Author Topic: Comodo detected:Heur.suspicious@1. (Read 16509 times)

Painted Pony · « **on:** November 12, 2012, 10:29:14 AM »

I hope I've done this right:

# AdwCleaner v2.007 - Logfile created 11/11/2012 at 14:29:46
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Sharon - SHARON-RAS
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Sharon\My Documents\Downloads\adwcleaner(1).exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\PIP
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Found : HKLM\Software\PIP

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Documents and Settings\Sharon\Application Data\Mozilla\Firefox\Profiles\nr5aa0az.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [970 octets] - [11/11/2012 14:29:46]

########## EOF - C:\AdwCleaner[R1].txt - [1029 octets] ##########

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.11.03

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Sharon :: SHARON-RAS [administrator]

11/11/2012 8:05:35 AM
mbam-log-2012-11-11 (08-05-35).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 290634
Time elapsed: 41 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Sharon at 14:33:11 on 2012-11-11
Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.2002.1280 [GMT -8:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sharon\My Documents\Downloads\adwcleaner(1).exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ca.yahoo.com?fr=fp-comodo
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TELUS_McciTrayApp] c:\program files\telus\telus support centre\bin\McciTrayApp.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
StartupFolder: c:\docume~1\sharon\startm~1\programs\startup\logitech . product registration.lnk - c:\program files\logitech\ereg\eReg.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
TCP: NameServer = 75.153.176.9 75.153.176.1
TCP: Interfaces\{AF0E9A00-A6EC-4080-B503-6C25AB9F6F58} : DHCPNameServer = 75.153.176.9 75.153.176.1
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} -
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} -
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} -
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 nwprovau
mASetup: {EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5} - rundll32.exe advpack.dll,LaunchINFSection c:\windows\inf\wmactedp.inf,PerUserStub
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sharon\application data\mozilla\firefox\profiles\nr5aa0az.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://ca.yahoo.com?fr=fp-comodo
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=ytff-comodo&p=
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - ExtSQL: 2012-10-27 11:45; {AB2CE124-6272-4b12-94A9-7303C7397BD1}; c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - ExtSQL: 2012-11-04 12:34; {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}; c:\documents and settings\sharon\application data\mozilla\firefox\profiles\nr5aa0az.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF - ExtSQL: 2012-11-04 12:39; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\documents and settings\sharon\application data\mozilla\firefox\profiles\nr5aa0az.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2012-11-04 12:43; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\sharon\application data\mozilla\firefox\profiles\nr5aa0az.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-2-7 11608]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-9-10 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-9-10 32640]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-7 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-7 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-12 66616]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-9-10 1990464]
R2 PanService;PandoraService;c:\program files\pandora.tv\panservice\PandoraService.exe [2012-5-19 624856]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-2-26 36608]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-9-29 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-9-29 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-9-29 12928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 RapportIaso;RapportIaso;\??\c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys --> c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys [?]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
FileExt: .reg: regfile=regedit.exe "%1" %*
ShellExec: BitComet.exe: open="c:\program files\bitcomet\BitComet.exe"
ShellExec: Foxit Reader.exe: print="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/p "%1"
ShellExec: Foxit Reader.exe: printto="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/t "%1" "%2" "%3" "%4"
.
=============== Created Last 30 ================
.
2012-11-11 21:00:35 -------- d-----w- c:\documents and settings\sharon\local settings\application data\Logitech® Webcam Software
2012-11-11 20:57:09 53248 ----a-r- c:\documents and settings\sharon\application data\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2012-11-02 22:25:59 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-11-02 22:25:59 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-27 00:50:53 -------- d-----w- C:\JRT
2012-10-25 11:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 11:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-22 22:03:03 -------- d-----w- c:\program files\CCleaner
.
==================== Find3M ====================
.
2012-11-07 23:38:16 32640 -c--a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-07 23:38:14 497952 -c--a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-07 23:38:13 18096 -c--a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-07 23:37:35 34024 -c--a-w- c:\windows\system32\cmdcsr.dll
2012-11-07 23:37:34 301264 ----a-w- c:\windows\system32\guard32.dll
2012-09-30 02:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-21 19:09:06 542568 ----a-w- c:\windows\system32\LVUI2.dll
2012-09-21 19:09:06 538472 ----a-w- c:\windows\system32\LVUI2RC.dll
2012-09-21 19:09:06 4261224 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2012-09-21 19:09:00 310504 ----a-w- c:\windows\system32\drivers\lvrs.sys
2012-09-21 19:09:00 305000 ----a-w- c:\windows\system32\lvcodec2.dll
2012-09-21 19:09:00 198504 ----a-w- c:\windows\system32\lvci1351823.dll
2012-09-21 19:08:36 338136 ----a-w- c:\windows\system32\DevManagerCore.dll
2012-09-21 19:08:36 10919784 ----a-w- c:\windows\system32\LogiDPP.dll
2012-09-21 19:08:36 103272 ----a-w- c:\windows\system32\LogiDPPApp.exe
2012-09-21 18:48:58 40758 ----a-w- c:\windows\system32\Repository.reg
2012-08-22 21:23:49 73416 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-22 21:23:49 696520 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-21 20:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 20:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
.
============= FINISH: 14:34:02.28 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 15/04/2008 1:43:34 PM
System Uptime: 11/11/2012 7:57:06 AM (7 hours ago)
.
Motherboard: Hewlett-Packard | | 0AA8h
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | XU1 PROCESSOR | 2327/1333mhz
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | XU1 PROCESSOR | 2327/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 60.727 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&16E8443F&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&16E8443F&0
Service: i8042prt
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&16E8443F&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&16E8443F&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP1252: 29/10/2012 10:44:56 AM - System Checkpoint
RP1253: 30/10/2012 7:26:03 PM - System Checkpoint
RP1254: 31/10/2012 7:31:58 PM - System Checkpoint
RP1255: 02/11/2012 12:20:40 AM - System Checkpoint
RP1256: 02/11/2012 3:24:13 PM - Restore Operation
RP1257: 03/11/2012 5:44:55 PM - System Checkpoint
RP1258: 04/11/2012 4:50:28 PM - System Checkpoint
RP1259: 05/11/2012 5:11:22 PM - System Checkpoint
RP1260: 06/11/2012 5:14:20 PM - System Checkpoint
RP1261: 07/11/2012 5:47:16 PM - System Checkpoint
RP1262: 08/11/2012 6:21:45 PM - System Checkpoint
RP1263: 09/11/2012 6:25:45 PM - System Checkpoint
RP1264: 11/11/2012 8:27:13 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bonjour
CameraHelperMsi
CCleaner
COMODO Internet Security
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
erLT
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
iTunes
LG Bluetooth Drivers
LG United Mobile Drivers
LG USB Modem Drivers
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Outlook Personal Folders Backup
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
MSXML4SP2
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
Pandora Service
PDF-Viewer
QuickTime
Safari
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Skype™ 5.0
Soap 3.0 Toolkit
SpywareBlaster 4.6
SUPERAntiSpyware
TBS WMP Plug-in
TELUS eProtect Advisor 1.5.12
TELUS Wireless Connection Manager
The KMPlayer (remove only)
UFile 2011
Uninstall 1.0.0.1
Uninstall LG PC Suite III
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB925877)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.6195
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 7 Multilingual User Interface (MUI)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Messenger 5.1
Windows Presentation Foundation
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
XML Paper Specification Shared Components Pack 1.0
XnView 1.97.8
.
==== Event Viewer Messages From Past Week ========
.
11/11/2012 2:33:45 PM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
08/11/2012 9:36:25 AM, error: Dhcp [1002] - The IP address lease 207.6.209.204 for the Network Card with network address 001E0BA221B9 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
06/11/2012 9:12:22 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
06/11/2012 9:12:22 AM, error: Service Control Manager [7022] - The PandoraService service hung on starting.
06/11/2012 9:10:47 AM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the path specified.
04/11/2012 12:46:34 PM, error: Dhcp [1002] - The IP address lease 207.6.210.171 for the Network Card with network address 001E0BA221B9 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

Dr Jay · « **Reply #1 on:** November 12, 2012, 10:34:35 AM »

Hi there!

