:\\Program Files\\Steam\\steamapps\\common\\portal 2\\portal2.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundMaskRequest"= 1 (0x1)
    "AllowInboundRouterRequest"= 1 (0x1)
    "AllowInboundTimestampRequest"= 1 (0x1)
    "AllowOutboundDestinationUnreachable"= 1 (0x1)
    "AllowOutboundPacketTooBig"= 1 (0x1)
    "AllowOutboundParameterProblem"= 1 (0x1)
    "AllowOutboundSourceQuench"= 1 (0x1)
    "AllowOutboundTimeExceeded"= 1 (0x1)
    "AllowRedirect"= 1 (0x1)
    .
    R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [8/8/2011 3:58 PM 98928]
    R1 MpKsl33628768;MpKsl33628768;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F9B4D8E-DA25-478A-8CA2-81F11B87A4DC}\MpKsl33628768.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F9B4D8E-DA25-478A-8CA2-81F11B87A4DC}\MpKsl33628768.sys [?]
    R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [1/23/2010 10:50 PM 158512]
    R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [1/23/2010 10:50 PM 91440]
    R1 vcdrom;Virtual CD-ROM Device Driver;c:\installers\winxpvirtualcdcontrolpanel_21\VCdRom.sys [3/3/2009 6:57 AM 8576]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [1/10/2011 8:51 PM 10448]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/7/2011 2:55 AM 654408]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1/3/2012 3:14 PM 2253120]
    R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [8/29/2011 11:11 PM 665200]
    R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [8/31/2007 12:13 PM 384896]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [8/24/2010 10:30 AM 40912]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [8/24/2010 10:30 AM 10448]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/7/2011 2:55 AM 22344]
    R3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [9/6/2011 5:24 PM 5632]
    R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [12/19/2011 3:11 PM 116016]
    S0 AmdAcpi;AmdAcpi Bus Filter Driver;c:\windows\system32\DRIVERS\AmdAcpi.sys --> c:\windows\system32\DRIVERS\AmdAcpi.sys [?]
    S1 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\amdtools.sys --> c:\windows\system32\DRIVERS\amdtools.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
    S2 Micro Niche Finder Background Download Service;Micro Niche Finder Background Download Service;c:\program files\Micro Niche Finder\srvany.exe [2/3/2010 3:50 AM 8192]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/5/2012 3:17 PM 160944]
    S3 123rootrepeal;123rootrepeal;c:\windows\system32\drivers\123rootrepeal.sys [1/21/2010 10:01 AM 34816]
    S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [1/21/2010 9:17 PM 15944]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 11:19 AM 50704]
    S3 ruby-hello;ruby-hello;c:\wamp\ruby\bin\mongrel_service.exe [1/31/2012 1:37 PM 47616]
    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [12/17/2009 4:02 PM 104752]
    S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [1/23/2010 10:50 PM 82736]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
    S4 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 5:00 AM 14336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-02-25 18:12 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-15 c:\windows\Tasks\Clean System Memory.job
    - c:\windows\system32\CleanMem.exe [2009-11-11 23:22]
    .
    2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1645522239-839522115-1015Core.job
    - c:\documents and settings\Gregory\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-11 03:44]
    .
    2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1645522239-839522115-1015UA.job
    - c:\documents and settings\Gregory\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-11 03:44]
    .
    2012-06-15 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
    .
    2012-06-14 c:\windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
    - c:\program files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-17 03:45]
    .
    2012-06-15 c:\windows\Tasks\NatSpeak Periodic Language Model Optimization.job
    - c:\program files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-17 03:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    LSP: %SystemRoot%\system32\vsocklib.dll
    TCP: Interfaces\{2340376E-95A1-4AC8-B4C8-4381226E9DA3}: NameServer = 8.8.8.8,66.93.87.2,8.8.4.4,216.231.41.2
    FF - ProfilePath - c:\documents and settings\Gregory\Application Data\Mozilla\Firefox\Profiles\rm88ypaz.bigG\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama&hl=en
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-06-15 09:58
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ruby-hello]
    "ImagePath"="\"C:/wamp/ruby/bin/mongrel_service.exe\" service single -e development -p 3001 -a 0.0.0.0 -l \"log/mongrel.log\" -P \"log/mongrel.pid\" -c \"c:/wamp/www/rails/hello\" -t 0 -r \"public\" -n 1024"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ruby-hello]
    "ImagePath"="\"C:/wamp/ruby/bin/mongrel_service.exe\" service single -e development -p 3001 -a 0.0.0.0 -l \"log/mongrel.log\" -P \"log/mongrel.pid\" -c \"c:/wamp/www/rails/hello\" -t 0 -r \"public\" -n 1024"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:74,63,79,64,0b,2b,41,2c,de,f0,c2,19,db,b6,b1,3c,be,2d,3b,ee,ed,
    31,3d,bb,3a,4c,77,d1,77,d4,c2,ef,9d,99,52,64,9c,89,c2,15,83,2d,19,68,b8,a0,\
    .
    [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:74,63,79,64,0b,2b,41,2c,de,f0,c2,19,db,b6,b1,3c,be,2d,3b,ee,ed,
    31,3d,bb,3a,4c,77,d1,77,d4,c2,ef,9d,99,52,64,9c,89,c2,15,83,2d,19,68,b8,a0,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(952)
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    .
    - - - - - - - > 'explorer.exe'(1284)
    c:\windows\system32\WININET.dll
    c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
    c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
    c:\program files\AutoSizer\AutoSizer.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    .
    Completion time: 2012-06-15 10:00:14
    ComboFix-quarantined-files.txt 2012-06-15 17:00
    ComboFix2.txt 2012-06-15 16:29
    ComboFix3.txt 2012-06-15 05:09
    ComboFix4.txt 2012-06-10 21:00
    .
    Pre-Run: 40,650,416,128 bytes free
    Post-Run: 40,628,314,112 bytes free
    .
    - - End Of File - - AB7ADD349FA66CD5F11084A80EA76F89
  17. Broni

    Broni Malware Annihilator Posts: 45,223   +243

    Looks good.

