Inactive [A] Malwarebytes blocking outgoing/incoming to same ip

Status
Not open for further replies.
G

gBarrett

Posts: 22   +0
Every 3-10 minutes Malwarebytes blocks an outgoing/incoming request, always the same ip.

2012/06/13 09:46:16 -0700 EXPERIENCE Gregory IP-BLOCK 213.155.21.224 (Type: incoming)
2012/06/13 16:06:21 -0700 EXPERIENCE Gregory IP-BLOCK 213.155.21.224 (Type: outgoing)

mbam-log-2012-06-13 (10-38-05).txt

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.13.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
Gregory :: EXPERIENCE [administrator]

Protection: Enabled

6/13/2012 10:38:05 AM
mbam-log-2012-06-13 (10-38-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 259464
Time elapsed: 6 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

gmer.log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-06-13 10:49:33
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST3160023A rev.8.01
Running: jpcegxmw.exe; Driver: C:\DOCUME~1\Gregory\LOCALS~1\Temp\pglyyaow.sys


---- System - GMER 1.0.15 ----

Code F7A5EC9C ZwRequestPort
Code F7A5ED3C ZwRequestWaitReplyPort
Code F7A5EBFC ZwTraceEvent
Code F7A5EC9B NtRequestPort
Code F7A5ED3B NtRequestWaitReplyPort
Code F7A5EBFB NtTraceEvent

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)

---- EOF - GMER 1.0.15 ----

DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_31
Run by Gregory at 13:21:07 on 2012-06-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1426 [GMT -7:00]
.
AV: G Data AntiVirus 2010 *Disabled/Outdated* {71310606-6F3B-49F2-9A81-8315AA75FBB3}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
svchost.exe
C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Micro Niche Finder\srvany.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Micro Niche Finder\bggoogle.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\EVGA Precision\EVGAPrecision.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AutoSizer\AutoSizer.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
D:\Program Files\Steam\steam.exe
C:\Documents and Settings\Gregory\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Stickies\stickies.exe
C:\Program Files\WallpaperToy\Wallpapertoy.Exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRAM FILES\GOOGLE\GMAIL NOTIFIER\GNOTIFY.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRAM FILES\ELABORATE BYTES\VIRTUALCLONEDRIVE\VCDDAEMON.EXE
C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LIGHTSCRIBECONTROLPANEL.EXE
C:\Program Files\Skype\Phone\Skype.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
uRun: [AutoSizer] "c:\program files\autosizer\AutoSizer.exe"
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [Steam] "d:\program files\steam\steam.exe" -silent
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\WinPatrol.exe -expressboot
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Nuance.ctfmngr] c:\program files\nuance\naturallyspeaking10\program\ctfmngr.exe /restore
mRun: [EVGAPrecision] "c:\program files\evga precision\EVGAPrecision.exe" /s
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\gregory\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\gregory\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\gregory\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe
StartupFolder: c:\docume~1\gregory\startm~1\programs\startup\wallpa~1.lnk - c:\program files\wallpapertoy\Wallpapertoy.Exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\msi\star key bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {0483894E-2422-45E0-8384-021AFF1AF3CD} - {0483894E-2422-45E0-8384-021AFF1AF3CD} - c:\program files\imacros\imacros.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: %SystemRoot%\system32\vsocklib.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268200405812
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268200521750
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{2340376E-95A1-4AC8-B4C8-4381226E9DA3} : NameServer = 8.8.8.8,66.93.87.2,8.8.4.4,216.231.41.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\gregory\application data\mozilla\firefox\profiles\rm88ypaz.bigg\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama&hl=en
FF - plugin: c:\documents and settings\gregory\local settings\application data\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\documents and settings\gregory\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
.
============= SERVICES / DRIVERS ===============
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [2011-8-8 98928]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl97a76a65;MpKsl97a76a65;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5f5d7587-76ee-45ab-8045-76562f0078fa}\MpKsl97a76a65.sys [2012-6-13 29904]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2010-1-23 158512]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2010-1-23 91440]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\installers\winxpvirtualcdcontrolpanel_21\VCdRom.sys [2009-3-3 8576]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-1-10 10448]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-7 654408]
R2 Micro Niche Finder Background Download Service;Micro Niche Finder Background Download Service;c:\program files\micro niche finder\srvany.exe [2010-2-3 8192]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2012-1-3 2253120]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2011-8-29 665200]
R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2007-8-31 384896]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2010-8-24 40912]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-8-24 10448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-7 22344]
R3 RTCore32;RTCore32;c:\program files\evga precision\RTCore32.sys [2011-9-6 5632]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-10-12 131344]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2011-12-19 116016]
S0 AmdAcpi;AmdAcpi Bus Filter Driver;c:\windows\system32\drivers\amdacpi.sys --> c:\windows\system32\drivers\AmdAcpi.sys [?]
S1 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\amdtools.sys --> c:\windows\system32\drivers\amdtools.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]
S3 123rootrepeal;123rootrepeal;c:\windows\system32\drivers\123rootrepeal.sys [2010-1-21 34816]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-1-21 15944]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S3 ruby-hello;ruby-hello;c:\wamp\ruby\bin\mongrel_service.exe [2012-1-31 47616]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-12-17 104752]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2010-1-23 82736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 129976]
S4 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
.
=============== Created Last 30 ================
.
2012-06-13 17:22:53 -------- d-----r- c:\program files\Skype
2012-06-13 16:05:46 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5f5d7587-76ee-45ab-8045-76562f0078fa}\MpKsl97a76a65.sys
2012-06-13 10:32:32 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5f5d7587-76ee-45ab-8045-76562f0078fa}\mpengine.dll
2012-06-09 10:47:53 98816 ----a-w- c:\windows\sed.exe
2012-06-09 10:47:53 518144 ----a-w- c:\windows\SWREG.exe
.
==================== Find3M ====================
.
2012-05-01 21:00:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-01 21:00:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 13:22:09.32 ===============


Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/18/2007 3:16:54 AM
System Uptime: 6/13/2012 9:04:47 AM (4 hours ago)
.
Motherboard: ECS | | GF7050VT-M
Processor: Intel Pentium III Xeon processor | CPU 1 | 2666/267mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 36.288 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 85.768 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()
I: is CDROM ()
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VirtualBox Host-Only Ethernet Adapter
Device ID: ROOT\NET\0000
Manufacturer: Oracle Corporation
Name: VirtualBox Host-Only Ethernet Adapter
PNP Device ID: ROOT\NET\0000
Service: VBoxNetAdp
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VMware Virtual Ethernet Adapter for VMnet1
Device ID: ROOT\VMWARE\0000
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet1
PNP Device ID: ROOT\VMWARE\0000
Service: VMnetAdapter
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VMware Virtual Ethernet Adapter for VMnet8
Device ID: ROOT\VMWARE\0001
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet8
PNP Device ID: ROOT\VMWARE\0001
Service: VMnetAdapter
.
==== System Restore Points ===================
.
RP960: 4/25/2012 10:30:49 PM - Software Distribution Service 3.0
RP961: 4/27/2012 3:14:04 AM - System Checkpoint
RP962: 4/27/2012 4:27:50 PM - Software Distribution Service 3.0
RP963: 4/28/2012 4:28:03 PM - Software Distribution Service 3.0
RP964: 4/29/2012 3:40:41 AM - Software Distribution Service 3.0
RP965: 4/29/2012 4:27:47 PM - Software Distribution Service 3.0
RP966: 4/30/2012 4:27:12 PM - Software Distribution Service 3.0
RP967: 5/1/2012 1:59:26 PM - Removed Java(TM) 6 Update 24
RP968: 5/2/2012 12:03:22 AM - Software Distribution Service 3.0
RP969: 5/2/2012 11:59:12 PM - Software Distribution Service 3.0
RP970: 5/4/2012 3:21:03 AM - System Checkpoint
RP971: 5/4/2012 11:46:28 AM - Software Distribution Service 3.0
RP972: 5/5/2012 1:58:38 PM - System Checkpoint
RP973: 5/6/2012 4:03:29 AM - Software Distribution Service 3.0
RP974: 5/6/2012 11:19:24 AM - Software Distribution Service 3.0
RP975: 5/7/2012 1:08:36 PM - System Checkpoint
RP976: 5/7/2012 11:31:15 PM - Software Distribution Service 3.0
RP977: 5/9/2012 4:40:08 AM - System Checkpoint
RP978: 5/9/2012 11:04:56 PM - Software Distribution Service 3.0
RP979: 5/10/2012 11:03:32 PM - Software Distribution Service 3.0
RP980: 5/11/2012 11:04:22 PM - Software Distribution Service 3.0
RP981: 5/12/2012 11:03:44 PM - Software Distribution Service 3.0
RP982: 5/14/2012 2:34:06 AM - System Checkpoint
RP983: 5/14/2012 11:33:55 AM - Software Distribution Service 3.0
RP984: 5/15/2012 11:25:52 AM - Removed HP Update.
RP985: 5/15/2012 11:33:41 AM - Removed Legal Library 2005
RP986: 5/16/2012 11:23:02 AM - Software Distribution Service 3.0
RP987: 5/17/2012 11:23:22 AM - Software Distribution Service 3.0
RP988: 5/18/2012 12:36:56 PM - System Checkpoint
RP989: 5/18/2012 10:17:21 PM - Software Distribution Service 3.0
RP990: 5/19/2012 10:17:15 PM - Software Distribution Service 3.0
RP991: 5/20/2012 4:25:01 AM - Software Distribution Service 3.0
RP992: 5/21/2012 4:29:15 AM - System Checkpoint
RP993: 5/21/2012 7:31:17 PM - Software Distribution Service 3.0
RP994: 5/22/2012 7:31:25 PM - Software Distribution Service 3.0
RP995: 5/23/2012 7:30:52 PM - Software Distribution Service 3.0
RP996: 5/24/2012 9:48:57 PM - System Checkpoint
RP997: 5/25/2012 10:45:25 AM - Software Distribution Service 3.0
RP998: 5/26/2012 10:44:38 AM - Software Distribution Service 3.0
RP999: 5/27/2012 4:10:47 AM - Software Distribution Service 3.0
RP1000: 5/27/2012 10:44:09 AM - Software Distribution Service 3.0
RP1001: 5/28/2012 12:38:54 PM - System Checkpoint
RP1002: 5/29/2012 10:06:36 AM - Software Distribution Service 3.0
RP1003: 5/30/2012 10:05:59 AM - Software Distribution Service 3.0
RP1004: 5/31/2012 10:05:47 AM - Software Distribution Service 3.0
RP1005: 6/1/2012 10:06:39 AM - Software Distribution Service 3.0
RP1006: 6/2/2012 10:06:46 AM - Software Distribution Service 3.0
RP1007: 6/3/2012 3:58:59 AM - Software Distribution Service 3.0
RP1008: 6/3/2012 10:05:38 AM - Software Distribution Service 3.0
RP1009: 6/4/2012 10:05:39 AM - Software Distribution Service 3.0
RP1010: 6/5/2012 10:11:31 AM - System Checkpoint
RP1011: 6/6/2012 12:12:33 AM - Software Distribution Service 3.0
RP1012: 6/7/2012 12:12:47 AM - Software Distribution Service 3.0
RP1013: 6/8/2012 12:12:44 AM - Software Distribution Service 3.0
RP1014: 6/9/2012 12:12:42 AM - Software Distribution Service 3.0
RP1015: 6/10/2012 3:59:04 AM - System Checkpoint
RP1016: 6/10/2012 4:08:03 AM - Software Distribution Service 3.0
RP1017: 6/11/2012 7:31:01 AM - System Checkpoint
RP1018: 6/11/2012 4:03:13 PM - Removed Skype Click to Call
RP1019: 6/11/2012 4:04:25 PM - Removed Skype™ 5.9
RP1020: 6/11/2012 4:20:00 PM - Software Distribution Service 3.0
RP1021: 6/12/2012 5:59:12 PM - System Checkpoint
.
==== Installed Programs ======================
.
7-Zip 4.64
AC-3 ACM Codec
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8.3.0 - CPSID_83708
Adobe Acrobat 8.3.0 Professional
Adobe AIR
Adobe Color Common Settings
Adobe Download Manager
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Player 9 ActiveX
AnswerAnalyst
ArcExplorer Java Edition
Audacity 1.3.13 (Unicode)
Autodesk 3ds Max 9 32-bit
Autodesk DWF Viewer 7
AutoSizer
blubell
Boks
Business Contact Manager for Outlook 2007 SP2
CCleaner
CleanMem
Company of Heroes
Daily Interest Calculator v3.1
Defraggler
DH Driver Cleaner Professional Edition
DivX Setup
Dragon NaturallySpeaking 10
DriveImage XML (Private Edition)
Driver Sweeper 2.1.0
Dropbox
EPSON Scan
eReg
ESET Online Scanner v3
Everything 1.2.1.371
EVGA Precision 2.1.0
FBX Plugin 2006.08 for Max 9.0
FeedDemon
FeedStation
FFmpeg v0.6.2 for Audacity
FileZilla Client 3.5.3
FlashFXP v3
foobar2000 v1.1.7
Foxit Reader
FreeMind
gedit 2.30.1
GIMP 2.4.6
Git version 1.7.9-preview20120201
Google Chrome
Google Earth
Google Gmail Notifier
GPL Ghostscript 8.63
GTK2-Runtime
HashTab 3.0.0
HD Tune Pro 5.00
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958655-v2)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Huffyuv AVI lossless video codec (Remove Only)
IDT Audio
iMacros V6.86
ImgBurn
InCtrl5
Inkscape 0.46
InterVideo FilterSDK for Hauppauge
Java(TM) 6 Update 31
LAME v3.98.3 for Audacity
LastPass (uninstall only)
LightScribe System Software
Logitech SetPoint 6.20
Magic ISO Maker v5.3 (build 0216)
MagicDisc 2.5.79
Malwarebytes Anti-Malware version 1.61.0.1400
Market Samurai
Micro Niche Finder
Micro Niche Finder 5.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Antimalware
Microsoft Default Manager
Microsoft Help Viewer 1.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2007
Microsoft Office Accounting Equifax Addin
Microsoft Office Accounting PayPal Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C# 2010 Express - ENU
Microsoft Windows Media Video 9 VCM
Microsoft Windows XP Video Decoder Checkup Utility
Morgan M-JPEG codec V3
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MusicBrainz Picard 0.7.2
MyDefrag v4.2.5
nanoPEG-Editor 2.6.0 for WinTV
Nero 6 Ultra Edition
Notepad++
NVIDIA Control Panel 285.58
NVIDIA Graphics Driver 285.58
NVIDIA Install Application
NVIDIA nView 135.95
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.11.0621
NVIDIA Update 1.5.20
NVIDIA Update Components
oggcodecs 0.71.0946
PDF Info 2.02
pdfsam
Portal 2
Prime95
PSPad editor
RadLight Ogg Media DirectShow filter (remove only)
Realtek AC'97 Audio
REALTEK GbE & FE Ethernet PCI NIC Driver
Revo Uninstaller 1.94
RivaTuner v2.0 Final Release
SABnzbd (remove only)
Sandboxie 3.60 (32-bit)
Scribus 1.3.3.12
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Visual Basic 2010 Express - ENU (KB2251489)
Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Skype™ 5.9
Source SDK
SpeedFan (remove only)
Stickies 7.1a
Stylizer
SuperMemo
The Action Machine
Traffic Travis 3.1.16
TrueCrypt
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VirtualCloneDrive
VirusTotal Uploader 2.0
Visual C++ Runtime for Dragon NaturallySpeaking
VLC media player 1.0.5
VMware Player
Wallpaper Changer for Windows XP
WampServer 2.2
Web Content Studio
Winamp (remove only)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WinPatrol
WinPcap 4.1.1
WinRAR archiver
WinSCP 4.3.2
WinZip
.
==== Event Viewer Messages From Past Week ========
.
6/9/2012 4:24:15 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvport
6/9/2012 4:06:27 AM, error: PlugPlayManager [11] - The device Root\LEGACY_ROOTREPEAL\0000 disappeared from the system without first being prepared for removal.
6/9/2012 3:50:39 AM, error: Service Control Manager [7034] - The Micro Niche Finder Background Download Service service terminated unexpectedly. It has done this 1 time(s).
6/9/2012 3:45:20 AM, error: NetDDE [206] - Listen failed: 23: The ncb_lana_num member did not specify a valid network number.
6/9/2012 10:40:24 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Steam Client Service service to connect.
6/9/2012 10:40:24 PM, error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/13/2012 12:59:19 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
6/13/2012 1:36:11 AM, error: NetDDE [206] - Listen failed: 15:
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================================================

You're running two AV programs, G Data AntiVirus and MSE.
You must uninstall one of them.

When done....