ComboFix scan

Please download ComboFix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix

After the download:

Close any open browsers.
Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

Double click on ComboFix.exe & follow the prompts.
When ComboFix finishes, it will produce a report for you.
Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Painted Pony · « **Reply #2 on:** November 12, 2012, 12:22:12 PM »

ComboFix 12-11-12.03 - Sharon 12/11/2012 11:12:36.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.2002.1146 [GMT -8:00]
Running from: c:\documents and settings\Sharon\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\5C321E34.TMP
c:\documents and settings\Sharon\WINDOWS
c:\windows\system32\MUI\040C\tourstart.exe
c:\windows\system32\service
c:\windows\system32\service\02102010_TIS17_SfFniAU.log
c:\windows\system32\service\04062010_TIS17_SfFniAU.log
c:\windows\system32\service\04092010_TIS17_SfFniAU.log
c:\windows\system32\service\04122010_TIS17_SfFniAU.log
c:\windows\system32\service\05022011_TIS17_SfFniAU.log
c:\windows\system32\service\05102010_TIS17_SfFniAU.log
c:\windows\system32\service\05112009_TIS17_SfFniAU.log
c:\windows\system32\service\09042010_TIS17_SfFniAU.log
c:\windows\system32\service\09092010_TIS17_SfFniAU.log
c:\windows\system32\service\10112010_TIS17_SfFniAU.log
c:\windows\system32\service\11112009_TIS17_SfFniAU.log
c:\windows\system32\service\18092010_TIS17_SfFniAU.log
c:\windows\system32\service\19092009_TIS17_SfFniAU.log
c:\windows\system32\service\21092010_TIS17_SfFniAU.log
c:\windows\system32\service\25022009_TIS17_SfFniAU.log
c:\windows\system32\service\29092009_TIS17_SfFniAU.log
c:\windows\system32\service\29122010_TIS17_SfFniAU.log
c:\windows\system32\service\30112010_TIS17_SfFniAU.log
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-12 to 2012-11-12 )))))))))))))))))))))))))))))))
.
.
2012-11-11 21:00 . 2012-11-11 21:00   --------   d-----w-   c:\documents and settings\Sharon\Local Settings\Application Data\Logitech® Webcam Software
2012-11-11 20:57 . 2012-11-11 20:57   --------   d-----w-   c:\documents and settings\All Users\Application Data\LogiShrd
2012-11-11 20:57 . 2012-11-11 20:57   --------   d-----w-   c:\documents and settings\Sharon\Application Data\Leadertech
2012-11-11 20:57 . 2012-11-11 20:57   53248   ----a-r-   c:\documents and settings\Sharon\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-11-11 20:55 . 2012-11-11 20:57   --------   d-----w-   c:\program files\Logitech
2012-11-11 20:55 . 2012-11-11 20:56   --------   d-----w-   c:\program files\Common Files\LogiShrd
2012-11-09 21:19 . 2012-11-09 21:19   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-11-09 21:19 . 2012-11-09 21:19   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-11-09 21:19 . 2012-11-09 21:19   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-11-09 21:19 . 2012-11-09 21:19   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-11-09 21:19 . 2012-11-09 21:19   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-11-09 21:19 . 2012-11-09 21:19   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-11-09 21:19 . 2012-11-09 21:19   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2012-11-09 21:19 . 2012-11-09 21:19   --------   d-----w-   c:\program files\QuickTime
2012-11-02 22:25 . 2012-11-02 22:25   --------   d-----w-   c:\windows\system32\wbem\Repository
2012-10-27 00:50 . 2012-10-27 01:01   --------   d-----w-   C:\JRT
2012-10-25 11:12 . 2012-10-25 11:12   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2012-10-25 11:12 . 2012-10-25 11:12   69632   ----a-w-   c:\windows\system32\QuickTime.qts
2012-10-22 22:03 . 2012-10-22 22:03   --------   d-----w-   c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-07 23:38 . 2010-09-11 07:40   99080   -c--a-w-   c:\windows\system32\drivers\inspect.sys
2012-11-07 23:38 . 2010-09-11 07:40   32640   -c--a-w-   c:\windows\system32\drivers\cmdhlp.sys
2012-11-07 23:38 . 2010-09-11 07:40   497952   -c--a-w-   c:\windows\system32\drivers\cmdGuard.sys
2012-11-07 23:38 . 2010-09-11 07:40   18096   -c--a-w-   c:\windows\system32\drivers\cmderd.sys
2012-11-07 23:37 . 2011-10-20 22:40   34024   -c--a-w-   c:\windows\system32\cmdcsr.dll
2012-11-07 23:37 . 2010-09-11 07:41   301264   ----a-w-   c:\windows\system32\guard32.dll
2012-09-30 02:54 . 2012-03-10 21:46   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-09-21 19:09 . 2012-09-21 19:09   542568   ----a-w-   c:\windows\system32\LVUI2.dll
2012-09-21 19:09 . 2012-09-21 19:09   538472   ----a-w-   c:\windows\system32\LVUI2RC.dll
2012-09-21 19:09 . 2012-09-21 19:09   4261224   ----a-w-   c:\windows\system32\drivers\lvuvc.sys
2012-09-21 19:09 . 2012-09-21 19:09   310504   ----a-w-   c:\windows\system32\drivers\lvrs.sys
2012-09-21 19:09 . 2012-09-21 19:09   305000   ----a-w-   c:\windows\system32\lvcodec2.dll
2012-09-21 19:09 . 2012-09-21 19:09   198504   ----a-w-   c:\windows\system32\lvci1351823.dll
2012-09-21 19:08 . 2012-09-21 19:08   338136   ----a-w-   c:\windows\system32\DevManagerCore.dll
2012-09-21 19:08 . 2012-09-21 19:08   10919784   ----a-w-   c:\windows\system32\LogiDPP.dll
2012-09-21 19:08 . 2012-09-21 19:08   103272   ----a-w-   c:\windows\system32\LogiDPPApp.exe
2012-09-21 18:48 . 2012-09-21 18:48   40758   ----a-w-   c:\windows\system32\Repository.reg
2012-08-22 21:23 . 2012-04-09 15:41   696520   -c--a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-08-22 21:23 . 2011-09-27 23:12   73416   -c--a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-21 20:01 . 2009-08-05 23:58   26840   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 20:01 . 2009-08-05 23:58   106928   ----a-w-   c:\windows\system32\GEARAspi.dll
2012-10-27 18:45 . 2012-10-27 18:45   261600   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-26 1015808]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-17 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-17 131072]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136]
.
c:\documents and settings\Sharon\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\Ereg\eReg.exe [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages   REG_MULTI_SZ     msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-72051607-1886416376-1608665341-50139\Scripts\Logoff\0\0]
"Script"=logoff.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-72051607-1886416376-1608665341-50139\Scripts\Logon\0\0]
"Script"=PSTColl.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-72051607-1886416376-1608665341-50139\Scripts\Logon\1\0]
"Script"=logon.cmd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-12 05:56   59280   ----a-w-   c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 12:00   15360   ----a-w-   c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-03-17 15:05   135168   -c--a-w-   c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 06:30   421776   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 11:12   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TelusWCC_McciTrayApp]
2006-03-10 18:01   543232   -c--a-w-   c:\program files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorldClock]
2006-03-10 18:01   543232   -c--a-w-   c:\program files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18039:TCP"= 18039:TCP:BitComet 18039 TCP
"18039:UDP"= 18039:UDP:BitComet 18039 UDP
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10/09/2010 11:40 PM 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10/09/2010 11:40 PM 32640]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 8:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 1:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [11/08/2011 3:38 PM 116608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [07/02/2011 3:32 PM 136360]
R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [19/05/2012 11:56 AM 624856]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [26/02/2007 7:59 AM 36608]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29/09/2009 7:11 AM 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29/09/2009 7:11 AM 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29/09/2009 7:11 AM 12928]
S3 RapportIaso;RapportIaso;\??\c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys --> c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys [?]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
2009-03-08 11:32   128512   -c--a-w-   c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ca.yahoo.com?fr=fp-comodo
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: canaccord.com\vipportal
TCP: DhcpNameServer = 75.153.176.9 75.153.176.1
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} -
FF - ProfilePath - c:\documents and settings\Sharon\Application Data\Mozilla\Firefox\Profiles\nr5aa0az.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://ca.yahoo.com?fr=fp-comodo
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=ytff-comodo&p=
FF - ExtSQL: 2012-10-27 11:45; {AB2CE124-6272-4b12-94A9-7303C7397BD1}; c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - ExtSQL: 2012-11-04 12:34; {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}; c:\documents and settings\Sharon\Application Data\Mozilla\Firefox\Profiles\nr5aa0az.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF - ExtSQL: 2012-11-04 12:39; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\documents and settings\Sharon\Application Data\Mozilla\Firefox\Profiles\nr5aa0az.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2012-11-04 12:43; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Sharon\Application Data\Mozilla\Firefox\Profiles\nr5aa0az.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-TELUS_McciTrayApp - c:\program files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
AddRemove-XnView_is1 - e:\xnview\unins000.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Sharon\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-12 11:15
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(508)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(564)
c:\windows\system32\guard32.dll
.
Completion time: 2012-11-12 11:17:11
ComboFix-quarantined-files.txt 2012-11-12 19:17
.
Pre-Run: 64,995,954,688 bytes free
Post-Run: 64,942,407,680 bytes free
.
- - End Of File - - 6888654E71C24648A0FC74CA71AF37BE