    Is MBAM still complaining?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  18. gBarrett

    gBarrett Newcomer, in training Topic Starter Posts: 22

    yes
  19. Broni

    Broni Malware Annihilator Posts: 45,223   +243

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  20. gBarrett

    gBarrett Newcomer, in training Topic Starter Posts: 22

    OTL appears to have halted scanning an entry in the registry.
  21. Broni

    Broni Malware Annihilator Posts: 45,223   +243

    Leave OTL alone for now and proceed with TDSSKiller.
  22. gBarrett

    gBarrett Newcomer, in training Topic Starter Posts: 22

    Close or kill the OTL process before running TDSSKiller?
  23. Broni

    Broni Malware Annihilator Posts: 45,223   +243

    It may be better to restart computer.
  24. gBarrett

    gBarrett Newcomer, in training Topic Starter Posts: 22

    12:25:10.0812 0396 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
    12:25:11.0578 0396 ============================================================
    12:25:11.0578 0396 Current date / time: 2012/06/15 12:25:11.0578
    12:25:11.0578 0396 SystemInfo:
    12:25:11.0578 0396
    12:25:11.0578 0396 OS Version: 5.1.2600 ServicePack: 3.0
    12:25:11.0578 0396 Product type: Workstation
    12:25:11.0578 0396 ComputerName: EXPERIENCE
    12:25:11.0578 0396 UserName: Gregory
    12:25:11.0578 0396 Windows directory: C:\WINDOWS
    12:25:11.0578 0396 System windows directory: C:\WINDOWS
    12:25:11.0578 0396 Processor architecture: Intel x86
    12:25:11.0578 0396 Number of processors: 2
    12:25:11.0578 0396 Page size: 0x1000
    12:25:11.0578 0396 Boot type: Normal boot
    12:25:11.0578 0396 ============================================================
    12:25:18.0890 0396 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    12:25:18.0953 0396 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    12:25:19.0046 0396 ============================================================
    12:25:19.0046 0396 \Device\Harddisk0\DR0:
    12:25:19.0062 0396 MBR partitions:
    12:25:19.0062 0396 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
    12:25:19.0062 0396 \Device\Harddisk1\DR1:
    12:25:19.0062 0396 MBR partitions:
    12:25:19.0062 0396 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
    12:25:19.0062 0396 ============================================================
    12:25:24.0906 0396 C: <-> \Device\Harddisk0\DR0\Partition0
    12:25:25.0109 0396 D: <-> \Device\Harddisk1\DR1\Partition0
    12:25:25.0125 0396 ============================================================
    12:25:25.0125 0396 Initialize success
    12:25:25.0125 0396 ============================================================
    12:28:19.0437 2340 ============================================================
    12:28:19.0437 2340 Scan started
    12:28:19.0437 2340 Mode: Manual;
    12:28:19.0437 2340 ============================================================
    12:28:20.0375 2340 123rootrepeal (60ac082b41e60906171335dfbf8c19c0) C:\WINDOWS\system32\drivers\123rootrepeal.sys
    12:28:20.0390 2340 123rootrepeal - ok
    12:28:20.0390 2340 Abiosdsk - ok
    12:28:20.0390 2340 abp480n5 - ok
    12:28:20.0453 2340 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    12:28:20.0468 2340 ACPI - ok
    12:28:20.0515 2340 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    12:28:20.0515 2340 ACPIEC - ok
    12:28:20.0703 2340 Adobe Version Cue CS3 (14c23516c990dcd6052152cf034dde40) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    12:28:20.0703 2340 Adobe Version Cue CS3 - ok
    12:28:20.0718 2340 adpu160m - ok
    12:28:20.0765 2340 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    12:28:20.0765 2340 aec - ok
    12:28:20.0812 2340 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    12:28:20.0828 2340 AFD - ok
    12:28:20.0828 2340 Aha154x - ok
    12:28:20.0828 2340 aic78u2 - ok
    12:28:20.0843 2340 aic78xx - ok
    12:28:21.0046 2340 ALCXWDM (e1b23e1463adcca8637532d6b170cc32) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    12:28:21.0187 2340 ALCXWDM - ok
    12:28:21.0312 2340 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
    12:28:21.0312 2340 Alerter - ok
    12:28:21.0359 2340 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
    12:28:21.0359 2340 ALG - ok
    12:28:21.0375 2340 AliIde - ok
    12:28:21.0375 2340 AmdAcpi - ok
    12:28:21.0406 2340 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
    12:28:21.0406 2340 AmdK8 - ok
    12:28:21.0406 2340 amdtools - ok
    12:28:21.0406 2340 amsint - ok
    12:28:21.0453 2340 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
    12:28:21.0468 2340 AppMgmt - ok
    12:28:21.0468 2340 asc - ok
    12:28:21.0484 2340 asc3350p - ok
    12:28:21.0484 2340 asc3550 - ok
    12:28:21.0625 2340 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    12:28:21.0625 2340 aspnet_state - ok
    12:28:21.0671 2340 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    12:28:21.0671 2340 AsyncMac - ok
    12:28:21.0687 2340 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    12:28:21.0687 2340 atapi - ok
    12:28:21.0687 2340 Atdisk - ok
    12:28:21.0734 2340 ATITool (0e4bb35c5305099ac82053ac992e3e0e) C:\WINDOWS\system32\DRIVERS\ATITool.sys
    12:28:21.0734 2340 ATITool - ok
    12:28:21.0750 2340 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    12:28:21.0750 2340 Atmarpc - ok
    12:28:21.0765 2340 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
    12:28:21.0796 2340 AudioSrv - ok
    12:28:21.0828 2340 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    12:28:21.0828 2340 audstub - ok
    12:28:21.0968 2340 Autodesk Licensing Service (17681266e789ba928cbed70dd58ee4b1) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    12:28:21.0968 2340 Autodesk Licensing Service - ok
    12:28:22.0109 2340 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    12:28:22.0109 2340 BcmSqlStartupSvc - ok
    12:28:22.0156 2340 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    12:28:22.0156 2340 Beep - ok
    12:28:22.0218 2340 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
    12:28:22.0515 2340 BITS - ok
    12:28:22.0593 2340 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
