TrojanClicker: Win 32 Yabector.gen

View previous topic View next topic Go down

TrojanClicker: Win 32 Yabector.gen

Post by RonnieJo on Fri 13 Jul 2012, 9:43 pm

DESCRIPTION OF PROBLEM:

A few years ago my internet server cancelled my internet due to emails being transmitted from this computer. My husband was using it and I had AVG free Anti Virus installed and as he's not up with computers much he didn't think to make sure the program kept updating each day. I happen to see the AVG icon not up-to-date symbol a couple of days before my Server disconnected us. I formatted the computer twice from memory and it still played up so I turned it off and didn't use it again. I think I tried it again a while later but wasn't game to keep going with it. My daughter now needs a computer and I have a mobile USB stick so I'm using that so as not to have the main broadband modem comprimised. Yesterday I turned the computer on and downloaded Microsoft Security Essentials and ran a scan it found TrojanClicker: Win 32/Yabector.gen. It quarantined the virus, I restarted the computer and run the scan again, the same virus was found and quarantined again. I turned it off last night, turned it back on this morning, run the virus scan and it was clean. I DON'T TRUST IT YET. Hopefully you can help me, I would really appreciate it. Thank you in advance, Ronniejo

I also have the OTL Log, OTL Extras Log, aswMBR Log and the checkup log from Security Check by Screen 317 but I get a message to say MY POST IS TOO LONG.

RonnieJo

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2012-07-12
Operating System : Windows XP

View user profile

Back to top Go down

Re: TrojanClicker: Win 32 Yabector.gen

Post by houndmom on Fri 13 Jul 2012, 11:57 pm

Opening Speech
Hello, Welcome to GeekPolice! I am Houndmom and I will be helping you get your computer cleaned up.


Please note the following information about the malware forum:


    * Only Tech Officers, Global Moderators, Administrators, Malware Advisors,and Tech Advisors are allowed to give advice on removing malware from your computer.
    * From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
    * Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    * If you have already asked for help somewhere, please post the link to the topic you were helped.
    * We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see [You must be registered and logged in to see this link.].

    * Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.



It may take several posts to get it all copied and pasted in.

houndmom

Tech Advisor
Tech Advisor

Posts : 1053
Joined : 2010-04-28
Operating System : 7 ultimate

View user profile

Back to top Go down

Re: TrojanClicker: Win 32 Yabector.gen

Post by RonnieJo on Fri 20 Jul 2012, 9:16 pm

Sorry Houndmom I've been waiting for an email from you as I obviously misunderstood, oops! Thank you for being patient with me. I will now post the logs you have asked for, all in separate posts so as not to get the same message as before:

OTL logfile created on: 12/07/2012 4:42:34 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\DARRYL\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1022.04 Mb Total Physical Memory | 434.57 Mb Available Physical Memory | 42.52% Memory free
2.40 Gb Paging File | 1.83 Gb Available in Paging File | 76.02% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.20 Gb Total Space | 40.49 Gb Free Space | 76.12% Space Free | Partition Type: FAT32
Drive D: | 53.69 Gb Total Space | 53.40 Gb Free Space | 99.47% Space Free | Partition Type: FAT32