Dr Jay · « **Reply #3 on:** November 13, 2012, 01:51:47 AM »

TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Painted Pony · « **Reply #4 on:** November 13, 2012, 09:12:33 AM »

08:03:45.0593 0536 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
08:03:46.0156 0536 ============================================================
08:03:46.0156 0536 Current date / time: 2012/11/13 08:03:46.0156
08:03:46.0156 0536 SystemInfo:
08:03:46.0156 0536
08:03:46.0156 0536 OS Version: 5.1.2600 ServicePack: 2.0
08:03:46.0156 0536 Product type: Workstation
08:03:46.0156 0536 ComputerName: SHARON-RAS
08:03:46.0156 0536 UserName: Sharon
08:03:46.0156 0536 Windows directory: C:\WINDOWS
08:03:46.0156 0536 System windows directory: C:\WINDOWS
08:03:46.0156 0536 Processor architecture: Intel x86
08:03:46.0156 0536 Number of processors: 2
08:03:46.0156 0536 Page size: 0x1000
08:03:46.0156 0536 Boot type: Normal boot
08:03:46.0156 0536 ============================================================
08:03:47.0687 0536 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:03:47.0687 0536 ============================================================
08:03:47.0687 0536 \Device\Harddisk0\DR0:
08:03:47.0687 0536 MBR partitions:
08:03:47.0687 0536 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94D75F4
08:03:47.0687 0536 ============================================================
08:03:47.0703 0536 C: <-> \Device\Harddisk0\DR0\Partition1
08:03:47.0703 0536 ============================================================
08:03:47.0703 0536 Initialize success
08:03:47.0703 0536 ============================================================
08:03:53.0109 1584 ============================================================
08:03:53.0109 1584 Scan started
08:03:53.0109 1584 Mode: Manual;
08:03:53.0109 1584 ============================================================
08:03:53.0343 1584 ================ Scan system memory ========================
08:03:53.0343 1584 System memory - ok
08:03:53.0343 1584 ================ Scan services =============================
08:03:53.0437 1584 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
08:03:53.0437 1584 !SASCORE - ok
08:03:53.0515 1584 Abiosdsk - ok
08:03:53.0515 1584 abp480n5 - ok
08:03:53.0531 1584 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:03:53.0531 1584 ACPI - ok
08:03:53.0562 1584 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
08:03:53.0562 1584 ACPIEC - ok
08:03:53.0578 1584 [ 4E6E32DF81005355056A76491D29D05C ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
08:03:53.0578 1584 ADIHdAudAddService - ok
08:03:53.0578 1584 adpu160m - ok
08:03:53.0609 1584 [ 058CDC314672A28A90566A787D9876E7 ] AEAudio C:\WINDOWS\system32\drivers\AEAudio.sys
08:03:53.0609 1584 AEAudio - ok
08:03:53.0640 1584 [ 1EE7B434BA961EF845DE136224C30FEC ] aec C:\WINDOWS\system32\drivers\aec.sys
08:03:53.0640 1584 aec - ok
08:03:53.0671 1584 [ 55E6E1C51B6D30E54335750955453702 ] AFD C:\WINDOWS\System32\drivers\afd.sys
08:03:53.0671 1584 AFD - ok
08:03:53.0671 1584 Aha154x - ok
08:03:53.0671 1584 aic78u2 - ok
08:03:53.0671 1584 aic78xx - ok
08:03:53.0687 1584 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
08:03:53.0703 1584 Alerter - ok
08:03:53.0718 1584 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
08:03:53.0718 1584 ALG - ok
08:03:53.0718 1584 AliIde - ok
08:03:53.0718 1584 amsint - ok
08:03:53.0781 1584 [ B4837FE56D76B2E9EA90E5365CF6A2BE ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
08:03:53.0781 1584 AntiVirSchedulerService - ok
08:03:53.0812 1584 [ DF5A3016052755C910A206058B4A1729 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
08:03:53.0812 1584 AntiVirService - ok
08:03:53.0843 1584 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:03:53.0859 1584 Apple Mobile Device - ok
08:03:53.0875 1584 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
08:03:53.0890 1584 AppMgmt - ok
08:03:53.0890 1584 asc - ok
08:03:53.0890 1584 asc3350p - ok
08:03:53.0890 1584 asc3550 - ok
08:03:53.0984 1584 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:03:54.0015 1584 aspnet_state - ok
08:03:54.0046 1584 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:03:54.0046 1584 AsyncMac - ok
08:03:54.0078 1584 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
08:03:54.0078 1584 atapi - ok
08:03:54.0078 1584 Atdisk - ok
08:03:54.0109 1584 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:03:54.0109 1584 Atmarpc - ok
08:03:54.0156 1584 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
08:03:54.0156 1584 AudioSrv - ok
08:03:54.0171 1584 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
08:03:54.0171 1584 audstub - ok
08:03:54.0203 1584 [ 0B497C79824F8E1BF22FA6AACD3DE3A0 ] avgio C:\Program Files\Avira\AntiVir Desktop\avgio.sys
08:03:54.0203 1584 avgio - ok
08:03:54.0234 1584 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
08:03:54.0250 1584 avgntflt - ok
08:03:54.0250 1584 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
08:03:54.0265 1584 avipbb - ok
08:03:54.0296 1584 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
08:03:54.0296 1584 Beep - ok
08:03:54.0328 1584 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll
08:03:54.0375 1584 BITS - ok
08:03:54.0421 1584 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:03:54.0421 1584 Bonjour Service - ok
08:03:54.0468 1584 [ D3FACB34FFF5DB91ADB70987838F8BA7 ] Brother XP spl Service C:\WINDOWS\system32\brsvc01a.exe
08:03:54.0468 1584 Brother XP spl Service - ok
08:03:54.0500 1584 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll
08:03:54.0515 1584 Browser - ok
08:03:54.0515 1584 [ 2FE6D5BE0629F706197B30C0AA05DE30 ] BrPar C:\WINDOWS\System32\drivers\BrPar.sys
08:03:54.0531 1584 BrPar - ok
08:03:54.0562 1584 [ 3DC7B0C7BE6164D3152513C0C208AD3B ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
08:03:54.0578 1584 btaudio - ok
08:03:54.0609 1584 [ 2F9F111D31AA3FBBE5781D829A4524E6 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
08:03:54.0609 1584 BTDriver - ok
08:03:54.0625 1584 [ 9F704F40CD50AE05BBFC492C0342E765 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
08:03:54.0625 1584 BTKRNL - ok
08:03:54.0703 1584 [ 7F9450547C5C1BC1FA9FD7E1059796CC ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
08:03:54.0703 1584 btwdins - ok
08:03:54.0718 1584 [ 485020A1E1FC5C51A800CA69C618D881 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
08:03:54.0750 1584 BTWDNDIS - ok
08:03:54.0781 1584 [ C51D50CF24DA69A9C499E65B0EDB3BB7 ] btwhid C:\WINDOWS\system32\DRIVERS\btwhid.sys
08:03:54.0781 1584 btwhid - ok
08:03:54.0781 1584 [ 1166CB501E1C34750A91600579EFEAB3 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
08:03:54.0796 1584 BTWUSB - ok
08:03:54.0906 1584 catchme - ok
08:03:54.0921 1584 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
08:03:54.0937 1584 cbidf2k - ok
08:03:54.0968 1584 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:03:54.0968 1584 CCDECODE - ok
08:03:54.0968 1584 cd20xrnt - ok
08:03:54.0984 1584 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
08:03:55.0000 1584 Cdaudio - ok
08:03:55.0031 1584 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
08:03:55.0031 1584 Cdfs - ok
08:03:55.0062 1584 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:03:55.0062 1584 Cdrom - ok
08:03:55.0062 1584 Changer - ok
08:03:55.0078 1584 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
08:03:55.0078 1584 CiSvc - ok
08:03:55.0093 1584 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
08:03:55.0093 1584 ClipSrv - ok
08:03:55.0125 1584 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:03:55.0296 1584 clr_optimization_v2.0.50727_32 - ok
08:03:55.0375 1584 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:03:55.0375 1584 clr_optimization_v4.0.30319_32 - ok
08:03:55.0484 1584 [ 2A2D72271844C52F004901A60312B96A ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
08:03:55.0484 1584 cmdAgent - ok
08:03:55.0531 1584 [ 9181CC4D007ADBE21DB9A11BFECAFEF5 ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
08:03:55.0531 1584 cmdGuard - ok
08:03:55.0546 1584 [ C5A9FB50E8CA7FD99F256255FEE71580 ] cmdHlp C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
08:03:55.0546 1584 cmdHlp - ok
08:03:55.0546 1584 CmdIde - ok
08:03:55.0546 1584 COMSysApp - ok
08:03:55.0562 1584 Cpqarray - ok