    12:28:22.0593 2340 Browser - ok
    12:28:22.0656 2340 btaudio (acff0fd5ebb4711534766bfe9c4cc4cd) C:\WINDOWS\system32\drivers\btaudio.sys
    12:28:22.0687 2340 btaudio - ok
    12:28:22.0750 2340 BTDriver (fd7ec7c3aa4a9b1d066fd1e36bec54e4) C:\WINDOWS\system32\DRIVERS\btport.sys
    12:28:22.0750 2340 BTDriver - ok
    12:28:22.0781 2340 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
    12:28:22.0781 2340 BthEnum - ok
    12:28:22.0781 2340 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
    12:28:22.0796 2340 BTHMODEM - ok
    12:28:22.0812 2340 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
    12:28:22.0812 2340 BthPan - ok
    12:28:22.0843 2340 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
    12:28:22.0859 2340 BTHPORT - ok
    12:28:22.0906 2340 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
    12:28:22.0906 2340 BthServ - ok
    12:28:22.0953 2340 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
    12:28:22.0953 2340 BTHUSB - ok
    12:28:23.0046 2340 BTKRNL (fe1229036157344bb2789af6d9d9f6e1) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
    12:28:23.0062 2340 BTKRNL - ok
    12:28:23.0109 2340 BTSERIAL (510161a915ac376f5d47516aa275c544) C:\WINDOWS\system32\drivers\btserial.sys
    12:28:23.0109 2340 BTSERIAL - ok
    12:28:23.0125 2340 BTSLBCSP (ef4808855e1180edb9627b6a7320e0fd) C:\WINDOWS\system32\drivers\btslbcsp.sys
    12:28:23.0140 2340 BTSLBCSP - ok
    12:28:23.0312 2340 btwdins (0f2cd70a636fcd7362f5dae96afdf17f) C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
    12:28:23.0312 2340 btwdins - ok
    12:28:23.0328 2340 BTWDNDIS (56a80e456145a8b1176933604cebcdac) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
    12:28:23.0328 2340 BTWDNDIS - ok
    12:28:23.0375 2340 BTWUSB (4aa507d8b72378732147986cf5ff9f76) C:\WINDOWS\system32\Drivers\btwusb.sys
    12:28:23.0390 2340 BTWUSB - ok
    12:28:23.0390 2340 catchme - ok
    12:28:23.0437 2340 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    12:28:23.0437 2340 cbidf2k - ok
    12:28:23.0484 2340 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    12:28:23.0484 2340 CCDECODE - ok
    12:28:23.0500 2340 cd20xrnt - ok
    12:28:23.0515 2340 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    12:28:23.0515 2340 Cdaudio - ok
    12:28:23.0515 2340 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    12:28:23.0515 2340 Cdfs - ok
    12:28:23.0578 2340 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    12:28:23.0578 2340 Cdrom - ok
    12:28:23.0578 2340 Changer - ok
    12:28:23.0640 2340 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
    12:28:23.0640 2340 CiSvc - ok
    12:28:23.0687 2340 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
    12:28:23.0687 2340 ClipSrv - ok
    12:28:23.0781 2340 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    12:28:23.0859 2340 clr_optimization_v2.0.50727_32 - ok
    12:28:23.0937 2340 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    12:28:24.0000 2340 clr_optimization_v4.0.30319_32 - ok
    12:28:24.0015 2340 CmdIde - ok
    12:28:24.0015 2340 COMSysApp - ok
    12:28:24.0015 2340 Cpqarray - ok
    12:28:24.0078 2340 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
    12:28:24.0078 2340 CryptSvc - ok
    12:28:24.0078 2340 dac2w2k - ok
    12:28:24.0078 2340 dac960nt - ok
    12:28:24.0156 2340 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    12:28:24.0156 2340 DcomLaunch - ok
    12:28:24.0234 2340 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
    12:28:24.0250 2340 Dhcp - ok
    12:28:24.0296 2340 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    12:28:24.0296 2340 Disk - ok
    12:28:24.0296 2340 dmadmin - ok
    12:28:24.0390 2340 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    12:28:24.0421 2340 dmboot - ok
    12:28:24.0437 2340 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    12:28:24.0437 2340 dmio - ok
    12:28:24.0453 2340 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    12:28:24.0453 2340 dmload - ok
    12:28:24.0484 2340 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
    12:28:24.0484 2340 dmserver - ok
    12:28:24.0500 2340 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    12:28:24.0500 2340 DMusic - ok
    12:28:24.0546 2340 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
    12:28:24.0546 2340 Dnscache - ok
    12:28:24.0609 2340 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
    12:28:24.0609 2340 Dot3svc - ok
    12:28:24.0609 2340 dpti2o - ok
    12:28:24.0671 2340 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    12:28:24.0671 2340 drmkaud - ok
    12:28:24.0703 2340 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
    12:28:24.0703 2340 EapHost - ok
    12:28:24.0734 2340 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
    12:28:24.0750 2340 ElbyCDIO - ok
    12:28:24.0765 2340 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
    12:28:24.0765 2340 ERSvc - ok
    12:28:24.0812 2340 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    12:28:24.0843 2340 Eventlog - ok
    12:28:24.0890 2340 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
    12:28:24.0906 2340 EventSystem - ok
    12:28:24.0953 2340 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    12:28:24.0953 2340 Fastfat - ok
    12:28:25.0015 2340 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    12:28:25.0078 2340 FastUserSwitchingCompatibility - ok
    12:28:25.0125 2340 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    12:28:25.0125 2340 Fdc - ok
    12:28:25.0140 2340 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    12:28:25.0140 2340 Fips - ok
    12:28:25.0312 2340 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    12:28:25.0312 2340 FLEXnet Licensing Service - ok
    12:28:25.0343 2340 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    12:28:25.0343 2340 Flpydisk - ok
    12:28:25.0343 2340 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    12:28:25.0343 2340 FltMgr - ok
    12:28:25.0468 2340 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    12:28:25.0468 2340 FontCache3.0.0.0 - ok
    12:28:25.0546 2340 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    12:28:25.0546 2340 Fs_Rec - ok