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

===========================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
 
The aswMBR scan took hours to complete.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-13 16:54:18
-----------------------------
16:54:18.359 OS Version: Windows 5.1.2600 Service Pack 3
16:54:18.359 Number of processors: 2 586 0x1706
16:54:18.359 ComputerName: EXPERIENCE UserName: Gregory
16:54:23.984 Initialize success
17:03:29.062 AVAST engine defs: 12061301
17:03:46.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
17:03:46.859 Disk 0 Vendor: ST3160023A 8.01 Size: 152627MB BusType: 3
17:03:46.859 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
17:03:46.859 Disk 1 Vendor: WDC_WD5000AAKB-22UKA0 07.01N01 Size: 476940MB BusType: 3
17:03:47.000 Disk 0 MBR read successfully
17:03:47.000 Disk 0 MBR scan
17:03:47.046 Disk 0 Windows XP default MBR code
17:03:47.062 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
17:03:47.187 Disk 0 scanning sectors +312560640
17:03:47.406 Disk 0 scanning C:\WINDOWS\system32\drivers
17:04:41.843 Service scanning
17:04:55.109 Service MpKsl38a3fb9c C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F9B4D8E-DA25-478A-8CA2-81F11B87A4DC}\MpKsl38a3fb9c.sys **LOCKED** 32
17:05:19.546 Modules scanning
17:06:15.375 Disk 0 trace - called modules:
17:06:15.421 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:06:15.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a758ab8]
17:06:15.421 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000086[0x8a798410]
17:06:15.421 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a7dd300]
17:06:16.562 AVAST engine scan C:\WINDOWS
17:06:58.109 AVAST engine scan C:\WINDOWS\system32
17:20:01.671 AVAST engine scan C:\WINDOWS\system32\drivers
17:21:07.062 AVAST engine scan C:\Documents and Settings\Gregory
19:52:01.031 AVAST engine scan C:\Documents and Settings\All Users
19:59:19.968 Scan finished successfully
22:57:44.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Gregory\Desktop\MBR.dat"
22:57:44.578 The log file has been saved successfully to "C:\Documents and Settings\Gregory\Desktop\aswMBR.txt"
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix 12-06-14.04 - Gregory 06/14/2012 20:59:10.12.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1508 [GMT -7:00]
Running from: c:\documents and settings\Gregory\Desktop\ComboFix.exe
AV: G Data AntiVirus 2010 *Disabled/Outdated* {71310606-6F3B-49F2-9A81-8315AA75FBB3}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\program files\Mozilla Maintenance Service
c:\program files\Mozilla Maintenance Service\maintenanceservice.exe
c:\program files\Mozilla Maintenance Service\Uninstall.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MozillaMaintenance
-------\Service_MozillaMaintenance
.
.
((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
.
.
2012-06-15 04:28 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B5CE95A1-AA80-48D0-A709-C9F2FD92BEBE}\mpengine.dll
2012-06-13 17:22 . 2012-06-13 17:22 -------- d-----w- c:\program files\Common Files\Skype
2012-06-13 17:22 . 2012-06-13 17:22 -------- d-----r- c:\program files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 16:40 . 2011-06-30 09:23 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-01 21:00 . 2011-03-23 03:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-01 21:00 . 2008-06-10 10:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-04 22:56 . 2011-11-07 09:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-24 23:47 . 2011-03-22 17:42 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-09_11.06.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-13 17:23 . 2012-06-13 17:23 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
- 2012-06-07 20:16 . 2012-06-07 20:16 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
+ 2012-06-13 17:23 . 2012-06-13 17:23 1648128 c:\windows\Installer\47580e.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoSizer"="c:\program files\AutoSizer\AutoSizer.exe" [2009-04-08 131072]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-10-12 438544]
"Steam"="d:\program files\Steam\steam.exe" [2011-12-25 1242448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\WinPatrol.exe" [2010-11-04 329096]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Nuance.ctfmngr"="c:\program files\Nuance\NaturallySpeaking10\Program\ctfmngr.exe" [2009-03-17 50536]
"EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2011-11-22 359528]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2011-10-08 203072]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\windows\Temp\lpuninstall.exe [N/A]
Install LastPass IE RunOnce.lnk - c:\windows\Temp\lpuninstall.exe [N/A]
.
c:\documents and settings\Gregory\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Gregory\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Stickies.lnk - c:\program files\Stickies\stickies.exe [2011-9-10 1122304]
Wallpaper Changer.lnk - c:\program files\WallpaperToy\Wallpapertoy.Exe [2010-4-8 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Market Samurai\\Market Samurai.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Documents and Settings\\Gregory\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Oracle\\VirtualBox\\VirtualBox.exe"=
"c:\\Program Files\\Notepad++\\notepad++.exe"=
"c:\\Program Files\\PSPad editor\\PSPad.exe"=
"c:\\Program Files\\Stickies\\stickies.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicCOH.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.21\\bin\\httpd.exe"=
"c:\\wamp\\ruby\\bin\\ruby.exe"=
"c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\orcs must die!\\Build\\release\\OrcsMustDie.exe"=
"c:\\Program Files\\eclipse-php\\eclipse-php.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\portal 2\\portal2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"27014:TCP"= 27014:TCP:port-range 27014
"27015:TCP"= 27015:TCP:port-range 27015
"27016:TCP"= 27016:TCP:port-range 27016
"27017:TCP"= 27017:TCP:port-range 27017
"27018:TCP"= 27018:TCP:port-range 27018
"27019:TCP"= 27019:TCP:port-range 27019
"27020:TCP"= 27020:TCP:port-range 27020
"27021:TCP"= 27021:TCP:port-range 27021
"27022:TCP"= 27022:TCP:port-range 27022
"27023:TCP"= 27023:TCP:port-range 27023
"27024:TCP"= 27024:TCP:port-range 27024
"27025:TCP"= 27025:TCP:port-range 27025
"27026:TCP"= 27026:TCP:port-range 27026
"27027:TCP"= 27027:TCP:port-range 27027
"27028:TCP"= 27028:TCP:port-range 27028
"27029:TCP"= 27029:TCP:port-range 27029
"27030:TCP"= 27030:TCP:port-range 27030
"27031:TCP"= 27031:TCP:port-range 27031
"27032:TCP"= 27032:TCP:port-range 27032
"27033:TCP"= 27033:TCP:port-range 27033
"27034:TCP"= 27034:TCP:port-range 27034
"27035:TCP"= 27035:TCP:port-range 27035
"27036:TCP"= 27036:TCP:port-range 27036
"27037:TCP"= 27037:TCP:port-range 27037
"27038:TCP"= 27038:TCP:port-range 27038
"27039:TCP"= 27039:TCP:port-range 27039
"27040:TCP"= 27040:TCP:port-range 27040
"27041:TCP"= 27041:TCP:port-range 27041
"27042:TCP"= 27042:TCP:port-range 27042
"27043:TCP"= 27043:TCP:port-range 27043
"27044:TCP"= 27044:TCP:port-range 27044
"27045:TCP"= 27045:TCP:port-range 27045
"27046:TCP"= 27046:TCP:port-range 27046
"27047:TCP"= 27047:TCP:port-range 27047
"27048:TCP"= 27048:TCP:port-range 27048
"27049:TCP"= 27049:TCP:port-range 27049
"27050:TCP"= 27050:TCP:port-range 27050
"27014:UDP"= 27014:UDP:port-range 27014
"27015:UDP"= 27015:UDP:port-range 27015
"27016:UDP"= 27016:UDP:port-range 27016
"27017:UDP"= 27017:UDP:port-range 27017
"27018:UDP"= 27018:UDP:port-range 27018
"27019:UDP"= 27019:UDP:port-range 27019
"27020:UDP"= 27020:UDP:port-range 27020
"27021:UDP"= 27021:UDP:port-range 27021
"27022:UDP"= 27022:UDP:port-range 27022
"27023:UDP"= 27023:UDP:port-range 27023
"27024:UDP"= 27024:UDP:port-range 27024
"27025:UDP"= 27025:UDP:port-range 27025
"27026:UDP"= 27026:UDP:port-range 27026
"27027:UDP"= 27027:UDP:port-range 27027
"27028:UDP"= 27028:UDP:port-range 27028
"27029:UDP"= 27029:UDP:port-range 27029
"27030:UDP"= 27030:UDP:port-range 27030
"4380:UDP"= 4380:UDP:port-UDP 4380
"27000:UDP"= 27000:UDP:port-range 27000
"27001:UDP"= 27001:UDP:port-range 27001
"27002:UDP"= 27002:UDP:port-range 27002
"27003:UDP"= 27003:UDP:port-range 27003
"27004:UDP"= 27004:UDP:port-range 27004
"27005:UDP"= 27005:UDP:port-range 27005
"27006:UDP"= 27006:UDP:port-range 27006
"27007:UDP"= 27007:UDP:port-range 27007
"27008:UDP"= 27008:UDP:port-range 27008
"27009:UDP"= 27009:UDP:port-range 27009
"27010:UDP"= 27010:UDP:port-range 27010
"27011:UDP"= 27011:UDP:port-range 27011
"27012:UDP"= 27012:UDP:port-range 27012
"27013:UDP"= 27013:UDP:port-range 27013
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [8/8/2011 3:58 PM 98928]
R1 MpKsl33628768;MpKsl33628768;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F9B4D8E-DA25-478A-8CA2-81F11B87A4DC}\MpKsl33628768.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F9B4D8E-DA25-478A-8CA2-81F11B87A4DC}\MpKsl33628768.sys [?]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [1/23/2010 10:50 PM 158512]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [1/23/2010 10:50 PM 91440]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\installers\winxpvirtualcdcontrolpanel_21\VCdRom.sys [3/3/2009 6:57 AM 8576]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [1/10/2011 8:51 PM 10448]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/7/2011 2:55 AM 654408]
R2 Micro Niche Finder Background Download Service;Micro Niche Finder Background Download Service;c:\program files\Micro Niche Finder\srvany.exe [2/3/2010 3:50 AM 8192]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1/3/2012 3:14 PM 2253120]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [8/29/2011 11:11 PM 665200]
R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [8/31/2007 12:13 PM 384896]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [8/24/2010 10:30 AM 40912]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [8/24/2010 10:30 AM 10448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/7/2011 2:55 AM 22344]
R3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [9/6/2011 5:24 PM 5632]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [12/19/2011 3:11 PM 116016]
S0 AmdAcpi;AmdAcpi Bus Filter Driver;c:\windows\system32\DRIVERS\AmdAcpi.sys --> c:\windows\system32\DRIVERS\AmdAcpi.sys [?]
S1 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\amdtools.sys --> c:\windows\system32\DRIVERS\amdtools.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/5/2012 3:17 PM 160944]
S3 123rootrepeal;123rootrepeal;c:\windows\system32\drivers\123rootrepeal.sys [1/21/2010 10:01 AM 34816]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [1/21/2010 9:17 PM 15944]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 11:19 AM 50704]
S3 ruby-hello;ruby-hello;c:\wamp\ruby\bin\mongrel_service.exe [1/31/2012 1:37 PM 47616]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [12/17/2009 4:02 PM 104752]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [1/23/2010 10:50 PM 82736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
S4 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 5:00 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-02-25 18:12 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-15 c:\windows\Tasks\Clean System Memory.job
- c:\windows\system32\CleanMem.exe [2009-11-11 23:22]
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1645522239-839522115-1015Core.job
- c:\documents and settings\Gregory\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-11 03:44]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1645522239-839522115-1015UA.job
- c:\documents and settings\Gregory\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-11 03:44]
.
2012-06-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
2012-06-14 c:\windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
- c:\program files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-17 03:45]
.
2012-06-14 c:\windows\Tasks\NatSpeak Periodic Language Model Optimization.job
- c:\program files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-17 03:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: Interfaces\{2340376E-95A1-4AC8-B4C8-4381226E9DA3}: NameServer = 8.8.8.8,66.93.87.2,8.8.4.4,216.231.41.2
FF - ProfilePath - c:\documents and settings\Gregory\Application Data\Mozilla\Firefox\Profiles\rm88ypaz.bigG\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama&hl=en
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-MozillaMaintenanceService - c:\program files\Mozilla Maintenance Service\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-14 21:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ruby-hello]
"ImagePath"="\"C:/wamp/ruby/bin/mongrel_service.exe\" service single -e development -p 3001 -a 0.0.0.0 -l \"log/mongrel.log\" -P \"log/mongrel.pid\" -c \"c:/wamp/www/rails/hello\" -t 0 -r \"public\" -n 1024"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ruby-hello]
"ImagePath"="\"C:/wamp/ruby/bin/mongrel_service.exe\" service single -e development -p 3001 -a 0.0.0.0 -l \"log/mongrel.log\" -P \"log/mongrel.pid\" -c \"c:/wamp/www/rails/hello\" -t 0 -r \"public\" -n 1024"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:74,63,79,64,0b,2b,41,2c,de,f0,c2,19,db,b6,b1,3c,be,2d,3b,ee,ed,
31,3d,bb,3a,4c,77,d1,77,d4,c2,ef,9d,99,52,64,9c,89,c2,15,83,2d,19,68,b8,a0,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:74,63,79,64,0b,2b,41,2c,de,f0,c2,19,db,b6,b1,3c,be,2d,3b,ee,ed,
31,3d,bb,3a,4c,77,d1,77,d4,c2,ef,9d,99,52,64,9c,89,c2,15,83,2d,19,68,b8,a0,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(952)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(1696)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\program files\AutoSizer\AutoSizer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\windows\system32\netdde.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Micro Niche Finder\bggoogle.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\VMware\VMware Player\vmware-authd.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\GOOGLE\GMAIL NOTIFIER\GNOTIFY.EXE
.
**************************************************************************
.
Completion time: 2012-06-14 22:09:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-15 05:09
ComboFix2.txt 2012-06-10 21:00
.
Pre-Run: 40,879,992,832 bytes free
Post-Run: 40,661,991,424 bytes free
.
- - End Of File - - EECCCE0970BEF2940813EF266DEC1AFA
 