08:03:55.0578 1584 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
08:03:55.0593 1584 CryptSvc - ok
08:03:55.0593 1584 dac2w2k - ok
08:03:55.0593 1584 dac960nt - ok
08:03:55.0625 1584 [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
08:03:55.0640 1584 DcomLaunch - ok
08:03:55.0671 1584 [ EF545E1A4B043DA4C84E230DD471C55F ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
08:03:55.0671 1584 Dhcp - ok
08:03:55.0703 1584 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
08:03:55.0703 1584 Disk - ok
08:03:55.0703 1584 dmadmin - ok
08:03:55.0734 1584 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
08:03:55.0750 1584 dmboot - ok
08:03:55.0750 1584 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
08:03:55.0765 1584 dmio - ok
08:03:55.0781 1584 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
08:03:55.0781 1584 dmload - ok
08:03:55.0796 1584 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
08:03:55.0796 1584 dmserver - ok
08:03:55.0843 1584 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
08:03:55.0843 1584 DMusic - ok
08:03:55.0875 1584 [ AAC8FFBFD61E784FA3BAC851D4A0BD5F ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
08:03:55.0890 1584 Dnscache - ok
08:03:55.0890 1584 dpti2o - ok
08:03:55.0890 1584 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
08:03:55.0890 1584 drmkaud - ok
08:03:55.0906 1584 [ 34AAA3B298A852B3663E6E0D94D12945 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
08:03:55.0921 1584 e1express - ok
08:03:55.0937 1584 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
08:03:55.0937 1584 ERSvc - ok
08:03:55.0968 1584 [ 37561F8D4160D62DA86D24AE41FAE8DE ] Eventlog C:\WINDOWS\system32\services.exe
08:03:55.0968 1584 Eventlog - ok
08:03:55.0984 1584 [ 60D1A6342238378BFB7545C81EE3606C ] EventSystem C:\WINDOWS\system32\es.dll
08:03:55.0984 1584 EventSystem - ok
08:03:56.0015 1584 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
08:03:56.0031 1584 Fastfat - ok
08:03:56.0046 1584 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
08:03:56.0046 1584 FastUserSwitchingCompatibility - ok
08:03:56.0062 1584 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
08:03:56.0062 1584 Fdc - ok
08:03:56.0109 1584 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
08:03:56.0109 1584 Fips - ok
08:03:56.0140 1584 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
08:03:56.0140 1584 Flpydisk - ok
08:03:56.0171 1584 [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
08:03:56.0171 1584 FltMgr - ok
08:03:56.0250 1584 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:03:56.0265 1584 FontCache3.0.0.0 - ok
08:03:56.0281 1584 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:03:56.0281 1584 Fs_Rec - ok
08:03:56.0281 1584 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:03:56.0296 1584 Ftdisk - ok
08:03:56.0312 1584 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:03:56.0328 1584 GEARAspiWDM - ok
08:03:56.0328 1584 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:03:56.0328 1584 Gpc - ok
08:03:56.0375 1584 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:03:56.0375 1584 HDAudBus - ok
08:03:56.0406 1584 [ C865D1F6D03595DF213DC3C67E4E4C58 ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys
08:03:56.0406 1584 HECI - ok
08:03:56.0468 1584 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:03:56.0468 1584 helpsvc - ok
08:03:56.0500 1584 [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ C:\WINDOWS\System32\hidserv.dll
08:03:56.0500 1584 HidServ - ok
08:03:56.0531 1584 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:03:56.0531 1584 HidUsb - ok
08:03:56.0531 1584 hpn - ok
08:03:56.0562 1584 [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
08:03:56.0562 1584 HTTP - ok
08:03:56.0593 1584 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
08:03:56.0593 1584 HTTPFilter - ok
08:03:56.0593 1584 i2omgmt - ok
08:03:56.0593 1584 i2omp - ok
08:03:56.0609 1584 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:03:56.0625 1584 i8042prt - ok
08:03:56.0703 1584 [ CD32607F1CC8AC67224334AE123F7B98 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
08:03:56.0750 1584 ialm - ok
08:03:56.0796 1584 [ FD7F9D74C2B35DBDA400804A3F5ED5D8 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
08:03:56.0812 1584 iaStor - ok
08:03:56.0875 1584 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
08:03:56.0875 1584 IDriverT - ok
08:03:56.0937 1584 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:03:56.0968 1584 idsvc - ok
08:03:57.0000 1584 [ F67554DA27D5B55EFCB6C7CB4818FBFD ] IFXTPM C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
08:03:57.0000 1584 IFXTPM - ok
08:03:57.0031 1584 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
08:03:57.0046 1584 Imapi - ok
08:03:57.0062 1584 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
08:03:57.0078 1584 ImapiService - ok
08:03:57.0078 1584 ini910u - ok
08:03:57.0093 1584 [ E1DF634BEC066B3D4FFE437BCB78C282 ] Inspect C:\WINDOWS\system32\DRIVERS\inspect.sys
08:03:57.0109 1584 Inspect - ok
08:03:57.0109 1584 IntelIde - ok
08:03:57.0140 1584 [ 279FB78702454DFF2BB445F238C048D2 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:03:57.0140 1584 intelppm - ok
08:03:57.0140 1584 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
08:03:57.0140 1584 Ip6Fw - ok
08:03:57.0156 1584 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:03:57.0171 1584 IpFilterDriver - ok
08:03:57.0171 1584 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:03:57.0187 1584 IpInIp - ok
08:03:57.0218 1584 [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:03:57.0218 1584 IpNat - ok
08:03:57.0281 1584 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:03:57.0296 1584 iPod Service - ok
08:03:57.0312 1584 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:03:57.0312 1584 IPSec - ok
08:03:57.0343 1584 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
08:03:57.0343 1584 IRENUM - ok
08:03:57.0359 1584 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:03:57.0359 1584 isapnp - ok
08:03:57.0375 1584 JavaQuickStarterService - ok
08:03:57.0406 1584 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:03:57.0406 1584 Kbdclass - ok
08:03:57.0421 1584 [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:03:57.0437 1584 kbdhid - ok
08:03:57.0453 1584 [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
08:03:57.0453 1584 kmixer - ok
08:03:57.0468 1584 [ 674D3E5A593475915DC6643317192403 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
08:03:57.0484 1584 KSecDD - ok
08:03:57.0500 1584 [ 0CB3AF149A0BAC0836022CA307C7A0F8 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
08:03:57.0515 1584 lanmanserver - ok
08:03:57.0531 1584 [ E1F27CFCD114EC9F1E1F44674B2FF9F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
08:03:57.0531 1584 lanmanworkstation - ok
08:03:57.0531 1584 lbrtfdc - ok
08:03:57.0562 1584 [ 4DD47B5AF0B24871EBB9EFC012A7474E ] LgBttPort C:\WINDOWS\system32\DRIVERS\lgbtport.sys
08:03:57.0562 1584 LgBttPort - ok
08:03:57.0578 1584 [ 1D038CA6C529203087A990E5E97887B4 ] lgbusenum C:\WINDOWS\system32\DRIVERS\lgbtbus.sys
08:03:57.0578 1584 lgbusenum - ok
08:03:57.0609 1584 [ 26F1976A330195D62A6224C76968CF0D ] LGVMODEM C:\WINDOWS\system32\DRIVERS\lgvmodem.sys
08:03:57.0609 1584 LGVMODEM - ok
08:03:57.0625 1584 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
08:03:57.0625 1584 LmHosts - ok
08:03:57.0671 1584 [ BA1347822D01B2D29C14CF09663A6457 ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
08:03:57.0687 1584 LVRS - ok
08:03:57.0781 1584 [ E2C99D3B692BA2173114C9DF79313B70 ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
08:03:57.0875 1584 LVUVC - ok
08:03:57.0921 1584 [ 4F74184920B2D6E33024409B4C5C57C1 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
08:03:57.0921 1584 McciCMService - ok
08:03:57.0953 1584 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
08:03:57.0953 1584 MDM - ok
08:03:57.0968 1584 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
08:03:57.0984 1584 Messenger - ok
08:03:58.0000 1584 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
08:03:58.0015 1584 mnmdd - ok
08:03:58.0031 1584 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
08:03:58.0031 1584 mnmsrvc - ok
08:03:58.0062 1584 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