    12:28:25.0546 2340 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    12:28:25.0562 2340 Ftdisk - ok
    12:28:25.0578 2340 GearAspiWDM - ok
    12:28:25.0609 2340 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
    12:28:25.0609 2340 giveio - ok
    12:28:25.0656 2340 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    12:28:25.0671 2340 Gpc - ok
    12:28:25.0703 2340 hcmon (88a6f2571405b3a4abc4ed2f52136317) C:\WINDOWS\system32\drivers\hcmon.sys
    12:28:25.0703 2340 hcmon - ok
    12:28:25.0781 2340 hcw18bda (e5b3eb916ef245075a243821ff7320d5) C:\WINDOWS\system32\drivers\hcw18bda.sys
    12:28:25.0796 2340 hcw18bda - ok
    12:28:25.0859 2340 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    12:28:25.0859 2340 HDAudBus - ok
    12:28:25.0875 2340 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    12:28:25.0875 2340 helpsvc - ok
    12:28:25.0921 2340 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
    12:28:25.0921 2340 HidServ - ok
    12:28:25.0968 2340 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    12:28:25.0968 2340 HidUsb - ok
    12:28:26.0031 2340 hitmanpro35 (d7e05e0173719b66bb108f3d97e49a6a) C:\WINDOWS\system32\drivers\hitmanpro35.sys
    12:28:26.0031 2340 hitmanpro35 - ok
    12:28:26.0078 2340 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
    12:28:26.0078 2340 hkmsvc - ok
    12:28:26.0078 2340 hpn - ok
    12:28:26.0125 2340 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    12:28:26.0125 2340 HPZid412 - ok
    12:28:26.0140 2340 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    12:28:26.0140 2340 HPZipr12 - ok
    12:28:26.0171 2340 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    12:28:26.0171 2340 HPZius12 - ok
    12:28:26.0234 2340 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    12:28:26.0250 2340 HTTP - ok
    12:28:26.0296 2340 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
    12:28:26.0328 2340 HTTPFilter - ok
    12:28:26.0328 2340 i2omgmt - ok
    12:28:26.0328 2340 i2omp - ok
    12:28:26.0375 2340 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    12:28:26.0375 2340 i8042prt - ok
    12:28:26.0515 2340 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    12:28:26.0578 2340 idsvc - ok
    12:28:26.0625 2340 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    12:28:26.0625 2340 Imapi - ok
    12:28:26.0671 2340 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
    12:28:26.0687 2340 ImapiService - ok
    12:28:26.0687 2340 ini910u - ok
    12:28:26.0703 2340 IntelIde - ok
    12:28:26.0703 2340 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    12:28:26.0703 2340 intelppm - ok
    12:28:26.0734 2340 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    12:28:26.0734 2340 Ip6Fw - ok
    12:28:26.0781 2340 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    12:28:26.0781 2340 IpFilterDriver - ok
    12:28:26.0796 2340 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    12:28:26.0796 2340 IpInIp - ok
    12:28:26.0828 2340 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    12:28:26.0843 2340 IpNat - ok
    12:28:26.0843 2340 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    12:28:26.0843 2340 IPSec - ok
    12:28:26.0875 2340 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    12:28:26.0875 2340 IRENUM - ok
    12:28:26.0906 2340 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    12:28:26.0906 2340 isapnp - ok
    12:28:27.0093 2340 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
    12:28:27.0093 2340 JavaQuickStarterService - ok
    12:28:27.0109 2340 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    12:28:27.0109 2340 Kbdclass - ok
    12:28:27.0156 2340 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    12:28:27.0156 2340 kbdhid - ok
    12:28:27.0171 2340 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    12:28:27.0171 2340 kmixer - ok
    12:28:27.0203 2340 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    12:28:27.0203 2340 KSecDD - ok
    12:28:27.0250 2340 L8042Kbd (d8d3f1c1e82117a3776a2d320a7b3694) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
    12:28:27.0250 2340 L8042Kbd - ok
    12:28:27.0312 2340 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
    12:28:27.0328 2340 LanmanServer - ok
    12:28:27.0375 2340 LanmanWorkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
    12:28:27.0421 2340 LanmanWorkstation - ok
    12:28:27.0468 2340 LBeepKE (c99ba72106a858cb8b521bb4c02c93ed) C:\WINDOWS\system32\Drivers\LBeepKE.sys
    12:28:27.0468 2340 LBeepKE - ok
    12:28:27.0484 2340 lbrtfdc - ok
    12:28:27.0578 2340 LBTServ (0f98b9384c37c8c29904b8ae4359a54f) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    12:28:27.0593 2340 LBTServ - ok
    12:28:27.0671 2340 LEqdUsb (eee5a87ec378c9ad7ce91073fbd63465) C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
    12:28:27.0671 2340 LEqdUsb - ok
    12:28:27.0687 2340 LHidEqd (62663b385087f5977d8ebd1fdc67b639) C:\WINDOWS\system32\Drivers\LHidEqd.Sys
    12:28:27.0687 2340 LHidEqd - ok
    12:28:27.0718 2340 LHidFilt (318b3d608fbec44b7e0c23bf759dced5) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
    12:28:27.0718 2340 LHidFilt - ok
    12:28:27.0812 2340 LightScribeService (9dbafd6106ee59d548aa1b0c144799ef) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    12:28:27.0812 2340 LightScribeService - ok
    12:28:27.0859 2340 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
    12:28:27.0859 2340 LmHosts - ok
    12:28:27.0875 2340 LMouFilt (84af069d219df3c43dc6792b2bbd7bed) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
    12:28:27.0875 2340 LMouFilt - ok
    12:28:27.0890 2340 LUsbFilt (81642f134929946ab4b9572c4c17298c) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
    12:28:27.0890 2340 LUsbFilt - ok
    12:28:27.0937 2340 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
    12:28:27.0937 2340 MBAMProtector - ok
    12:28:28.0046 2340 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    12:28:28.0062 2340 MBAMService - ok
    12:28:28.0109 2340 mcdbus (f922b609524cf1ed66a1a109f3ce014f) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
    12:28:28.0109 2340 mcdbus - ok