I noticed the following repeated in the Combofix log;

AV: G Data AntiVirus 2010 *Disabled/Outdated* {71310606-6F3B-49F2-9A81-8315AA75FBB3}

G Data did not show up in "Add or Remove Programs", nor was it listed in Revo Unistaller. I used G Data's AVCleaner 2012 tool when you initially directed me to uninstall one of the AV programs. I thought it removed all traces. All that I can find now of G Data are an empty Folder and some Registry entries.
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
SecCenter::
{71310606-6F3B-49F2-9A81-8315AA75FBB3}

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27014:TCP"=-
"27015:TCP"=-
"27016:TCP"=-
"27017:TCP"=-
"27018:TCP"=-
"27019:TCP"=-
"27020:TCP"=-
"27021:TCP"=-
"27022:TCP"=-
"27023:TCP"=-
"27024:TCP"=-
"27025:TCP"=- 
"27026:TCP"=-
"27027:TCP"=-
"27028:TCP"=-
"27029:TCP"=-
"27030:TCP"=-
"27031:TCP"=-
"27032:TCP"=- 
"27033:TCP"=-
"27034:TCP"=-
"27035:TCP"=-
"27036:TCP"=-
"27037:TCP"=-
"27038:TCP"=-
"27039:TCP"=-
"27040:TCP"=-
"27041:TCP"=-
"27042:TCP"=-
"27043:TCP"=-
"27044:TCP"=-
"27045:TCP"=-
"27046:TCP"=-
"27047:TCP"=-
"27048:TCP"=-
"27049:TCP"=-
"27050:TCP"=-
"27014:UDP"=-
"27015:UDP"=-
"27016:UDP"=-
"27017:UDP"=-
"27018:UDP"=-
"27019:UDP"=-
"27020:UDP"=-
"27021:UDP"=-
"27022:UDP"=-
"27023:UDP"=-
"27024:UDP"=-
"27025:UDP"=-
"27026:UDP"=-
"27027:UDP"=-
"27028:UDP"=-
"27029:UDP"=-
"27030:UDP"=-
"4380:UDP"=-
"27000:UDP"=-
"27001:UDP"=-
"27002:UDP"=-
"27003:UDP"=-
"27004:UDP"=-
"27005:UDP"=-
"27006:UDP"=-
"27007:UDP"=-
"27008:UDP"=-
"27009:UDP"=-
"27010:UDP"=-
"27011:UDP"=-
"27012:UDP"=-
"27013:UDP"=-

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Combofix appeared to me to restart after the upgrade and I am unsure if it retained the CFScritpt.txt. Question was, do I need to restart Combofix again by dragging the CFScritp.txt onto the CF icon?
 
ComboFix 12-06-15.03 - Gregory 06/15/2012 9:45.14.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1487 [GMT -7:00]
Running from: c:\documents and settings\Gregory\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Gregory\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
.
.
2012-06-15 05:30 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{87010546-B2D6-4744-86CE-41D7D0F62DF7}\mpengine.dll
2012-06-15 05:06 . 2012-06-15 05:06 -------- d-----w- c:\program files\Dropbox
2012-06-13 17:22 . 2012-06-13 17:22 -------- d-----w- c:\program files\Common Files\Skype
2012-06-13 17:22 . 2012-06-13 17:22 -------- d-----r- c:\program files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 16:40 . 2011-06-30 09:23 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-01 21:00 . 2011-03-23 03:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-01 21:00 . 2008-06-10 10:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-04 22:56 . 2011-11-07 09:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-24 23:47 . 2011-03-22 17:42 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-09_11.06.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-13 17:23 . 2012-06-13 17:23 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
- 2012-06-07 20:16 . 2012-06-07 20:16 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
+ 2012-06-13 17:23 . 2012-06-13 17:23 1648128 c:\windows\Installer\47580e.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoSizer"="c:\program files\AutoSizer\AutoSizer.exe" [2009-04-08 131072]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-10-12 438544]
"Steam"="d:\program files\Steam\steam.exe" [2011-12-25 1242448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\WinPatrol.exe" [2010-11-04 329096]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Nuance.ctfmngr"="c:\program files\Nuance\NaturallySpeaking10\Program\ctfmngr.exe" [2009-03-17 50536]
"EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2011-11-22 359528]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2011-10-08 203072]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\windows\Temp\lpuninstall.exe [N/A]
Install LastPass IE RunOnce.lnk - c:\windows\Temp\lpuninstall.exe [N/A]
.
c:\documents and settings\Gregory\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Gregory\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Stickies.lnk - c:\program files\Stickies\stickies.exe [2011-9-10 1122304]
Wallpaper Changer.lnk - c:\program files\WallpaperToy\Wallpapertoy.Exe [2010-4-8 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Market Samurai\\Market Samurai.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Documents and Settings\\Gregory\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Oracle\\VirtualBox\\VirtualBox.exe"=
"c:\\Program Files\\Notepad++\\notepad++.exe"=
"c:\\Program Files\\PSPad editor\\PSPad.exe"=
"c:\\Program Files\\Stickies\\stickies.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicCOH.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.21\\bin\\httpd.exe"=
"c:\\wamp\\ruby\\bin\\ruby.exe"=
"c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\orcs must die!\\Build\\release\\OrcsMustDie.exe"=
"c:\\Program Files\\eclipse-php\\eclipse-php.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\portal 2\\portal2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [8/8/2011 3:58 PM 98928]
R1 MpKsl33628768;MpKsl33628768;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F9B4D8E-DA25-478A-8CA2-81F11B87A4DC}\MpKsl33628768.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F9B4D8E-DA25-478A-8CA2-81F11B87A4DC}\MpKsl33628768.sys [?]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [1/23/2010 10:50 PM 158512]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [1/23/2010 10:50 PM 91440]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\installers\winxpvirtualcdcontrolpanel_21\VCdRom.sys [3/3/2009 6:57 AM 8576]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [1/10/2011 8:51 PM 10448]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/7/2011 2:55 AM 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1/3/2012 3:14 PM 2253120]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [8/29/2011 11:11 PM 665200]
R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [8/31/2007 12:13 PM 384896]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [8/24/2010 10:30 AM 40912]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [8/24/2010 10:30 AM 10448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/7/2011 2:55 AM 22344]
R3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [9/6/2011 5:24 PM 5632]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [12/19/2011 3:11 PM 116016]
S0 AmdAcpi;AmdAcpi Bus Filter Driver;c:\windows\system32\DRIVERS\AmdAcpi.sys --> c:\windows\system32\DRIVERS\AmdAcpi.sys [?]
S1 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\amdtools.sys --> c:\windows\system32\DRIVERS\amdtools.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 Micro Niche Finder Background Download Service;Micro Niche Finder Background Download Service;c:\program files\Micro Niche Finder\srvany.exe [2/3/2010 3:50 AM 8192]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/5/2012 3:17 PM 160944]
S3 123rootrepeal;123rootrepeal;c:\windows\system32\drivers\123rootrepeal.sys [1/21/2010 10:01 AM 34816]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [1/21/2010 9:17 PM 15944]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 11:19 AM 50704]
S3 ruby-hello;ruby-hello;c:\wamp\ruby\bin\mongrel_service.exe [1/31/2012 1:37 PM 47616]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [12/17/2009 4:02 PM 104752]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [1/23/2010 10:50 PM 82736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
S4 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 5:00 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-02-25 18:12 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-15 c:\windows\Tasks\Clean System Memory.job
- c:\windows\system32\CleanMem.exe [2009-11-11 23:22]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1645522239-839522115-1015Core.job
- c:\documents and settings\Gregory\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-11 03:44]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1645522239-839522115-1015UA.job
- c:\documents and settings\Gregory\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-11 03:44]
.
2012-06-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
2012-06-14 c:\windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
- c:\program files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-17 03:45]
.
2012-06-15 c:\windows\Tasks\NatSpeak Periodic Language Model Optimization.job
- c:\program files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-03-17 03:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: Interfaces\{2340376E-95A1-4AC8-B4C8-4381226E9DA3}: NameServer = 8.8.8.8,66.93.87.2,8.8.4.4,216.231.41.2
FF - ProfilePath - c:\documents and settings\Gregory\Application Data\Mozilla\Firefox\Profiles\rm88ypaz.bigG\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama&hl=en
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-15 09:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ruby-hello]
"ImagePath"="\"C:/wamp/ruby/bin/mongrel_service.exe\" service single -e development -p 3001 -a 0.0.0.0 -l \"log/mongrel.log\" -P \"log/mongrel.pid\" -c \"c:/wamp/www/rails/hello\" -t 0 -r \"public\" -n 1024"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ruby-hello]
"ImagePath"="\"C:/wamp/ruby/bin/mongrel_service.exe\" service single -e development -p 3001 -a 0.0.0.0 -l \"log/mongrel.log\" -P \"log/mongrel.pid\" -c \"c:/wamp/www/rails/hello\" -t 0 -r \"public\" -n 1024"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:74,63,79,64,0b,2b,41,2c,de,f0,c2,19,db,b6,b1,3c,be,2d,3b,ee,ed,
31,3d,bb,3a,4c,77,d1,77,d4,c2,ef,9d,99,52,64,9c,89,c2,15,83,2d,19,68,b8,a0,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:74,63,79,64,0b,2b,41,2c,de,f0,c2,19,db,b6,b1,3c,be,2d,3b,ee,ed,
31,3d,bb,3a,4c,77,d1,77,d4,c2,ef,9d,99,52,64,9c,89,c2,15,83,2d,19,68,b8,a0,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(952)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(1284)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\documents and settings\Gregory\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\program files\AutoSizer\AutoSizer.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2012-06-15 10:00:14
ComboFix-quarantined-files.txt 2012-06-15 17:00
ComboFix2.txt 2012-06-15 16:29
ComboFix3.txt 2012-06-15 05:09
ComboFix4.txt 2012-06-10 21:00
.
Pre-Run: 40,650,416,128 bytes free
Post-Run: 40,628,314,112 bytes free
.
- - End Of File - - AB7ADD349FA66CD5F11084A80EA76F89
 
Looks good.