08:03:58.0062 1584 Modem - ok
08:03:58.0062 1584 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:03:58.0078 1584 Mouclass - ok
08:03:58.0078 1584 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:03:58.0078 1584 mouhid - ok
08:03:58.0093 1584 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
08:03:58.0093 1584 MountMgr - ok
08:03:58.0171 1584 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:03:58.0187 1584 MozillaMaintenance - ok
08:03:58.0187 1584 mraid35x - ok
08:03:58.0218 1584 [ 80B2EC735495823AE5771A5F603E73BD ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
08:03:58.0234 1584 MREMP50 - ok
08:03:58.0234 1584 MREMP50a64 - ok
08:03:58.0234 1584 MREMPR5 - ok
08:03:58.0234 1584 MRENDIS5 - ok
08:03:58.0250 1584 [ 37D7C22F7E26DA90E2D2D260E5D27846 ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
08:03:58.0250 1584 MRESP50 - ok
08:03:58.0250 1584 MRESP50a64 - ok
08:03:58.0265 1584 [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:03:58.0265 1584 MRxDAV - ok
08:03:58.0296 1584 [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:03:58.0312 1584 MRxSmb - ok
08:03:58.0343 1584 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
08:03:58.0343 1584 MSDTC - ok
08:03:58.0375 1584 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
08:03:58.0375 1584 Msfs - ok
08:03:58.0375 1584 MSIServer - ok
08:03:58.0390 1584 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:03:58.0390 1584 MSKSSRV - ok
08:03:58.0406 1584 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:03:58.0406 1584 MSPCLOCK - ok
08:03:58.0406 1584 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
08:03:58.0406 1584 MSPQM - ok
08:03:58.0437 1584 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:03:58.0437 1584 mssmbios - ok
08:03:58.0453 1584 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
08:03:58.0453 1584 MSTEE - ok
08:03:58.0484 1584 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
08:03:58.0484 1584 Mup - ok
08:03:58.0515 1584 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:03:58.0515 1584 NABTSFEC - ok
08:03:58.0546 1584 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
08:03:58.0562 1584 NDIS - ok
08:03:58.0578 1584 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:03:58.0578 1584 NdisIP - ok
08:03:58.0593 1584 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:03:58.0593 1584 NdisTapi - ok
08:03:58.0625 1584 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:03:58.0625 1584 Ndisuio - ok
08:03:58.0656 1584 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:03:58.0656 1584 NdisWan - ok
08:03:58.0671 1584 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
08:03:58.0687 1584 NDProxy - ok
08:03:58.0687 1584 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
08:03:58.0687 1584 NetBIOS - ok
08:03:58.0703 1584 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
08:03:58.0718 1584 NetBT - ok
08:03:58.0750 1584 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
08:03:58.0765 1584 NetDDE - ok
08:03:58.0765 1584 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
08:03:58.0765 1584 NetDDEdsdm - ok
08:03:58.0781 1584 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
08:03:58.0781 1584 Netlogon - ok
08:03:58.0812 1584 [ 36739B39267914BA69AD0610A0299732 ] Netman C:\WINDOWS\System32\netman.dll
08:03:58.0812 1584 Netman - ok
08:03:58.0843 1584 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:03:58.0859 1584 NetTcpPortSharing - ok
08:03:58.0890 1584 [ 097722F235A1FB698BF9234E01B52637 ] Nla C:\WINDOWS\System32\mswsock.dll
08:03:58.0890 1584 Nla - ok
08:03:58.0921 1584 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
08:03:58.0921 1584 Npfs - ok
08:03:58.0968 1584 [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
08:03:58.0968 1584 Ntfs - ok
08:03:59.0000 1584 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
08:03:59.0000 1584 NtLmSsp - ok
08:03:59.0046 1584 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
08:03:59.0062 1584 NtmsSvc - ok
08:03:59.0078 1584 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
08:03:59.0078 1584 Null - ok
08:03:59.0125 1584 [ 0CB5B94EA315B3CAAE5A3E03F6A4AA69 ] NWCWorkstation C:\WINDOWS\System32\nwwks.dll
08:03:59.0125 1584 NWCWorkstation - ok
08:03:59.0140 1584 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:03:59.0156 1584 NwlnkFlt - ok
08:03:59.0171 1584 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:03:59.0187 1584 NwlnkFwd - ok
08:03:59.0203 1584 [ 79EA3FCDA7067977625B3363A2657C80 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
08:03:59.0203 1584 NwlnkIpx - ok
08:03:59.0218 1584 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
08:03:59.0218 1584 NwlnkNb - ok
08:03:59.0234 1584 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
08:03:59.0250 1584 NwlnkSpx - ok
08:03:59.0265 1584 [ 3F18D9365BE71C7B2E43B7CF4A0C1A10 ] NWRDR C:\WINDOWS\system32\DRIVERS\nwrdr.sys
08:03:59.0265 1584 NWRDR - ok
08:03:59.0296 1584 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:03:59.0296 1584 ose - ok
08:03:59.0359 1584 [ 7740D31B30D20E52F3427226891A4E05 ] PanService C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
08:03:59.0375 1584 PanService - ok
08:03:59.0375 1584 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
08:03:59.0390 1584 Parport - ok
08:03:59.0390 1584 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
08:03:59.0390 1584 PartMgr - ok
08:03:59.0421 1584 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
08:03:59.0421 1584 ParVdm - ok
08:03:59.0453 1584 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
08:03:59.0453 1584 PCI - ok
08:03:59.0453 1584 PCIDump - ok
08:03:59.0453 1584 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
08:03:59.0468 1584 PCIIde - ok
08:03:59.0484 1584 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
08:03:59.0484 1584 Pcmcia - ok
08:03:59.0484 1584 PDCOMP - ok
08:03:59.0484 1584 PDFRAME - ok
08:03:59.0500 1584 PDRELI - ok
08:03:59.0500 1584 PDRFRAME - ok
08:03:59.0500 1584 perc2 - ok
08:03:59.0500 1584 perc2hib - ok
08:03:59.0531 1584 [ 37561F8D4160D62DA86D24AE41FAE8DE ] PlugPlay C:\WINDOWS\system32\services.exe
08:03:59.0531 1584 PlugPlay - ok
08:03:59.0531 1584 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
08:03:59.0531 1584 PolicyAgent - ok
08:03:59.0546 1584 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:03:59.0546 1584 PptpMiniport - ok
08:03:59.0546 1584 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
08:03:59.0546 1584 ProtectedStorage - ok
08:03:59.0593 1584 [ 64E413BA0C529AA40C3924BBCC4153DB ] ProtexisLicensing C:\WINDOWS\system32\PSIService.exe
08:03:59.0593 1584 ProtexisLicensing - ok
08:03:59.0593 1584 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:03:59.0593 1584 Ptilink - ok
08:03:59.0593 1584 ql1080 - ok
08:03:59.0609 1584 Ql10wnt - ok
08:03:59.0609 1584 ql12160 - ok
08:03:59.0609 1584 ql1240 - ok
08:03:59.0609 1584 ql1280 - ok
08:03:59.0640 1584 RapportIaso - ok
08:03:59.0656 1584 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:03:59.0656 1584 RasAcd - ok
08:03:59.0687 1584 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
08:03:59.0703 1584 RasAuto - ok
08:03:59.0718 1584 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:03:59.0718 1584 Rasl2tp - ok
08:03:59.0750 1584 [ 49B5EED5FB89D39456A2F616CCD8BA5D ] RasMan C:\WINDOWS\System32\rasmans.dll
08:03:59.0750 1584 RasMan - ok
08:03:59.0750 1584 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:03:59.0765 1584 RasPppoe - ok
08:03:59.0765 1584 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
08:03:59.0781 1584 Raspti - ok
08:03:59.0796 1584 [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:03:59.0796 1584 Rdbss - ok
08:03:59.0812 1584 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:03:59.0812 1584 RDPCDD - ok
08:03:59.0843 1584 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:03:59.0859 1584 rdpdr - ok
08:03:59.0875 1584 [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
08:03:59.0890 1584 RDPWD - ok
08:03:59.0906 1584 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
08:03:59.0921 1584 RDSessMgr - ok
08:03:59.0937 1584 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
08:03:59.0937 1584 redbook - ok
08:03:59.0968 1584 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
08:03:59.0984 1584 RemoteAccess - ok