    12:28:28.0187 2340 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    12:28:28.0187 2340 MDM - ok
    12:28:28.0234 2340 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
    12:28:28.0234 2340 Messenger - ok
    12:28:28.0281 2340 mi-raysat_3dsmax9_32 (aa0c4a2c33ce075df2c272d678734991) C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    12:28:28.0281 2340 mi-raysat_3dsmax9_32 - ok
    12:28:28.0406 2340 Micro Niche Finder Background Download Service (4635935fc972c582632bf45c26bfcb0e) C:\Program Files\Micro Niche Finder\srvany.exe
    12:28:28.0406 2340 Micro Niche Finder Background Download Service - ok
    12:28:28.0437 2340 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    12:28:28.0453 2340 mnmdd - ok
    12:28:28.0500 2340 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
    12:28:28.0500 2340 mnmsrvc - ok
    12:28:28.0578 2340 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    12:28:28.0578 2340 Modem - ok
    12:28:28.0640 2340 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    12:28:28.0640 2340 Mouclass - ok
    12:28:28.0640 2340 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    12:28:28.0656 2340 mouhid - ok
    12:28:28.0671 2340 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    12:28:28.0671 2340 MountMgr - ok
    12:28:28.0703 2340 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
    12:28:28.0703 2340 MPE - ok
    12:28:28.0734 2340 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    12:28:28.0734 2340 MpFilter - ok
    12:28:28.0750 2340 mraid35x - ok
    12:28:28.0781 2340 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    12:28:28.0796 2340 MRxDAV - ok
    12:28:28.0859 2340 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    12:28:28.0890 2340 MRxSmb - ok
    12:28:28.0921 2340 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
    12:28:28.0937 2340 MSDTC - ok
    12:28:28.0968 2340 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    12:28:28.0968 2340 Msfs - ok
    12:28:28.0968 2340 MSIServer - ok
    12:28:29.0000 2340 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    12:28:29.0000 2340 MSKSSRV - ok
    12:28:29.0125 2340 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    12:28:29.0125 2340 MsMpSvc - ok
    12:28:29.0140 2340 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    12:28:29.0140 2340 MSPCLOCK - ok
    12:28:29.0140 2340 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    12:28:29.0140 2340 MSPQM - ok
    12:28:29.0156 2340 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    12:28:29.0156 2340 mssmbios - ok
    12:28:29.0281 2340 MSSQL$MSSMLBIZ - ok
    12:28:29.0312 2340 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
    12:28:29.0312 2340 MSSQLServerADHelper - ok
    12:28:29.0328 2340 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    12:28:29.0328 2340 MSTEE - ok
    12:28:29.0390 2340 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    12:28:29.0406 2340 Mup - ok
    12:28:29.0437 2340 n558 (88705dc61b9275b82e48904d53031f5b) C:\WINDOWS\system32\Drivers\n558.sys
    12:28:29.0437 2340 n558 - ok
    12:28:29.0468 2340 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    12:28:29.0468 2340 NABTSFEC - ok
    12:28:29.0515 2340 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
    12:28:29.0531 2340 napagent - ok
    12:28:29.0578 2340 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    12:28:29.0593 2340 NDIS - ok
    12:28:29.0625 2340 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    12:28:29.0625 2340 NdisIP - ok
    12:28:29.0656 2340 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    12:28:29.0656 2340 NdisTapi - ok
    12:28:29.0671 2340 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    12:28:29.0671 2340 Ndisuio - ok
    12:28:29.0687 2340 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    12:28:29.0687 2340 NdisWan - ok
    12:28:29.0734 2340 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    12:28:29.0750 2340 NDProxy - ok
    12:28:29.0750 2340 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    12:28:29.0750 2340 NetBIOS - ok
    12:28:29.0765 2340 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    12:28:29.0781 2340 NetBT - ok
    12:28:29.0828 2340 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    12:28:29.0828 2340 NetDDE - ok
    12:28:29.0828 2340 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    12:28:29.0828 2340 NetDDEdsdm - ok
    12:28:29.0843 2340 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    12:28:29.0843 2340 Netlogon - ok
    12:28:29.0859 2340 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
    12:28:29.0875 2340 Netman - ok
    12:28:30.0015 2340 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    12:28:30.0046 2340 NetTcpPortSharing - ok
    12:28:30.0109 2340 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
    12:28:30.0109 2340 Nla - ok
    12:28:30.0203 2340 nosGetPlusHelper (ef7a048fe8e3f102c78c9bd7c448bb6c) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
    12:28:30.0203 2340 nosGetPlusHelper - ok
    12:28:30.0265 2340 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys
    12:28:30.0265 2340 NPF - ok
    12:28:30.0328 2340 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    12:28:30.0328 2340 Npfs - ok
    12:28:30.0359 2340 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    12:28:30.0375 2340 Ntfs - ok
    12:28:30.0437 2340 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    12:28:30.0437 2340 NtLmSsp - ok
    12:28:30.0484 2340 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
    12:28:30.0515 2340 NtmsSvc - ok
    12:28:30.0546 2340 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    12:28:30.0546 2340 Null - ok
    12:28:31.0125 2340 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    12:28:31.0578 2340 nv - ok
    12:28:31.0703 2340 NVENETFD (0258d664f93b4b01ddd621b8c084f322) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    12:28:31.0718 2340 NVENETFD - ok
    12:28:31.0765 2340 nvnetbus (56ec9207906435ef1bf02f5c68e3ffec) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
    12:28:31.0765 2340 nvnetbus - ok
    12:28:31.0765 2340 nvport - ok
    12:28:31.0828 2340 NVSvc (0573c75a2895d973ea6ef2495620ba49) C:\WINDOWS\system32\nvsvc32.exe