Is MBAM still complaining?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
12:25:10.0812 0396 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
12:25:11.0578 0396 ============================================================
12:25:11.0578 0396 Current date / time: 2012/06/15 12:25:11.0578
12:25:11.0578 0396 SystemInfo:
12:25:11.0578 0396
12:25:11.0578 0396 OS Version: 5.1.2600 ServicePack: 3.0
12:25:11.0578 0396 Product type: Workstation
12:25:11.0578 0396 ComputerName: EXPERIENCE
12:25:11.0578 0396 UserName: Gregory
12:25:11.0578 0396 Windows directory: C:\WINDOWS
12:25:11.0578 0396 System windows directory: C:\WINDOWS
12:25:11.0578 0396 Processor architecture: Intel x86
12:25:11.0578 0396 Number of processors: 2
12:25:11.0578 0396 Page size: 0x1000
12:25:11.0578 0396 Boot type: Normal boot
12:25:11.0578 0396 ============================================================
12:25:18.0890 0396 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:25:18.0953 0396 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:25:19.0046 0396 ============================================================
12:25:19.0046 0396 \Device\Harddisk0\DR0:
12:25:19.0062 0396 MBR partitions:
12:25:19.0062 0396 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
12:25:19.0062 0396 \Device\Harddisk1\DR1:
12:25:19.0062 0396 MBR partitions:
12:25:19.0062 0396 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
12:25:19.0062 0396 ============================================================
12:25:24.0906 0396 C: <-> \Device\Harddisk0\DR0\Partition0
12:25:25.0109 0396 D: <-> \Device\Harddisk1\DR1\Partition0
12:25:25.0125 0396 ============================================================
12:25:25.0125 0396 Initialize success
12:25:25.0125 0396 ============================================================
12:28:19.0437 2340 ============================================================
12:28:19.0437 2340 Scan started
12:28:19.0437 2340 Mode: Manual;
12:28:19.0437 2340 ============================================================
12:28:20.0375 2340 123rootrepeal (60ac082b41e60906171335dfbf8c19c0) C:\WINDOWS\system32\drivers\123rootrepeal.sys
12:28:20.0390 2340 123rootrepeal - ok
12:28:20.0390 2340 Abiosdsk - ok
12:28:20.0390 2340 abp480n5 - ok
12:28:20.0453 2340 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:28:20.0468 2340 ACPI - ok
12:28:20.0515 2340 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:28:20.0515 2340 ACPIEC - ok
12:28:20.0703 2340 Adobe Version Cue CS3 (14c23516c990dcd6052152cf034dde40) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
12:28:20.0703 2340 Adobe Version Cue CS3 - ok
12:28:20.0718 2340 adpu160m - ok
12:28:20.0765 2340 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:28:20.0765 2340 aec - ok
12:28:20.0812 2340 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:28:20.0828 2340 AFD - ok
12:28:20.0828 2340 Aha154x - ok
12:28:20.0828 2340 aic78u2 - ok
12:28:20.0843 2340 aic78xx - ok
12:28:21.0046 2340 ALCXWDM (e1b23e1463adcca8637532d6b170cc32) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
12:28:21.0187 2340 ALCXWDM - ok
12:28:21.0312 2340 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
12:28:21.0312 2340 Alerter - ok
12:28:21.0359 2340 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
12:28:21.0359 2340 ALG - ok
12:28:21.0375 2340 AliIde - ok
12:28:21.0375 2340 AmdAcpi - ok
12:28:21.0406 2340 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
12:28:21.0406 2340 AmdK8 - ok
12:28:21.0406 2340 amdtools - ok
12:28:21.0406 2340 amsint - ok
12:28:21.0453 2340 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
12:28:21.0468 2340 AppMgmt - ok
12:28:21.0468 2340 asc - ok
12:28:21.0484 2340 asc3350p - ok
12:28:21.0484 2340 asc3550 - ok
12:28:21.0625 2340 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:28:21.0625 2340 aspnet_state - ok
12:28:21.0671 2340 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:28:21.0671 2340 AsyncMac - ok
12:28:21.0687 2340 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:28:21.0687 2340 atapi - ok
12:28:21.0687 2340 Atdisk - ok
12:28:21.0734 2340 ATITool (0e4bb35c5305099ac82053ac992e3e0e) C:\WINDOWS\system32\DRIVERS\ATITool.sys
12:28:21.0734 2340 ATITool - ok
12:28:21.0750 2340 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:28:21.0750 2340 Atmarpc - ok
12:28:21.0765 2340 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
12:28:21.0796 2340 AudioSrv - ok
12:28:21.0828 2340 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:28:21.0828 2340 audstub - ok
12:28:21.0968 2340 Autodesk Licensing Service (17681266e789ba928cbed70dd58ee4b1) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
12:28:21.0968 2340 Autodesk Licensing Service - ok
12:28:22.0109 2340 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
12:28:22.0109 2340 BcmSqlStartupSvc - ok
12:28:22.0156 2340 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:28:22.0156 2340 Beep - ok
12:28:22.0218 2340 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
12:28:22.0515 2340 BITS - ok
12:28:22.0593 2340 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
12:28:22.0593 2340 Browser - ok
12:28:22.0656 2340 btaudio (acff0fd5ebb4711534766bfe9c4cc4cd) C:\WINDOWS\system32\drivers\btaudio.sys
12:28:22.0687 2340 btaudio - ok
12:28:22.0750 2340 BTDriver (fd7ec7c3aa4a9b1d066fd1e36bec54e4) C:\WINDOWS\system32\DRIVERS\btport.sys
12:28:22.0750 2340 BTDriver - ok
12:28:22.0781 2340 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
12:28:22.0781 2340 BthEnum - ok
12:28:22.0781 2340 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
12:28:22.0796 2340 BTHMODEM - ok
12:28:22.0812 2340 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
12:28:22.0812 2340 BthPan - ok
12:28:22.0843 2340 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
12:28:22.0859 2340 BTHPORT - ok
12:28:22.0906 2340 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
12:28:22.0906 2340 BthServ - ok
12:28:22.0953 2340 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
12:28:22.0953 2340 BTHUSB - ok
12:28:23.0046 2340 BTKRNL (fe1229036157344bb2789af6d9d9f6e1) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
12:28:23.0062 2340 BTKRNL - ok
12:28:23.0109 2340 BTSERIAL (510161a915ac376f5d47516aa275c544) C:\WINDOWS\system32\drivers\btserial.sys
12:28:23.0109 2340 BTSERIAL - ok
12:28:23.0125 2340 BTSLBCSP (ef4808855e1180edb9627b6a7320e0fd) C:\WINDOWS\system32\drivers\btslbcsp.sys
12:28:23.0140 2340 BTSLBCSP - ok
12:28:23.0312 2340 btwdins (0f2cd70a636fcd7362f5dae96afdf17f) C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
12:28:23.0312 2340 btwdins - ok
12:28:23.0328 2340 BTWDNDIS (56a80e456145a8b1176933604cebcdac) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
12:28:23.0328 2340 BTWDNDIS - ok
12:28:23.0375 2340 BTWUSB (4aa507d8b72378732147986cf5ff9f76) C:\WINDOWS\system32\Drivers\btwusb.sys
12:28:23.0390 2340 BTWUSB - ok
12:28:23.0390 2340 catchme - ok
12:28:23.0437 2340 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:28:23.0437 2340 cbidf2k - ok
12:28:23.0484 2340 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:28:23.0484 2340 CCDECODE - ok
12:28:23.0500 2340 cd20xrnt - ok
12:28:23.0515 2340 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:28:23.0515 2340 Cdaudio - ok
12:28:23.0515 2340 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:28:23.0515 2340 Cdfs - ok
12:28:23.0578 2340 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:28:23.0578 2340 Cdrom - ok
12:28:23.0578 2340 Changer - ok
12:28:23.0640 2340 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
12:28:23.0640 2340 CiSvc - ok
12:28:23.0687 2340 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
12:28:23.0687 2340 ClipSrv - ok
12:28:23.0781 2340 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:28:23.0859 2340 clr_optimization_v2.0.50727_32 - ok
12:28:23.0937 2340 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:28:24.0000 2340 clr_optimization_v4.0.30319_32 - ok
12:28:24.0015 2340 CmdIde - ok
12:28:24.0015 2340 COMSysApp - ok
12:28:24.0015 2340 Cpqarray - ok
12:28:24.0078 2340 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
12:28:24.0078 2340 CryptSvc - ok
12:28:24.0078 2340 dac2w2k - ok
12:28:24.0078 2340 dac960nt - ok
12:28:24.0156 2340 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:28:24.0156 2340 DcomLaunch - ok
12:28:24.0234 2340 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
12:28:24.0250 2340 Dhcp - ok
12:28:24.0296 2340 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:28:24.0296 2340 Disk - ok
12:28:24.0296 2340 dmadmin - ok
12:28:24.0390 2340 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:28:24.0421 2340 dmboot - ok
12:28:24.0437 2340 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:28:24.0437 2340 dmio - ok
12:28:24.0453 2340 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:28:24.0453 2340 dmload - ok
12:28:24.0484 2340 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
12:28:24.0484 2340 dmserver - ok
12:28:24.0500 2340 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:28:24.0500 2340 DMusic - ok
12:28:24.0546 2340 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
12:28:24.0546 2340 Dnscache - ok
12:28:24.0609 2340 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
12:28:24.0609 2340 Dot3svc - ok
12:28:24.0609 2340 dpti2o - ok
12:28:24.0671 2340 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:28:24.0671 2340 drmkaud - ok
12:28:24.0703 2340 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
12:28:24.0703 2340 EapHost - ok
12:28:24.0734 2340 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
12:28:24.0750 2340 ElbyCDIO - ok
12:28:24.0765 2340 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
12:28:24.0765 2340 ERSvc - ok
12:28:24.0812 2340 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:28:24.0843 2340 Eventlog - ok
12:28:24.0890 2340 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
12:28:24.0906 2340 EventSystem - ok
12:28:24.0953 2340 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:28:24.0953 2340 Fastfat - ok