08:04:00.0000 1584 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
08:04:00.0015 1584 RemoteRegistry - ok
08:04:00.0062 1584 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
08:04:00.0062 1584 RimUsb - ok
08:04:00.0078 1584 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe
08:04:00.0093 1584 RpcLocator - ok
08:04:00.0109 1584 [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] RpcSs C:\WINDOWS\System32\rpcss.dll
08:04:00.0109 1584 RpcSs - ok
08:04:00.0156 1584 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
08:04:00.0156 1584 RSVP - ok
08:04:00.0187 1584 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
08:04:00.0187 1584 SamSs - ok
08:04:00.0203 1584 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
08:04:00.0218 1584 SASDIFSV - ok
08:04:00.0218 1584 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
08:04:00.0218 1584 SASKUTIL - ok
08:04:00.0234 1584 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
08:04:00.0250 1584 SCardSvr - ok
08:04:00.0265 1584 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
08:04:00.0281 1584 Schedule - ok
08:04:00.0312 1584 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:04:00.0312 1584 Secdrv - ok
08:04:00.0343 1584 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
08:04:00.0343 1584 seclogon - ok
08:04:00.0343 1584 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
08:04:00.0343 1584 SENS - ok
08:04:00.0359 1584 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
08:04:00.0359 1584 serenum - ok
08:04:00.0359 1584 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
08:04:00.0375 1584 Serial - ok
08:04:00.0390 1584 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
08:04:00.0390 1584 Sfloppy - ok
08:04:00.0421 1584 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
08:04:00.0421 1584 SharedAccess - ok
08:04:00.0421 1584 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
08:04:00.0421 1584 ShellHWDetection - ok
08:04:00.0437 1584 Simbad - ok
08:04:00.0453 1584 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:04:00.0468 1584 SLIP - ok
08:04:00.0468 1584 Sparrow - ok
08:04:00.0484 1584 [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
08:04:00.0484 1584 splitter - ok
08:04:00.0515 1584 [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler C:\WINDOWS\system32\spoolsv.exe
08:04:00.0515 1584 Spooler - ok
08:04:00.0562 1584 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
08:04:00.0562 1584 sr - ok
08:04:00.0578 1584 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
08:04:00.0593 1584 srservice - ok
08:04:00.0609 1584 [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
08:04:00.0609 1584 Srv - ok
08:04:00.0640 1584 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
08:04:00.0640 1584 SSDPSRV - ok
08:04:00.0671 1584 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
08:04:00.0671 1584 ssmdrv - ok
08:04:00.0718 1584 [ B6763F8534AC547CF1AF98AFDFF2EDC8 ] stisvc C:\WINDOWS\system32\wiaservc.dll
08:04:00.0718 1584 stisvc - ok
08:04:00.0750 1584 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:04:00.0750 1584 streamip - ok
08:04:00.0765 1584 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
08:04:00.0765 1584 swenum - ok
08:04:00.0781 1584 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
08:04:00.0796 1584 swmidi - ok
08:04:00.0796 1584 SwPrv - ok
08:04:00.0796 1584 symc810 - ok
08:04:00.0796 1584 symc8xx - ok
08:04:00.0796 1584 sym_hi - ok
08:04:00.0796 1584 sym_u3 - ok
08:04:00.0812 1584 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
08:04:00.0812 1584 sysaudio - ok
08:04:00.0843 1584 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
08:04:00.0859 1584 SysmonLog - ok
08:04:00.0890 1584 [ FB78839B36025AA286A51289ED28B73E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
08:04:00.0890 1584 TapiSrv - ok
08:04:00.0921 1584 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:04:00.0937 1584 Tcpip - ok
08:04:00.0953 1584 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
08:04:00.0953 1584 TDPIPE - ok
08:04:00.0968 1584 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
08:04:00.0984 1584 TDTCP - ok
08:04:01.0000 1584 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
08:04:01.0000 1584 TermDD - ok
08:04:01.0031 1584 [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService C:\WINDOWS\System32\termsrv.dll
08:04:01.0031 1584 TermService - ok
08:04:01.0046 1584 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] Themes C:\WINDOWS\System32\shsvcs.dll
08:04:01.0046 1584 Themes - ok
08:04:01.0078 1584 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
08:04:01.0078 1584 TlntSvr - ok
08:04:01.0093 1584 TMPassthruMP - ok
08:04:01.0093 1584 TosIde - ok
08:04:01.0125 1584 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
08:04:01.0125 1584 TrkWks - ok
08:04:01.0156 1584 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
08:04:01.0156 1584 Udfs - ok
08:04:01.0171 1584 ultra - ok
08:04:01.0187 1584 [ CED744117E91BDC0BEB810F7D8608183 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
08:04:01.0203 1584 Update - ok
08:04:01.0234 1584 [ ACA5D98663D879C6BAAFCEA7E2F1B710 ] upnphost C:\WINDOWS\System32\upnphost.dll
08:04:01.0234 1584 upnphost - ok
08:04:01.0250 1584 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
08:04:01.0250 1584 UPS - ok
08:04:01.0281 1584 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
08:04:01.0281 1584 USBAAPL - ok
08:04:01.0312 1584 [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
08:04:01.0312 1584 usbaudio - ok
08:04:01.0343 1584 [ 9419FAAC6552A51542DBBA02971C841C ] usbbus C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
08:04:01.0343 1584 usbbus - ok
08:04:01.0359 1584 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:04:01.0359 1584 usbccgp - ok
08:04:01.0375 1584 [ C0A466FA4FFEC464320E159BC1BBDC0C ] UsbDiag C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
08:04:01.0375 1584 UsbDiag - ok
08:04:01.0406 1584 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:04:01.0421 1584 usbehci - ok
08:04:01.0421 1584 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:04:01.0421 1584 usbhub - ok
08:04:01.0453 1584 [ F74A54774A9B0AFEB3C40ADEC68AA600 ] USBModem C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
08:04:01.0453 1584 USBModem - ok
08:04:01.0484 1584 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:04:01.0484 1584 usbprint - ok
08:04:01.0500 1584 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:04:01.0515 1584 usbscan - ok
08:04:01.0531 1584 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:04:01.0531 1584 USBSTOR - ok
08:04:01.0546 1584 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:04:01.0546 1584 usbuhci - ok
08:04:01.0593 1584 [ 8968FF3973A883C49E8B564200F565B9 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
08:04:01.0593 1584 usbvideo - ok
08:04:01.0593 1584 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
08:04:01.0593 1584 VgaSave - ok
08:04:01.0609 1584 ViaIde - ok
08:04:01.0625 1584 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
08:04:01.0625 1584 VolSnap - ok
08:04:01.0671 1584 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
08:04:01.0687 1584 VSS - ok
08:04:01.0734 1584 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll
08:04:01.0734 1584 W32Time - ok
08:04:01.0750 1584 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:04:01.0750 1584 Wanarp - ok
08:04:01.0750 1584 WDICA - ok
08:04:01.0765 1584 [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
08:04:01.0765 1584 wdmaud - ok
08:04:01.0796 1584 [ 265F534EF76832435AFBF771EC97176D ] WebClient C:\WINDOWS\System32\webclnt.dll
08:04:01.0812 1584 WebClient - ok
08:04:01.0875 1584 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
08:04:01.0875 1584 winmgmt - ok
08:04:01.0906 1584 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
08:04:01.0906 1584 WmdmPmSN - ok
08:04:01.0953 1584 [ 1081C185AED0660B2B5F173C3E023B23 ] Wmi C:\WINDOWS\System32\advapi32.dll
08:04:01.0953 1584 Wmi - ok
08:04:01.0984 1584 [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
08:04:01.0984 1584 WmiAcpi - ok
08:04:02.0000 1584 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:04:02.0015 1584 WmiApSrv - ok
08:04:02.0078 1584 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