    12:28:31.0828 2340 NVSvc - ok
    12:28:32.0125 2340 nvUpdatusService (9c84945feee40ea42d3bca5c22250d47) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    12:28:32.0203 2340 nvUpdatusService - ok
    12:28:32.0296 2340 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    12:28:32.0296 2340 NwlnkFlt - ok
    12:28:32.0312 2340 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    12:28:32.0328 2340 NwlnkFwd - ok
    12:28:32.0437 2340 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    12:28:32.0453 2340 odserv - ok
    12:28:32.0515 2340 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    12:28:32.0531 2340 ose - ok
    12:28:32.0609 2340 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    12:28:32.0609 2340 Parport - ok
    12:28:32.0609 2340 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    12:28:32.0609 2340 PartMgr - ok
    12:28:32.0671 2340 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    12:28:32.0671 2340 ParVdm - ok
    12:28:32.0703 2340 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    12:28:32.0703 2340 PCI - ok
    12:28:32.0703 2340 PCIDump - ok
    12:28:32.0750 2340 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    12:28:32.0750 2340 PCIIde - ok
    12:28:32.0781 2340 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    12:28:32.0781 2340 Pcmcia - ok
    12:28:32.0781 2340 PDCOMP - ok
    12:28:32.0796 2340 PDFRAME - ok
    12:28:32.0796 2340 PDRELI - ok
    12:28:32.0796 2340 PDRFRAME - ok
    12:28:32.0812 2340 perc2 - ok
    12:28:32.0812 2340 perc2hib - ok
    12:28:32.0859 2340 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
    12:28:32.0859 2340 pfc - ok
    12:28:32.0906 2340 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    12:28:32.0906 2340 PlugPlay - ok
    12:28:32.0968 2340 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\system32\HPZipm12.exe
    12:28:32.0968 2340 Pml Driver HPZ12 - ok
    12:28:33.0015 2340 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    12:28:33.0015 2340 PolicyAgent - ok
    12:28:33.0031 2340 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    12:28:33.0031 2340 PptpMiniport - ok
    12:28:33.0046 2340 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    12:28:33.0046 2340 Processor - ok
    12:28:33.0046 2340 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    12:28:33.0046 2340 ProtectedStorage - ok
    12:28:33.0062 2340 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    12:28:33.0062 2340 PSched - ok
    12:28:33.0078 2340 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    12:28:33.0078 2340 Ptilink - ok
    12:28:33.0093 2340 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    12:28:33.0109 2340 PxHelp20 - ok
    12:28:33.0109 2340 ql1080 - ok
    12:28:33.0109 2340 Ql10wnt - ok
    12:28:33.0109 2340 ql12160 - ok
    12:28:33.0125 2340 ql1240 - ok
    12:28:33.0125 2340 ql1280 - ok
    12:28:33.0156 2340 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    12:28:33.0156 2340 RasAcd - ok
    12:28:33.0187 2340 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
    12:28:33.0187 2340 RasAuto - ok
    12:28:33.0234 2340 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    12:28:33.0234 2340 Rasl2tp - ok
    12:28:33.0296 2340 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
    12:28:33.0312 2340 RasMan - ok
    12:28:33.0312 2340 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    12:28:33.0312 2340 RasPppoe - ok
    12:28:33.0328 2340 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    12:28:33.0328 2340 Raspti - ok
    12:28:33.0343 2340 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    12:28:33.0359 2340 Rdbss - ok
    12:28:33.0375 2340 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    12:28:33.0375 2340 RDPCDD - ok
    12:28:33.0421 2340 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    12:28:33.0437 2340 rdpdr - ok
    12:28:33.0484 2340 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    12:28:33.0500 2340 RDPWD - ok
    12:28:33.0515 2340 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
    12:28:33.0531 2340 RDSessMgr - ok
    12:28:33.0546 2340 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    12:28:33.0546 2340 redbook - ok
    12:28:33.0609 2340 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
    12:28:33.0609 2340 RemoteAccess - ok
    12:28:33.0640 2340 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
    12:28:33.0640 2340 RemoteRegistry - ok
    12:28:33.0687 2340 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
    12:28:33.0703 2340 RFCOMM - ok
    12:28:33.0812 2340 RivaTuner32 (4e3d4152095a623303cc5ca74a6f1ac2) C:\Program Files\RivaTuner v2.0 Final Release\RivaTuner32.sys
    12:28:33.0812 2340 RivaTuner32 - ok
    12:28:33.0843 2340 rpcapd (a780d3eaa74582ea1deb6bd9c7a3d9c9) C:\Program Files\WinPcap\rpcapd.exe
    12:28:33.0843 2340 rpcapd - ok
    12:28:33.0875 2340 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
    12:28:33.0875 2340 RpcLocator - ok
    12:28:33.0921 2340 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
    12:28:33.0937 2340 RpcSs - ok
    12:28:33.0984 2340 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
    12:28:34.0000 2340 RSVP - ok
    12:28:34.0046 2340 RTCore32 (293a2a421fd8d064803d22a252b2de97) C:\Program Files\EVGA Precision\RTCore32.sys
    12:28:34.0046 2340 RTCore32 - ok
    12:28:34.0203 2340 ruby-hello (0d1110a73c586f71b6e493b81de5d1c3) C:/wamp/ruby/bin/mongrel_service.exe
    12:28:34.0203 2340 ruby-hello - ok
    12:28:34.0265 2340 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    12:28:34.0281 2340 SamSs - ok
    12:28:34.0359 2340 SbieDrv (1a62c808cda47b11005b77ee15e40483) C:\Program Files\Sandboxie\SbieDrv.sys
    12:28:34.0375 2340 SbieDrv - ok
    12:28:34.0421 2340 SbieSvc (bbc0a1a0ba299c595305316952b94d46) C:\Program Files\Sandboxie\SbieSvc.exe
    12:28:34.0421 2340 SbieSvc - ok
    12:28:34.0468 2340 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
    12:28:34.0468 2340 SCardSvr - ok
    12:28:34.0515 2340 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
    12:28:34.0531 2340 Schedule - ok
    12:28:34.0593 2340 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    12:28:34.0593 2340 Secdrv - ok