Computer Name: ACER-FD6B6B72E3 | User Name: DARRYL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/12 15:51:10 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DARRYL\Desktop\OTL.com
PRC - [2012/07/02 14:25:04 | 003,462,296 | ---- | M] (Babylon Ltd.) -- C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
PRC - [2012/06/05 04:16:24 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files\Wajam\Updater\WajamUpdater.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2010/09/10 05:41:12 | 000,153,968 | R--- | M] (Sierra Wireless, Inc.) -- C:\Program Files\Sierra Wireless Inc\IERA\IERA.exe
PRC - [2010/09/02 17:39:44 | 000,230,768 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
PRC - [2010/02/16 19:44:10 | 000,108,344 | ---- | M] (Glarysoft Ltd) -- C:\Program Files\Glary Utilities\memdefrag.exe
PRC - [2008/04/14 08:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/01 13:10:58 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2007/05/01 11:12:10 | 000,075,336 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
PRC - [2007/05/01 11:12:10 | 000,058,952 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 8\TscHelp.exe
PRC - [2007/05/01 11:11:48 | 006,395,464 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/08/22 05:14:30 | 000,507,904 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\DARRYL\Local Settings\Temp\RtkBtMnt.exe
PRC - [2006/08/10 19:29:14 | 000,352,256 | ---- | M] (Acer Incorporated) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2006/07/20 22:15:32 | 000,593,920 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2006/01/24 18:00:08 | 000,397,312 | ---- | M] (acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\Monitor.exe
PRC - [2005/12/27 15:50:28 | 000,069,632 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2005/10/24 16:45:32 | 002,462,208 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admtray.exe
PRC - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admServ.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/11 16:31:04 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_6a3a5d10\mscorlib.dll
MOD - [2012/07/11 16:31:00 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_6a4fd9db\system.drawing.dll
MOD - [2012/07/11 16:30:52 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_d655997e\system.windows.forms.dll
MOD - [2012/07/11 16:30:46 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_2bffef58\system.dll
MOD - [2012/07/11 16:30:32 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2012/07/11 16:30:32 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/07/11 16:27:00 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2008/03/01 13:10:58 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2008/03/01 13:10:48 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2006/01/20 15:56:00 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\DialogDLL.dll
MOD - [2006/01/20 15:56:00 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2005/12/27 15:50:26 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\MSNChatHook.dll
MOD - [2005/11/28 11:59:16 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/11/28 11:59:16 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005/11/28 11:59:16 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/09/05 16:31:56 | 000,229,472 | ---- | M] () -- C:\Acer\Empowering Technology\NetMonitor.dll
MOD - [2003/12/29 20:45:08 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ServiceControl.dll
MOD - [2003/06/07 13:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/06/05 04:16:24 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/10 05:41:12 | 000,153,968 | R--- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files\Sierra Wireless Inc\IERA\IERA.exe -- (IERA)
SRV - [2010/09/02 17:39:44 | 000,230,768 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe -- (SwiCardDetectSvc)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/01/23 12:41:42 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Unknown] -- C:\Program Files\WinPCap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/12 12:25:14 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1768BD45-3A63-4B8D-AB76-CC702D8238BC}\MpKsl532fe94f.sys -- (MpKsl532fe94f)
DRV - [2010/07/16 11:04:44 | 000,007,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2010/07/16 11:04:16 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2010/06/21 16:07:20 | 000,078,720 | R--- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swiwdmbus.sys -- (swiwdmbus)
DRV - [2010/06/21 15:47:14 | 000,156,544 | R--- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swumxa3.sys -- (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3)
DRV - [2010/06/21 15:46:50 | 000,201,088 | R--- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swnc8ua3.sys -- (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3)
DRV - [2008/03/01 13:10:56 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2006/06/28 16:25:24 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/06/16 19:17:38 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/06/16 19:17:38 | 000,040,064 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/06/16 19:17:36 | 000,061,056 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/04/03 12:17:24 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2006/01/23 12:41:42 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006/01/23 12:41:04 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2006/01/23 12:41:04 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2005/11/28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/10/31 14:17:00 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/10/31 14:16:00 | 000,046,080 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2005/10/24 10:20:52 | 000,218,496 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 16:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 16:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/15 18:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005/09/13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005/06/30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005/05/02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005/01/14 15:57:16 | 000,004,010 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {62BE6A1C-ABE9-4BB4-99B5-FCDF9A35DD29}
IE - HKCU\..\SearchScopes\{62BE6A1C-ABE9-4BB4-99B5-FCDF9A35DD29}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2006/08/22 03:50:08 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)


[2011/06/04 11:05:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DARRYL\Application Data\Mozilla\Extensions
[2011/06/04 11:05:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DARRYL\Application Data\Mozilla\Extensions\uploadr@flickr.com