08:04:02.0125 1584 WMPNetworkSvc - ok
08:04:02.0187 1584 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:04:02.0203 1584 WPFFontCache_v0400 - ok
08:04:02.0218 1584 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:04:02.0218 1584 WS2IFSL - ok
08:04:02.0250 1584 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
08:04:02.0265 1584 wscsvc - ok
08:04:02.0296 1584 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:04:02.0296 1584 WSTCODEC - ok
08:04:02.0328 1584 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
08:04:02.0343 1584 wuauserv - ok
08:04:02.0359 1584 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:04:02.0375 1584 WudfPf - ok
08:04:02.0390 1584 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:04:02.0390 1584 WudfRd - ok
08:04:02.0406 1584 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
08:04:02.0406 1584 WudfSvc - ok
08:04:02.0437 1584 [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
08:04:02.0437 1584 WZCSVC - ok
08:04:02.0468 1584 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
08:04:02.0468 1584 xmlprov - ok
08:04:02.0500 1584 ================ Scan global ===============================
08:04:02.0531 1584 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
08:04:02.0546 1584 [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll
08:04:02.0562 1584 [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll
08:04:02.0578 1584 [ 37561F8D4160D62DA86D24AE41FAE8DE ] C:\WINDOWS\system32\services.exe
08:04:02.0578 1584 [Global] - ok
08:04:02.0578 1584 ================ Scan MBR ==================================
08:04:02.0593 1584 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
08:04:02.0718 1584 \Device\Harddisk0\DR0 - ok
08:04:02.0718 1584 ================ Scan VBR ==================================
08:04:02.0718 1584 [ 26D3791915B1F49B67201FF0D9ACD709 ] \Device\Harddisk0\DR0\Partition1
08:04:02.0718 1584 \Device\Harddisk0\DR0\Partition1 - ok
08:04:02.0718 1584 ============================================================
08:04:02.0718 1584 Scan finished
08:04:02.0718 1584 ============================================================
08:04:02.0734 1516 Detected object count: 0
08:04:02.0734 1516 Actual detected object count: 0
08:06:07.0328 3924 ============================================================
08:06:07.0328 3924 Scan started
08:06:07.0328 3924 Mode: Manual; SigCheck; TDLFS;
08:06:07.0328 3924 ============================================================
08:06:07.0453 3924 ================ Scan system memory ========================
08:06:07.0468 3924 System memory - ok
08:06:07.0468 3924 ================ Scan services =============================
08:06:07.0546 3924 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
08:06:07.0593 3924 !SASCORE - ok
08:06:07.0656 3924 Abiosdsk - ok
08:06:07.0656 3924 abp480n5 - ok
08:06:07.0703 3924 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:06:09.0234 3924 ACPI - ok
08:06:09.0250 3924 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
08:06:09.0359 3924 ACPIEC - ok
08:06:09.0406 3924 [ 4E6E32DF81005355056A76491D29D05C ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
08:06:09.0453 3924 ADIHdAudAddService - ok
08:06:09.0453 3924 adpu160m - ok
08:06:09.0468 3924 [ 058CDC314672A28A90566A787D9876E7 ] AEAudio C:\WINDOWS\system32\drivers\AEAudio.sys
08:06:09.0500 3924 AEAudio - ok
08:06:09.0531 3924 [ 1EE7B434BA961EF845DE136224C30FEC ] aec C:\WINDOWS\system32\drivers\aec.sys
08:06:09.0687 3924 aec - ok
08:06:09.0718 3924 [ 55E6E1C51B6D30E54335750955453702 ] AFD C:\WINDOWS\System32\drivers\afd.sys
08:06:09.0765 3924 AFD - ok
08:06:09.0765 3924 Aha154x - ok
08:06:09.0781 3924 aic78u2 - ok
08:06:09.0781 3924 aic78xx - ok
08:06:09.0781 3924 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
08:06:09.0906 3924 Alerter - ok
08:06:09.0921 3924 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
08:06:09.0984 3924 ALG - ok
08:06:09.0984 3924 AliIde - ok
08:06:09.0984 3924 amsint - ok
08:06:10.0046 3924 [ B4837FE56D76B2E9EA90E5365CF6A2BE ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
08:06:10.0062 3924 AntiVirSchedulerService - ok
08:06:10.0078 3924 [ DF5A3016052755C910A206058B4A1729 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
08:06:10.0078 3924 AntiVirService - ok
08:06:10.0125 3924 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:06:10.0140 3924 Apple Mobile Device - ok
08:06:10.0156 3924 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
08:06:10.0234 3924 AppMgmt - ok
08:06:10.0234 3924 asc - ok
08:06:10.0234 3924 asc3350p - ok
08:06:10.0234 3924 asc3550 - ok
08:06:10.0343 3924 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:06:10.0343 3924 aspnet_state - ok
08:06:10.0359 3924 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:06:10.0468 3924 AsyncMac - ok
08:06:10.0500 3924 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
08:06:10.0609 3924 atapi - ok
08:06:10.0609 3924 Atdisk - ok
08:06:10.0625 3924 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:06:10.0734 3924 Atmarpc - ok
08:06:10.0765 3924 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
08:06:10.0859 3924 AudioSrv - ok
08:06:10.0890 3924 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
08:06:11.0000 3924 audstub - ok
08:06:11.0015 3924 [ 0B497C79824F8E1BF22FA6AACD3DE3A0 ] avgio C:\Program Files\Avira\AntiVir Desktop\avgio.sys
08:06:11.0031 3924 avgio - ok
08:06:11.0062 3924 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
08:06:11.0109 3924 avgntflt - ok
08:06:11.0125 3924 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
08:06:11.0140 3924 avipbb - ok
08:06:11.0171 3924 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
08:06:11.0265 3924 Beep - ok
08:06:11.0296 3924 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll
08:06:11.0406 3924 BITS - ok
08:06:11.0453 3924 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:06:11.0468 3924 Bonjour Service - ok
08:06:11.0500 3924 [ D3FACB34FFF5DB91ADB70987838F8BA7 ] Brother XP spl Service C:\WINDOWS\system32\brsvc01a.exe
08:06:11.0593 3924 Brother XP spl Service - ok
08:06:11.0656 3924 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll
08:06:11.0734 3924 Browser - ok
08:06:11.0781 3924 [ 2FE6D5BE0629F706197B30C0AA05DE30 ] BrPar C:\WINDOWS\System32\drivers\BrPar.sys
08:06:11.0796 3924 BrPar ( UnsignedFile.Multi.Generic ) - warning
08:06:11.0796 3924 BrPar - detected UnsignedFile.Multi.Generic (1)
08:06:11.0828 3924 [ 3DC7B0C7BE6164D3152513C0C208AD3B ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
08:06:11.0843 3924 btaudio - ok
08:06:11.0859 3924 [ 2F9F111D31AA3FBBE5781D829A4524E6 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
08:06:11.0875 3924 BTDriver - ok
08:06:11.0890 3924 [ 9F704F40CD50AE05BBFC492C0342E765 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
08:06:11.0906 3924 BTKRNL - ok
08:06:11.0984 3924 [ 7F9450547C5C1BC1FA9FD7E1059796CC ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
08:06:11.0984 3924 btwdins - ok
08:06:12.0015 3924 [ 485020A1E1FC5C51A800CA69C618D881 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
08:06:12.0015 3924 BTWDNDIS - ok
08:06:12.0031 3924 [ C51D50CF24DA69A9C499E65B0EDB3BB7 ] btwhid C:\WINDOWS\system32\DRIVERS\btwhid.sys
08:06:12.0031 3924 btwhid - ok
08:06:12.0062 3924 [ 1166CB501E1C34750A91600579EFEAB3 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
08:06:12.0062 3924 BTWUSB - ok
08:06:12.0171 3924 catchme - ok
08:06:12.0187 3924 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
08:06:12.0296 3924 cbidf2k - ok
08:06:12.0328 3924 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:06:12.0437 3924 CCDECODE - ok
08:06:12.0437 3924 cd20xrnt - ok
08:06:12.0453 3924 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
08:06:12.0546 3924 Cdaudio - ok
08:06:12.0578 3924 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
08:06:12.0671 3924 Cdfs - ok
08:06:12.0703 3924 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:06:12.0796 3924 Cdrom - ok
08:06:12.0796 3924 Changer - ok
08:06:12.0812 3924 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
08:06:12.0921 3924 CiSvc - ok
08:06:12.0937 3924 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
08:06:13.0031 3924 ClipSrv - ok
08:06:13.0062 3924 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:06:13.006