    12:28:34.0640 2340 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
    12:28:34.0640 2340 seclogon - ok
    12:28:34.0656 2340 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
    12:28:34.0656 2340 SENS - ok
    12:28:34.0656 2340 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    12:28:34.0671 2340 serenum - ok
    12:28:34.0671 2340 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    12:28:34.0671 2340 Serial - ok
    12:28:34.0687 2340 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    12:28:34.0687 2340 Sfloppy - ok
    12:28:34.0718 2340 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
    12:28:34.0734 2340 SharedAccess - ok
    12:28:34.0781 2340 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    12:28:34.0781 2340 ShellHWDetection - ok
    12:28:34.0781 2340 Simbad - ok
    12:28:34.0875 2340 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files\Skype\Updater\Updater.exe
    12:28:34.0875 2340 SkypeUpdate - ok
    12:28:34.0890 2340 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    12:28:34.0890 2340 SLIP - ok
    12:28:34.0906 2340 Sparrow - ok
    12:28:34.0937 2340 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
    12:28:34.0937 2340 speedfan - ok
    12:28:34.0953 2340 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    12:28:34.0953 2340 splitter - ok
    12:28:35.0000 2340 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
    12:28:35.0015 2340 Spooler - ok
    12:28:35.0109 2340 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    12:28:35.0125 2340 SQLBrowser - ok
    12:28:35.0140 2340 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    12:28:35.0140 2340 SQLWriter - ok
    12:28:35.0156 2340 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    12:28:35.0156 2340 sr - ok
    12:28:35.0187 2340 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
    12:28:35.0187 2340 srservice - ok
    12:28:35.0250 2340 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    12:28:35.0250 2340 Srv - ok
    12:28:35.0312 2340 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
    12:28:35.0312 2340 SSDPSRV - ok
    12:28:35.0359 2340 Steam Client Service - ok
    12:28:35.0437 2340 STHDA (f420a4f17a0852e58627f18468c3fec5) C:\WINDOWS\system32\drivers\sthda.sys
    12:28:35.0453 2340 STHDA - ok
    12:28:35.0593 2340 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
    12:28:35.0609 2340 stisvc - ok
    12:28:35.0656 2340 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    12:28:35.0656 2340 streamip - ok
    12:28:35.0687 2340 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    12:28:35.0687 2340 swenum - ok
    12:28:35.0687 2340 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    12:28:35.0703 2340 swmidi - ok
    12:28:35.0703 2340 SwPrv - ok
    12:28:35.0703 2340 symc810 - ok
    12:28:35.0718 2340 symc8xx - ok
    12:28:35.0718 2340 sym_hi - ok
    12:28:35.0718 2340 sym_u3 - ok
    12:28:35.0734 2340 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    12:28:35.0734 2340 sysaudio - ok
    12:28:35.0796 2340 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
    12:28:35.0796 2340 SysmonLog - ok
    12:28:35.0828 2340 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
    12:28:35.0843 2340 TapiSrv - ok
    12:28:35.0906 2340 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    12:28:35.0937 2340 Tcpip - ok
    12:28:35.0953 2340 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    12:28:35.0953 2340 TDPIPE - ok
    12:28:35.0984 2340 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    12:28:35.0984 2340 TDTCP - ok
    12:28:36.0000 2340 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    12:28:36.0000 2340 TermDD - ok
    12:28:36.0031 2340 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
    12:28:36.0031 2340 TermService - ok
    12:28:36.0093 2340 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    12:28:36.0093 2340 Themes - ok
    12:28:36.0140 2340 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
    12:28:36.0140 2340 TlntSvr - ok
    12:28:36.0140 2340 TosIde - ok
    12:28:36.0187 2340 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
    12:28:36.0187 2340 TrkWks - ok
    12:28:36.0250 2340 truecrypt (aceb4f4f83b895e15c8c1a2f55009783) C:\WINDOWS\system32\drivers\truecrypt.sys
    12:28:36.0250 2340 truecrypt - ok
    12:28:36.0265 2340 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    12:28:36.0265 2340 Udfs - ok
    12:28:36.0281 2340 ultra - ok
    12:28:36.0312 2340 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
    12:28:36.0312 2340 UMWdf - ok
    12:28:36.0343 2340 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    12:28:36.0359 2340 Update - ok
    12:28:36.0406 2340 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
    12:28:36.0421 2340 upnphost - ok
    12:28:36.0437 2340 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
    12:28:36.0437 2340 UPS - ok
    12:28:36.0437 2340 USBAAPL - ok
    12:28:36.0468 2340 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    12:28:36.0468 2340 usbaudio - ok
    12:28:36.0484 2340 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    12:28:36.0484 2340 usbccgp - ok
    12:28:36.0484 2340 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    12:28:36.0484 2340 usbehci - ok
    12:28:36.0500 2340 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    12:28:36.0500 2340 usbhub - ok
    12:28:36.0515 2340 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    12:28:36.0515 2340 usbohci - ok
    12:28:36.0562 2340 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    12:28:36.0562 2340 usbprint - ok
    12:28:36.0609 2340 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    12:28:36.0609 2340 usbscan - ok
    12:28:36.0640 2340 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
    12:28:36.0640 2340 usbser - ok
    12:28:36.0656 2340 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    12:28:36.0656 2340 USBSTOR - ok
    12:28:36.0703 2340 VBoxDrv (103b23ec82c08fc4bdbc369552ffab2a) C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
    12:28:36.0703 2340 VBoxDrv - ok
    12:28:36.0750 2340 VBoxNetAdp (226cd9e42be28a84ec56430fbb57224f) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