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (BigPond Mobile Broadband Auto Dial) - {DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85} - C:\Program Files\Telstra\Mobile Broadband Manager\bpwbb2ad.dll (Telstra)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [BigPondWirelessBroadbandCM] C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe (Telstra)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SmartRAM] C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m File not found
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Glary Memory Optimizer] C:\Program Files\Glary Utilities\memdefrag.exe (Glarysoft Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} [You must be registered and logged in to see this link.] (BitDefender QuickScan Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} [You must be registered and logged in to see this link.] (Microsoft Download Manager ActiveX control)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/22 05:15:26 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2007/07/02 04:35:04 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {A38B334A-A0A2-436D-BAA0-34FE5E517E44} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\INF\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/12 16:08:35 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\DARRYL\Desktop\aswMBR.exe
[2012/07/12 15:51:09 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DARRYL\Desktop\OTL.com
[2012/07/12 09:55:34 | 000,275,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2012/07/12 09:55:34 | 000,017,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2012/07/12 09:55:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/07/12 08:48:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2012/07/12 08:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DARRYL\Application Data\PC Utility Kit
[2012/07/12 08:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DARRYL\Application Data\DriverCure
[2012/07/12 08:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Utility Kit
[2012/07/11 16:39:56 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2012/07/11 16:31:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DARRYL\Local Settings\Application Data\Babylon
[2012/07/11 16:31:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Babylon
[2012/07/11 16:31:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/11 16:31:08 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2012/07/11 16:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/07/11 16:28:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DARRYL\Start Menu\Programs\Wajam
[2012/07/11 16:28:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DARRYL\Local Settings\Application Data\Wajam
[2012/07/11 16:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\Wajam
[2012/07/11 16:28:13 | 010,288,512 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\DARRYL\My Documents\mseinstall.exe
[2012/07/11 16:28:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DARRYL\Application Data\Babylon
[2012/07/11 16:28:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/07/11 16:20:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2012/07/11 16:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012/07/11 16:20:14 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012/07/11 16:19:41 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2012/07/11 16:19:41 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2012/07/11 16:19:41 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2012/07/11 16:19:41 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2012/07/11 16:19:41 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2012/07/11 16:19:41 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2012/07/11 15:22:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DARRYL\Local Settings\Application Data\Temp
[2012/07/11 15:22:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DARRYL\Local Settings\Application Data\Adobe
[2012/07/11 15:22:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DARRYL\Application Data\Adobe
[2012/07/11 12:55:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DARRYL\My Documents\My Downloads
[2012/07/11 12:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Download Manager
[2012/07/11 12:55:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Download Manager
[2012/07/11 12:42:33 | 000,201,088 | R--- | C] (Sierra Wireless Inc.) -- C:\WINDOWS\System32\drivers\swnc8ua3.sys
[2012/07/11 12:42:20 | 000,156,544 | R--- | C] (Sierra Wireless Inc.) -- C:\WINDOWS\System32\drivers\swumxa3.sys
[2012/07/11 12:42:16 | 000,078,720 | R--- | C] (Sierra Wireless Inc.) -- C:\WINDOWS\System32\drivers\swiwdmbus.sys
[2012/07/11 12:38:47 | 000,114,688 | ---- | C] (ZTE Corporation) -- C:\WINDOWS\System32\drivers\ZTEusbnet.sys
[2012/07/11 12:38:47 | 000,105,856 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys
[2012/07/11 12:38:47 | 000,105,856 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys
[2012/07/11 12:38:47 | 000,105,856 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys
[2012/07/11 12:38:47 | 000,007,680 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\massfilter.sys
[2012/07/11 12:38:38 | 000,027,072 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\PCASp50.sys
[2012/07/11 12:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Telstra
[2012/07/11 12:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Telstra
[2012/07/11 12:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra Wireless Inc
[2012/07/11 12:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DARRYL\Application Data\Sierra Wireless
[2012/07/11 12:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sierra Wireless
[2012/07/11 12:29:34 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2012/07/11 12:29:31 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/07/11 12:28:14 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2012/07/11 12:26:36 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/12 16:45:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{74FA03F2-ABDB-4E02-BEDB-8842321A8AEB}.job
[2012/07/12 16:28:38 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{344BB9A3-08F8-4094-8134-BB7BE1EDA6E0}.job
[2012/07/12 16:21:46 | 000,881,475 | ---- | M] () -- C:\Documents and Settings\DARRYL\Desktop\SecurityCheck.exe
[2012/07/12 16:14:26 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/07/12 16:08:36 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\DARRYL\Desktop\aswMBR.exe
[2012/07/12 16:01:02 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/07/12 15:51:10 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DARRYL\Desktop\OTL.com
[2012/07/12 08:51:46 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/07/12 08:47:20 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/12 08:11:36 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/07/12 08:01:36 | 000,000,451 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2012/07/12 08:00:50 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/07/12 08:00:50 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012/07/12 08:00:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/12 08:00:40 | 1071,763,456 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/11 20:06:56 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2012/07/11 19:19:28 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\DARRYL\Desktop\Internet.lnk
[2012/07/11 17:29:38 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/11 17:29:38 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/11 16:44:40 | 000,255,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/11 16:32:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/11 16:32:32 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/07/11 16:31:20 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\DARRYL\Application Data\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk
[2012/07/11 16:31:20 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Babylon.lnk
[2012/07/11 16:29:50 | 010,288,512 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\DARRYL\My Documents\mseinstall.exe
[2012/07/11 12:55:40 | 000,001,892 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2012/07/11 12:39:04 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mobile Broadband Manager.lnk
[2012/06/13 21:20:00 | 001,866,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2012/06/13 21:20:00 | 001,866,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