Painted Pony · « **Reply #5 on:** November 13, 2012, 09:15:02 AM »

What was indicated in the last screenshot didn't appear.

Dr Jay · « **Reply #6 on:** November 13, 2012, 10:48:27 AM »

avast! aswMBR

Please download aswMBR from here

Save aswMBR.exe to your Desktop
Double click aswMBR.exe to run it
Uncheck "Trace disk IO calls".
Click the Scan button to start the scan as illustrated below

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.

Once the scan finishes click Save log to save the log to your Desktop
Copy and paste the contents of aswMBR.txt back here for review
Please also find MBR.dat on your Desktop, and rename it to MBRscan.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.

Painted Pony · « **Reply #7 on:** November 13, 2012, 12:32:59 PM »

I have aswMBR.txt log saved but having problems uploading MBRscan.txt. You said to rename it "MBR.dat/txt" but it doesn't accept '/'...pls advise.

Painted Pony · « **Reply #8 on:** November 13, 2012, 12:34:04 PM »

here is the first one:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-13 11:22:21
-----------------------------
11:22:21.625 OS Version: Windows 5.1.2600 Service Pack 2
11:22:21.625 Number of processors: 2 586 0xF0B
11:22:21.625 ComputerName: SHARON-RAS UserName: Sharon
11:22:22.000 Initialize success
11:22:48.281 AVAST engine download error: 0
11:23:36.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-16
11:23:36.984 Disk 0 Vendor: Hitachi_HDS721680PLA380 P21OABDA Size: 76319MB BusType: 3
11:23:37.000 Disk 0 MBR read successfully
11:23:37.000 Disk 0 MBR scan
11:23:37.000 Disk 0 Windows XP default MBR code
11:23:37.000 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76206 MB offset 63
11:23:37.015 Disk 0 Partition 2 00 72 101 MB offset 156071475
11:23:37.015 Disk 0 scanning sectors +156280320
11:23:37.062 Disk 0 scanning C:\WINDOWS\system32\drivers
11:23:42.843 Service scanning
11:23:53.984 Modules scanning
11:23:58.953 Scan finished successfully
11:24:24.640 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sharon\Desktop\MBR.dat"
11:24:24.640 The log file has been saved successfully to "C:\Documents and Settings\Sharon\Desktop\aswMBR.txt"

Painted Pony · « **Reply #9 on:** November 13, 2012, 12:43:00 PM »

for some reason the MBR.dat is saving as a .mpeg file in my KMP program

Dr Jay · « **Reply #10 on:** November 13, 2012, 12:49:41 PM »

Good job!

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
Click Start or wait for the scanner to load.
Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, there are a couple of things to keep in mind:
1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
Open the logfile from wherever you saved it
Copy and paste the contents in your next reply.

Painted Pony · « **Reply #11 on:** November 13, 2012, 12:56:45 PM »

before continuing with ESET.

Comodo (cloud scanner alert) has been popping up re: .Heur...for now I've been "ignoring" the msg. It indicates that its in my C:\program files\Quicktime. FYI.

Painted Pony · « **Reply #12 on:** November 13, 2012, 01:00:32 PM »

Can I still work online while ESET is scanning?

Dr Jay · « **Reply #13 on:** November 13, 2012, 01:10:39 PM »

Yeah, go for it.

Painted Pony · « **Reply #14 on:** November 13, 2012, 01:12:45 PM »

the answer I was hoping for. Thx Jay.

Computer Hope Forum

News:

Author Topic: Comodo detected:Heur.suspicious@1. (Read 16509 times)

Painted Pony

Comodo detected:Heur.suspicious@1.

Dr Jay

Re: Comodo detected:Heur.suspicious@1.

Painted Pony

Re: Comodo detected:Heur.suspicious@1.

Dr Jay

Re: Comodo detected:Heur.suspicious@1.

Painted Pony

Re: Comodo detected:Heur.suspicious@1.

Painted Pony

Re: Comodo detected:Heur.suspicious@1.

Dr Jay

Re: Comodo detected:Heur.suspicious@1.

Painted Pony

Re: Comodo detected:Heur.suspicious@1.

Painted Pony

Re: Comodo detected:Heur.suspicious@1.

Painted Pony

Re: Comodo detected:Heur.suspicious@1.

Dr Jay

Re: Comodo detected:Heur.suspicious@1.

Painted Pony

Re: Comodo detected:Heur.suspicious@1.

Painted Pony

Re: Comodo detected:Heur.suspicious@1.

Dr Jay

Re: Comodo detected:Heur.suspicious@1.

Painted Pony

Re: Comodo detected:Heur.suspicious@1.