    12:28:36.0765 2340 VBoxNetAdp - ok
    12:28:36.0812 2340 VBoxNetFlt (0a5d6512dcb14135a388d0e7e69e01bb) C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys
    12:28:36.0812 2340 VBoxNetFlt - ok
    12:28:36.0859 2340 VBoxUSB (b441887112246d607b9af4267aa60303) C:\WINDOWS\system32\Drivers\VBoxUSB.sys
    12:28:36.0859 2340 VBoxUSB - ok
    12:28:36.0906 2340 VBoxUSBMon (96a478edfb1fbf1fc663beb09b4175a8) C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
    12:28:36.0906 2340 VBoxUSBMon - ok
    12:28:36.0984 2340 vcdrom (bfa4ae30b3ac10e9223830bf103f5a3f) C:\installers\winxpvirtualcdcontrolpanel_21\VCdRom.sys
    12:28:36.0984 2340 vcdrom - ok
    12:28:37.0015 2340 VClone (1cdaa48cb2f7744b8d25650e050766a5) C:\WINDOWS\system32\DRIVERS\VClone.sys
    12:28:37.0015 2340 VClone - ok
    12:28:37.0015 2340 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    12:28:37.0015 2340 VgaSave - ok
    12:28:37.0015 2340 ViaIde - ok
    12:28:37.0156 2340 VMAuthdService (3accf0c817a2bb34efbfb72b57b00252) C:\Program Files\VMware\VMware Player\vmware-authd.exe
    12:28:37.0156 2340 VMAuthdService - ok
    12:28:37.0171 2340 vmci (15759158f7531853616b2b43af962fcb) C:\WINDOWS\system32\DRIVERS\vmci.sys
    12:28:37.0187 2340 vmci - ok
    12:28:37.0234 2340 vmkbd (e5fa574436b840d071dbfe74300741ce) C:\WINDOWS\system32\drivers\VMkbd.sys
    12:28:37.0234 2340 vmkbd - ok
    12:28:37.0281 2340 VMnetAdapter (1afa4af55cbea579a4bbe4f90967f720) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
    12:28:37.0281 2340 VMnetAdapter - ok
    12:28:37.0296 2340 VMnetBridge (6b8f26d54b2ee0da1543f08db3a01c8b) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
    12:28:37.0296 2340 VMnetBridge - ok
    12:28:37.0359 2340 VMnetDHCP (6f5fe74a4713290e6309b45904403798) C:\WINDOWS\system32\vmnetdhcp.exe
    12:28:37.0359 2340 VMnetDHCP - ok
    12:28:37.0375 2340 VMnetuserif (c88e5f414c567ff10343df18f8c3e3f0) C:\WINDOWS\system32\drivers\vmnetuserif.sys
    12:28:37.0375 2340 VMnetuserif - ok
    12:28:37.0390 2340 VMparport (cda57c86108ac6e11273f8cbd2ae83fc) C:\WINDOWS\system32\Drivers\VMparport.sys
    12:28:37.0390 2340 VMparport - ok
    12:28:37.0437 2340 vmusb (afb10ad9aa91d2f70c9f0e6bda0d119b) C:\WINDOWS\system32\Drivers\vmusb.sys
    12:28:37.0437 2340 vmusb - ok
    12:28:37.0531 2340 VMUSBArbService (af76c6d3f5053459e18e4c519fb496c8) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
    12:28:37.0546 2340 VMUSBArbService - ok
    12:28:37.0609 2340 VMware NAT Service (5cc206036b6648cd3990d77e5117e1d9) C:\WINDOWS\system32\vmnat.exe
    12:28:37.0609 2340 VMware NAT Service - ok
    12:28:37.0703 2340 vmx86 (847909a1fc0c8eb46ff975747d673a7f) C:\WINDOWS\system32\Drivers\vmx86.sys
    12:28:37.0703 2340 vmx86 - ok
    12:28:37.0750 2340 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    12:28:37.0750 2340 VolSnap - ok
    12:28:37.0796 2340 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
    12:28:37.0828 2340 VSS - ok
    12:28:37.0875 2340 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
    12:28:37.0890 2340 W32Time - ok
    12:28:38.0031 2340 wampapache (f41e453a90ef19217cee1675f5256ee7) c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
    12:28:38.0031 2340 wampapache - ok
    12:28:38.0062 2340 wampmysqld - ok
    12:28:38.0109 2340 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    12:28:38.0109 2340 Wanarp - ok
    12:28:38.0187 2340 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    12:28:38.0187 2340 Wdf01000 - ok
    12:28:38.0187 2340 WDICA - ok
    12:28:38.0250 2340 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    12:28:38.0250 2340 wdmaud - ok
    12:28:38.0296 2340 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
    12:28:38.0296 2340 WebClient - ok
    12:28:38.0390 2340 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
    12:28:38.0406 2340 winmgmt - ok
    12:28:38.0453 2340 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\mspmsnsv.dll
    12:28:38.0453 2340 WmdmPmSN - ok
    12:28:38.0531 2340 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
    12:28:38.0531 2340 Wmi - ok
    12:28:38.0578 2340 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    12:28:38.0578 2340 WmiAcpi - ok
    12:28:38.0625 2340 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    12:28:38.0671 2340 WmiApSrv - ok
    12:28:38.0843 2340 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    12:28:38.0875 2340 WPFFontCache_v0400 - ok
    12:28:38.0968 2340 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    12:28:38.0968 2340 WS2IFSL - ok
    12:28:39.0015 2340 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
    12:28:39.0046 2340 wscsvc - ok
    12:28:39.0062 2340 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    12:28:39.0062 2340 WSTCODEC - ok
    12:28:39.0093 2340 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
    12:28:39.0140 2340 wuauserv - ok
    12:28:39.0187 2340 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
    12:28:39.0203 2340 WZCSVC - ok
    12:28:39.0250 2340 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
    12:28:39.0296 2340 xmlprov - ok
    12:28:39.0328 2340 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    12:28:39.0828 2340 \Device\Harddisk0\DR0 - ok
    12:28:39.0828 2340 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    12:28:39.0828 2340 \Device\Harddisk1\DR1 - ok
    12:28:39.0828 2340 Boot (0x1200) (a5a91f573ade27f7cff0b880090ea36c) \Device\Harddisk0\DR0\Partition0
    12:28:39.0828 2340 \Device\Harddisk0\DR0\Partition0 - ok
    12:28:39.0828 2340 Boot (0x1200) (4654c4f00c27b7b34d3cd0794304e423) \Device\Harddisk1\DR1\Partition0
    12:28:39.0843 2340 \Device\Harddisk1\DR1\Partition0 - ok
    12:28:39.0843 2340 ============================================================
    12:28:39.0843 2340 Scan finished
    12:28:39.0843 2340 ============================================================
    12:28:39.0843 1824 Detected object count: 0
    12:28:39.0843 1824 Actual detected object count: 0
  25. Broni

    Broni Malware Annihilator Posts: 45,223   +243

    Nothing there.

    Go ahead with OTL.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.