12:28:25.0015 2340 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:28:25.0078 2340 FastUserSwitchingCompatibility - ok
12:28:25.0125 2340 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:28:25.0125 2340 Fdc - ok
12:28:25.0140 2340 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:28:25.0140 2340 Fips - ok
12:28:25.0312 2340 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:28:25.0312 2340 FLEXnet Licensing Service - ok
12:28:25.0343 2340 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:28:25.0343 2340 Flpydisk - ok
12:28:25.0343 2340 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:28:25.0343 2340 FltMgr - ok
12:28:25.0468 2340 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:28:25.0468 2340 FontCache3.0.0.0 - ok
12:28:25.0546 2340 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:28:25.0546 2340 Fs_Rec - ok
12:28:25.0546 2340 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:28:25.0562 2340 Ftdisk - ok
12:28:25.0578 2340 GearAspiWDM - ok
12:28:25.0609 2340 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
12:28:25.0609 2340 giveio - ok
12:28:25.0656 2340 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:28:25.0671 2340 Gpc - ok
12:28:25.0703 2340 hcmon (88a6f2571405b3a4abc4ed2f52136317) C:\WINDOWS\system32\drivers\hcmon.sys
12:28:25.0703 2340 hcmon - ok
12:28:25.0781 2340 hcw18bda (e5b3eb916ef245075a243821ff7320d5) C:\WINDOWS\system32\drivers\hcw18bda.sys
12:28:25.0796 2340 hcw18bda - ok
12:28:25.0859 2340 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:28:25.0859 2340 HDAudBus - ok
12:28:25.0875 2340 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:28:25.0875 2340 helpsvc - ok
12:28:25.0921 2340 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
12:28:25.0921 2340 HidServ - ok
12:28:25.0968 2340 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:28:25.0968 2340 HidUsb - ok
12:28:26.0031 2340 hitmanpro35 (d7e05e0173719b66bb108f3d97e49a6a) C:\WINDOWS\system32\drivers\hitmanpro35.sys
12:28:26.0031 2340 hitmanpro35 - ok
12:28:26.0078 2340 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
12:28:26.0078 2340 hkmsvc - ok
12:28:26.0078 2340 hpn - ok
12:28:26.0125 2340 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:28:26.0125 2340 HPZid412 - ok
12:28:26.0140 2340 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:28:26.0140 2340 HPZipr12 - ok
12:28:26.0171 2340 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:28:26.0171 2340 HPZius12 - ok
12:28:26.0234 2340 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:28:26.0250 2340 HTTP - ok
12:28:26.0296 2340 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
12:28:26.0328 2340 HTTPFilter - ok
12:28:26.0328 2340 i2omgmt - ok
12:28:26.0328 2340 i2omp - ok
12:28:26.0375 2340 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:28:26.0375 2340 i8042prt - ok
12:28:26.0515 2340 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:28:26.0578 2340 idsvc - ok
12:28:26.0625 2340 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:28:26.0625 2340 Imapi - ok
12:28:26.0671 2340 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
12:28:26.0687 2340 ImapiService - ok
12:28:26.0687 2340 ini910u - ok
12:28:26.0703 2340 IntelIde - ok
12:28:26.0703 2340 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:28:26.0703 2340 intelppm - ok
12:28:26.0734 2340 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:28:26.0734 2340 Ip6Fw - ok
12:28:26.0781 2340 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:28:26.0781 2340 IpFilterDriver - ok
12:28:26.0796 2340 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:28:26.0796 2340 IpInIp - ok
12:28:26.0828 2340 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:28:26.0843 2340 IpNat - ok
12:28:26.0843 2340 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:28:26.0843 2340 IPSec - ok
12:28:26.0875 2340 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:28:26.0875 2340 IRENUM - ok
12:28:26.0906 2340 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:28:26.0906 2340 isapnp - ok
12:28:27.0093 2340 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
12:28:27.0093 2340 JavaQuickStarterService - ok
12:28:27.0109 2340 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:28:27.0109 2340 Kbdclass - ok
12:28:27.0156 2340 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:28:27.0156 2340 kbdhid - ok
12:28:27.0171 2340 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:28:27.0171 2340 kmixer - ok
12:28:27.0203 2340 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:28:27.0203 2340 KSecDD - ok
12:28:27.0250 2340 L8042Kbd (d8d3f1c1e82117a3776a2d320a7b3694) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
12:28:27.0250 2340 L8042Kbd - ok
12:28:27.0312 2340 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
12:28:27.0328 2340 LanmanServer - ok
12:28:27.0375 2340 LanmanWorkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
12:28:27.0421 2340 LanmanWorkstation - ok
12:28:27.0468 2340 LBeepKE (c99ba72106a858cb8b521bb4c02c93ed) C:\WINDOWS\system32\Drivers\LBeepKE.sys
12:28:27.0468 2340 LBeepKE - ok
12:28:27.0484 2340 lbrtfdc - ok
12:28:27.0578 2340 LBTServ (0f98b9384c37c8c29904b8ae4359a54f) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
12:28:27.0593 2340 LBTServ - ok
12:28:27.0671 2340 LEqdUsb (eee5a87ec378c9ad7ce91073fbd63465) C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
12:28:27.0671 2340 LEqdUsb - ok
12:28:27.0687 2340 LHidEqd (62663b385087f5977d8ebd1fdc67b639) C:\WINDOWS\system32\Drivers\LHidEqd.Sys
12:28:27.0687 2340 LHidEqd - ok
12:28:27.0718 2340 LHidFilt (318b3d608fbec44b7e0c23bf759dced5) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
12:28:27.0718 2340 LHidFilt - ok
12:28:27.0812 2340 LightScribeService (9dbafd6106ee59d548aa1b0c144799ef) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
12:28:27.0812 2340 LightScribeService - ok
12:28:27.0859 2340 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
12:28:27.0859 2340 LmHosts - ok
12:28:27.0875 2340 LMouFilt (84af069d219df3c43dc6792b2bbd7bed) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
12:28:27.0875 2340 LMouFilt - ok
12:28:27.0890 2340 LUsbFilt (81642f134929946ab4b9572c4c17298c) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
12:28:27.0890 2340 LUsbFilt - ok
12:28:27.0937 2340 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
12:28:27.0937 2340 MBAMProtector - ok
12:28:28.0046 2340 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:28:28.0062 2340 MBAMService - ok
12:28:28.0109 2340 mcdbus (f922b609524cf1ed66a1a109f3ce014f) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
12:28:28.0109 2340 mcdbus - ok
12:28:28.0187 2340 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
12:28:28.0187 2340 MDM - ok
12:28:28.0234 2340 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
12:28:28.0234 2340 Messenger - ok
12:28:28.0281 2340 mi-raysat_3dsmax9_32 (aa0c4a2c33ce075df2c272d678734991) C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
12:28:28.0281 2340 mi-raysat_3dsmax9_32 - ok
12:28:28.0406 2340 Micro Niche Finder Background Download Service (4635935fc972c582632bf45c26bfcb0e) C:\Program Files\Micro Niche Finder\srvany.exe
12:28:28.0406 2340 Micro Niche Finder Background Download Service - ok
12:28:28.0437 2340 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:28:28.0453 2340 mnmdd - ok
12:28:28.0500 2340 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
12:28:28.0500 2340 mnmsrvc - ok
12:28:28.0578 2340 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:28:28.0578 2340 Modem - ok
12:28:28.0640 2340 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:28:28.0640 2340 Mouclass - ok
12:28:28.0640 2340 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:28:28.0656 2340 mouhid - ok
12:28:28.0671 2340 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:28:28.0671 2340 MountMgr - ok
12:28:28.0703 2340 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
12:28:28.0703 2340 MPE - ok
12:28:28.0734 2340 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
12:28:28.0734 2340 MpFilter - ok
12:28:28.0750 2340 mraid35x - ok
12:28:28.0781 2340 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:28:28.0796 2340 MRxDAV - ok
12:28:28.0859 2340 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:28:28.0890 2340 MRxSmb - ok
12:28:28.0921 2340 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
12:28:28.0937 2340 MSDTC - ok
12:28:28.0968 2340 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:28:28.0968 2340 Msfs - ok
12:28:28.0968 2340 MSIServer - ok
12:28:29.0000 2340 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:28:29.0000 2340 MSKSSRV - ok
12:28:29.0125 2340 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
12:28:29.0125 2340 MsMpSvc - ok
12:28:29.0140 2340 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:28:29.0140 2340 MSPCLOCK - ok
12:28:29.0140 2340 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:28:29.0140 2340 MSPQM - ok
12:28:29.0156 2340 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:28:29.0156 2340 mssmbios - ok
12:28:29.0281 2340 MSSQL$MSSMLBIZ - ok
12:28:29.0312 2340 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
12:28:29.0312 2340 MSSQLServerADHelper - ok
12:28:29.0328 2340 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:28:29.0328 2340 MSTEE - ok
12:28:29.0390 2340 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:28:29.0406 2340 Mup - ok
12:28:29.0437 2340 n558 (88705dc61b9275b82e48904d53031f5b) C:\WINDOWS\system32\Drivers\n558.sys
12:28:29.0437 2340 n558 - ok
12:28:29.0468 2340 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:28:29.0468 2340 NABTSFEC - ok
12:28:29.0515 2340 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
12:28:29.0531 2340 napagent - ok
12:28:29.0578 2340 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:28:29.0593 2340 NDIS - ok
12:28:29.0625 2340 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:28:29.0625 2340 NdisIP - ok
12:28:29.0656 2340 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:28:29.0656 2340 NdisTapi - ok
12:28:29.0671 2340 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:28:29.0671 2340 Ndisuio - ok
12:28:29.0687 2340 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:28:29.0687 2340 NdisWan - ok
12:28:29.0734 2340 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:28:29.0750 2340 NDProxy - ok
12:28:29.0750 2340 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:28:29.0750 2340 NetBIOS - ok
12:28:29.0765 2340 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:28:29.0781 2340 NetBT - ok
12:28:29.0828 2340 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:28:29.0828 2340 NetDDE - ok
12:28:29.0828 2340 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:28:29.0828 2340 NetDDEdsdm - ok
12:28:29.0843 2340 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:28:29.0843 2340 Netlogon - ok
12:28:29.0859 2340 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
12:28:29.0875 2340 Netman - ok
12:28:30.0015 2340 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:28:30.0046 2340 NetTcpPortSharing - ok
12:28:30.0109 2340 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
12:28:30.0109 2340 Nla - ok
12:28:30.0203 2340 nosGetPlusHelper (ef7a048fe8e3f102c78c9bd7c448bb6c) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
12:28:30.0203 2340 nosGetPlusHelper - ok
12:28:30.0265 2340 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys
12:28:30.0265 2340 NPF - ok
12:28:30.0328 2340 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:28:30.0328 2340 Npfs - ok
12:28:30.0359 2340 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:28:30.0375 2340 Ntfs - ok
12:28:30.0437 2340 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:28:30.0437 2340 NtLmSsp - ok
12:28:30.0484 2340 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
12:28:30.0515 2340 NtmsSvc - ok
12:28:30.0546 2340 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:28:30.0546 2340 Null - ok
12:28:31.0125 2340 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:28:31.0578 2340 nv - ok
12:28:31.0703 2340 NVENETFD (0258d664f93b4b01ddd621b8c084f322) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
12:28:31.0718 2340 NVENETFD - ok
12:28:31.0765 2340 nvnetbus (56ec9207906435ef1bf02f5c68e3ffec) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
12:28:31.0765 2340 nvnetbus - ok
12:28:31.0765 2340 nvport - ok
12:28:31.0828 2340 NVSvc (0573c75a2895d973ea6ef2495620ba49) C:\WINDOWS\system32\nvsvc32.exe
12:28:31.0828 2340 NVSvc - ok
12:28:32.0125 2340 nvUpdatusService (9c84945feee40ea42d3bca5c22250d47) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
12:28:32.0203 2340 nvUpdatusService - ok
12:28:32.0296 2340 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:28:32.0296 2340 NwlnkFlt - ok
12:28:32.0312 2340 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:28:32.0328 2340 NwlnkFwd - ok
12:28:32.0437 2340 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:28:32.0453 2340 odserv - ok
12:28:32.0515 2340 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:28:32.0531 2340 ose - ok
12:28:32.0609 2340 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:28:32.0609 2340 Parport - ok
12:28:32.0609 2340 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:28:32.0609 2340 PartMgr - ok
12:28:32.0671 2340 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:28:32.0671 2340 ParVdm - ok
12:28:32.0703 2340 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:28:32.0703 2340 PCI - ok
12:28:32.0703 2340 PCIDump - ok
12:28:32.0750 2340 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:28:32.0750 2340 PCIIde - ok
12:28:32.0781 2340 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:28:32.0781 2340 Pcmcia - ok
12:28:32.0781 2340 PDCOMP - ok
12:28:32.0796 2340 PDFRAME - ok
12:28:32.0796 2340 PDRELI - ok
12:28:32.0796 2340 PDRFRAME - ok
12:28:32.0812 2340 perc2 - ok
12:28:32.0812 2340 perc2hib - ok
12:28:32.0859 2340 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
12:28:32.0859 2340 pfc - ok
12:28:32.0906 2340 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:28:32.0906 2340 PlugPlay - ok
12:28:32.0968 2340 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\system32\HPZipm12.exe
12:28:32.0968 2340 Pml Driver HPZ12 - ok
12:28:33.0015 2340 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:28:33.0015 2340 PolicyAgent - ok
12:28:33.0031 2340 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:28:33.0031 2340 PptpMiniport - ok
12:28:33.0046 2340 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
12:28:33.0046 2340 Processor - ok
12:28:33.0046 2340 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:28:33.0046 2340 ProtectedStorage - ok
12:28:33.0062 2340 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:28:33.0062 2340 PSched - ok
12:28:33.0078 2340 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:28:33.0078 2340 Ptilink - ok
12:28:33.0093 2340 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:28:33.0109 2340 PxHelp20 - ok
12:28:33.0109 2340 ql1080 - ok
12:28:33.0109 2340 Ql10wnt - ok
12:28:33.0109 2340 ql12160 - ok
12:28:33.0125 2340 ql1240 - ok
12:28:33.0125 2340 ql1280 - ok
12:28:33.0156 2340 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:28:33.0156 2340 RasAcd - ok
12:28:33.0187 2340 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
12:28:33.0187 2340 RasAuto - ok
12:28:33.0234 2340 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:28:33.0234 2340 Rasl2tp - ok
12:28:33.0296 2340 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
12:28:33.0312 2340 RasMan - ok
12:28:33.0312 2340 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:28:33.0312 2340 RasPppoe - ok
12:28:33.0328 2340 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:28:33.0328 2340 Raspti - ok
12:28:33.0343 2340 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:28:33.0359 2340 Rdbss - ok
12:28:33.0375 2340 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:28:33.0375 2340 RDPCDD - ok
12:28:33.0421 2340 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:28:33.0437 2340 rdpdr - ok
12:28:33.0484 2340 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:28:33.0500 2340 RDPWD - ok
12:28:33.0515 2340 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
12:28:33.0531 2340 RDSessMgr - ok
12:28:33.0546 2340 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:28:33.0546 2340 redbook - ok
12:28:33.0609 2340 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
12:28:33.0609 2340 RemoteAccess - ok
12:28:33.0640 2340 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
12:28:33.0640 2340 RemoteRegistry - ok
12:28:33.0687 2340 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
12:28:33.0703 2340 RFCOMM - ok
12:28:33.0812 2340 RivaTuner32 (4e3d4152095a623303cc5ca74a6f1ac2) C:\Program Files\RivaTuner v2.0 Final Release\RivaTuner32.sys
12:28:33.0812 2340 RivaTuner32 - ok
12:28:33.0843 2340 rpcapd (a780d3eaa74582ea1deb6bd9c7a3d9c9) C:\Program Files\WinPcap\rpcapd.exe
12:28:33.0843 2340 rpcapd - ok
12:28:33.0875 2340 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
12:28:33.0875 2340 RpcLocator - ok
12:28:33.0921 2340 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
12:28:33.0937 2340 RpcSs - ok
12:28:33.0984 2340 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
12:28:34.0000 2340 RSVP - ok
12:28:34.0046 2340 RTCore32 (293a2a421fd8d064803d22a252b2de97) C:\Program Files\EVGA Precision\RTCore32.sys
12:28:34.0046 2340 RTCore32 - ok
12:28:34.0203 2340 ruby-hello (0d1110a73c586f71b6e493b81de5d1c3) C:/wamp/ruby/bin/mongrel_service.exe
12:28:34.0203 2340 ruby-hello - ok
12:28:34.0265 2340 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:28:34.0281 2340 SamSs - ok
12:28:34.0359 2340 SbieDrv (1a62c808cda47b11005b77ee15e40483) C:\Program Files\Sandboxie\SbieDrv.sys
12:28:34.0375 2340 SbieDrv - ok
12:28:34.0421 2340 SbieSvc (bbc0a1a0ba299c595305316952b94d46) C:\Program Files\Sandboxie\SbieSvc.exe
12:28:34.0421 2340 SbieSvc - ok
12:28:34.0468 2340 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
12:28:34.0468 2340 SCardSvr - ok
12:28:34.0515 2340 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
12:28:34.0531 2340 Schedule - ok
12:28:34.0593 2340 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:28:34.0593 2340 Secdrv - ok
12:28:34.0640 2340 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
12:28:34.0640 2340 seclogon - ok
12:28:34.0656 2340 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
12:28:34.0656 2340 SENS - ok
12:28:34.0656 2340 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:28:34.0671 2340 serenum - ok
12:28:34.0671 2340 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:28:34.0671 2340 Serial - ok
12:28:34.0687 2340 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:28:34.0687 2340 Sfloppy - ok
12:28:34.0718 2340 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
12:28:34.0734 2340 SharedAccess - ok
12:28:34.0781 2340 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:28:34.0781 2340 ShellHWDetection - ok
12:28:34.0781 2340 Simbad - ok
12:28:34.0875 2340 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files\Skype\Updater\Updater.exe
12:28:34.0875 2340 SkypeUpdate - ok
12:28:34.0890 2340 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:28:34.0890 2340 SLIP - ok
12:28:34.0906 2340 Sparrow - ok
12:28:34.0937 2340 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
12:28:34.0937 2340 speedfan - ok
12:28:34.0953 2340 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:28:34.0953 2340 splitter - ok
12:28:35.0000 2340 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:28:35.0015 2340 Spooler - ok
12:28:35.0109 2340 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:28:35.0125 2340 SQLBrowser - ok
12:28:35.0140 2340 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:28:35.0140 2340 SQLWriter - ok
12:28:35.0156 2340 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:28:35.0156 2340 sr - ok
12:28:35.0187 2340 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
12:28:35.0187 2340 srservice - ok
12:28:35.0250 2340 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:28:35.0250 2340 Srv - ok
12:28:35.0312 2340 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
12:28:35.0312 2340 SSDPSRV - ok
12:28:35.0359 2340 Steam Client Service - ok
12:28:35.0437 2340 STHDA (f420a4f17a0852e58627f18468c3fec5) C:\WINDOWS\system32\drivers\sthda.sys
12:28:35.0453 2340 STHDA - ok
12:28:35.0593 2340 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
12:28:35.0609 2340 stisvc - ok
12:28:35.0656 2340 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:28:35.0656 2340 streamip - ok
12:28:35.0687 2340 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:28:35.0687 2340 swenum - ok
12:28:35.0687 2340 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:28:35.0703 2340 swmidi - ok
12:28:35.0703 2340 SwPrv - ok
12:28:35.0703 2340 symc810 - ok
12:28:35.0718 2340 symc8xx - ok
12:28:35.0718 2340 sym_hi - ok
12:28:35.0718 2340 sym_u3 - ok
12:28:35.0734 2340 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:28:35.0734 2340 sysaudio - ok
12:28:35.0796 2340 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
12:28:35.0796 2340 SysmonLog - ok
12:28:35.0828 2340 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
12:28:35.0843 2340 TapiSrv - ok
12:28:35.0906 2340 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:28:35.0937 2340 Tcpip - ok
12:28:35.0953 2340 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:28:35.0953 2340 TDPIPE - ok
12:28:35.0984 2340 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:28:35.0984 2340 TDTCP - ok
12:28:36.0000 2340 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:28:36.0000 2340 TermDD - ok
12:28:36.0031 2340 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
12:28:36.0031 2340 TermService - ok
12:28:36.0093 2340 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:28:36.0093 2340 Themes - ok
12:28:36.0140 2340 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
12:28:36.0140 2340 TlntSvr - ok
12:28:36.0140 2340 TosIde - ok
12:28:36.0187 2340 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
12:28:36.0187 2340 TrkWks - ok
12:28:36.0250 2340 truecrypt (aceb4f4f83b895e15c8c1a2f55009783) C:\WINDOWS\system32\drivers\truecrypt.sys
12:28:36.0250 2340 truecrypt - ok
12:28:36.0265 2340 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:28:36.0265 2340 Udfs - ok
12:28:36.0281 2340 ultra - ok
12:28:36.0312 2340 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
12:28:36.0312 2340 UMWdf - ok
12:28:36.0343 2340 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:28:36.0359 2340 Update - ok
12:28:36.0406 2340 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
12:28:36.0421 2340 upnphost - ok
12:28:36.0437 2340 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
12:28:36.0437 2340 UPS - ok
12:28:36.0437 2340 USBAAPL - ok
12:28:36.0468 2340 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
12:28:36.0468 2340 usbaudio - ok
12:28:36.0484 2340 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:28:36.0484 2340 usbccgp - ok
12:28:36.0484 2340 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:28:36.0484 2340 usbehci - ok
12:28:36.0500 2340 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:28:36.0500 2340 usbhub - ok
12:28:36.0515 2340 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:28:36.0515 2340 usbohci - ok
12:28:36.0562 2340 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:28:36.0562 2340 usbprint - ok
12:28:36.0609 2340 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:28:36.0609 2340 usbscan - ok
12:28:36.0640 2340 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
12:28:36.0640 2340 usbser - ok
12:28:36.0656 2340 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:28:36.0656 2340 USBSTOR - ok
12:28:36.0703 2340 VBoxDrv (103b23ec82c08fc4bdbc369552ffab2a) C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
12:28:36.0703 2340 VBoxDrv - ok
12:28:36.0750 2340 VBoxNetAdp (226cd9e42be28a84ec56430fbb57224f) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
12:28:36.0765 2340 VBoxNetAdp - ok
12:28:36.0812 2340 VBoxNetFlt (0a5d6512dcb14135a388d0e7e69e01bb) C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys
12:28:36.0812 2340 VBoxNetFlt - ok
12:28:36.0859 2340 VBoxUSB (b441887112246d607b9af4267aa60303) C:\WINDOWS\system32\Drivers\VBoxUSB.sys
12:28:36.0859 2340 VBoxUSB - ok
12:28:36.0906 2340 VBoxUSBMon (96a478edfb1fbf1fc663beb09b4175a8) C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
12:28:36.0906 2340 VBoxUSBMon - ok
12:28:36.0984 2340 vcdrom (bfa4ae30b3ac10e9223830bf103f5a3f) C:\installers\winxpvirtualcdcontrolpanel_21\VCdRom.sys
12:28:36.0984 2340 vcdrom - ok
12:28:37.0015 2340 VClone (1cdaa48cb2f7744b8d25650e050766a5) C:\WINDOWS\system32\DRIVERS\VClone.sys
12:28:37.0015 2340 VClone - ok
12:28:37.0015 2340 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:28:37.0015 2340 VgaSave - ok
12:28:37.0015 2340 ViaIde - ok
12:28:37.0156 2340 VMAuthdService (3accf0c817a2bb34efbfb72b57b00252) C:\Program Files\VMware\VMware Player\vmware-authd.exe
12:28:37.0156 2340 VMAuthdService - ok
12:28:37.0171 2340 vmci (15759158f7531853616b2b43af962fcb) C:\WINDOWS\system32\DRIVERS\vmci.sys
12:28:37.0187 2340 vmci - ok
12:28:37.0234 2340 vmkbd (e5fa574436b840d071dbfe74300741ce) C:\WINDOWS\system32\drivers\VMkbd.sys
12:28:37.0234 2340 vmkbd - ok
12:28:37.0281 2340 VMnetAdapter (1afa4af55cbea579a4bbe4f90967f720) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
12:28:37.0281 2340 VMnetAdapter - ok
12:28:37.0296 2340 VMnetBridge (6b8f26d54b2ee0da1543f08db3a01c8b) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
12:28:37.0296 2340 VMnetBridge - ok
12:28:37.0359 2340 VMnetDHCP (6f5fe74a4713290e6309b45904403798) C:\WINDOWS\system32\vmnetdhcp.exe
12:28:37.0359 2340 VMnetDHCP - ok
12:28:37.0375 2340 VMnetuserif (c88e5f414c567ff10343df18f8c3e3f0) C:\WINDOWS\system32\drivers\vmnetuserif.sys
12:28:37.0375 2340 VMnetuserif - ok
12:28:37.0390 2340 VMparport (cda57c86108ac6e11273f8cbd2ae83fc) C:\WINDOWS\system32\Drivers\VMparport.sys
12:28:37.0390 2340 VMparport - ok
12:28:37.0437 2340 vmusb (afb10ad9aa91d2f70c9f0e6bda0d119b) C:\WINDOWS\system32\Drivers\vmusb.sys
12:28:37.0437 2340 vmusb - ok
12:28:37.0531 2340 VMUSBArbService (af76c6d3f5053459e18e4c519fb496c8) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
12:28:37.0546 2340 VMUSBArbService - ok
12:28:37.0609 2340 VMware NAT Service (5cc206036b6648cd3990d77e5117e1d9) C:\WINDOWS\system32\vmnat.exe
12:28:37.0609 2340 VMware NAT Service - ok
12:28:37.0703 2340 vmx86 (847909a1fc0c8eb46ff975747d673a7f) C:\WINDOWS\system32\Drivers\vmx86.sys
12:28:37.0703 2340 vmx86 - ok
12:28:37.0750 2340 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:28:37.0750 2340 VolSnap - ok
12:28:37.0796 2340 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
12:28:37.0828 2340 VSS - ok
12:28:37.0875 2340 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
12:28:37.0890 2340 W32Time - ok
12:28:38.0031 2340 wampapache (f41e453a90ef19217cee1675f5256ee7) c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
12:28:38.0031 2340 wampapache - ok
12:28:38.0062 2340 wampmysqld - ok
12:28:38.0109 2340 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:28:38.0109 2340 Wanarp - ok
12:28:38.0187 2340 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:28:38.0187 2340 Wdf01000 - ok
12:28:38.0187 2340 WDICA - ok
12:28:38.0250 2340 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:28:38.0250 2340 wdmaud - ok
12:28:38.0296 2340 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
12:28:38.0296 2340 WebClient - ok
12:28:38.0390 2340 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:28:38.0406 2340 winmgmt - ok
12:28:38.0453 2340 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\mspmsnsv.dll
12:28:38.0453 2340 WmdmPmSN - ok
12:28:38.0531 2340 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
12:28:38.0531 2340 Wmi - ok
12:28:38.0578 2340 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:28:38.0578 2340 WmiAcpi - ok
12:28:38.0625 2340 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:28:38.0671 2340 WmiApSrv - ok
12:28:38.0843 2340 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:28:38.0875 2340 WPFFontCache_v0400 - ok
12:28:38.0968 2340 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:28:38.0968 2340 WS2IFSL - ok
12:28:39.0015 2340 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
12:28:39.0046 2340 wscsvc - ok
12:28:39.0062 2340 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:28:39.0062 2340 WSTCODEC - ok
12:28:39.0093 2340 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
12:28:39.0140 2340 wuauserv - ok
12:28:39.0187 2340 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
12:28:39.0203 2340 WZCSVC - ok
12:28:39.0250 2340 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
12:28:39.0296 2340 xmlprov - ok
12:28:39.0328 2340 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:28:39.0828 2340 \Device\Harddisk0\DR0 - ok
12:28:39.0828 2340 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
12:28:39.0828 2340 \Device\Harddisk1\DR1 - ok
12:28:39.0828 2340 Boot (0x1200) (a5a91f573ade27f7cff0b880090ea36c) \Device\Harddisk0\DR0\Partition0
12:28:39.0828 2340 \Device\Harddisk0\DR0\Partition0 - ok
12:28:39.0828 2340 Boot (0x1200) (4654c4f00c27b7b34d3cd0794304e423) \Device\Harddisk1\DR1\Partition0
12:28:39.0843 2340 \Device\Harddisk1\DR1\Partition0 - ok
12:28:39.0843 2340 ============================================================
12:28:39.0843 2340 Scan finished
12:28:39.0843 2340 ============================================================
12:28:39.0843 1824 Detected object count: 0
12:28:39.0843 1824 Actual detected object count: 0
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
792
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Microsoft breaks users' PCs again with latest Windows 11 update
Replies
19
Views
389
trparky
T

Latest posts

Back