RonnieJo

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2012-07-12
Operating System : Windows XP

View user profile

Back to top Go down

Re: TrojanClicker: Win 32 Yabector.gen

Post by RonnieJo on Fri 20 Jul 2012, 9:16 pm

========== Files Created - No Company Name ==========

[2012/07/12 16:21:45 | 000,881,475 | ---- | C] () -- C:\Documents and Settings\DARRYL\Desktop\SecurityCheck.exe
[2012/07/12 08:51:43 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/07/12 08:48:41 | 000,000,863 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2012/07/11 19:19:27 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\DARRYL\Desktop\Internet.lnk
[2012/07/11 17:18:33 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/07/11 17:17:51 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/07/11 16:32:30 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/07/11 16:32:07 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/11 16:31:19 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\DARRYL\Application Data\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk
[2012/07/11 16:28:09 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Babylon.lnk
[2012/07/11 16:20:45 | 000,148,216 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/07/11 12:55:38 | 000,001,892 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2012/07/11 12:39:03 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mobile Broadband Manager.lnk
[2012/07/11 12:26:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/07/11 12:26:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2011/06/03 13:18:09 | 000,000,451 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2011/06/03 13:16:25 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\DARRYL\Local Settings\Application Data\fusioncache.dat
[2011/06/03 13:13:17 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2011/06/02 21:27:31 | 001,154,584 | ---- | C] () -- C:\WINDOWS\YTB.EXE
[2011/06/02 21:27:31 | 000,261,627 | ---- | C] () -- C:\WINDOWS\EMEAWG.EXE

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 19:38:20 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 19:38:20 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 19:38:20 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 19:38:20 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 19:38:20 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 19:38:20 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/05/02 21:46:36 | 000,139,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpwd.sys

< %systemroot%\System32\config\*.sav >
[2006/08/22 04:42:06 | 000,905,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
[2006/08/22 04:42:06 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006/08/22 04:42:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< %USERPROFILE%\AppData\Local\ /s >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\Application Data /s >

< %PROGRAMFILES%\*. >
[2006/08/22 04:43:14 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2006/08/22 04:50:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2006/08/22 04:50:42 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2006/08/22 04:50:58 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/08/22 04:50:58 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2006/08/22 04:51:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/08/22 04:51:10 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2006/08/22 04:51:26 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2006/08/22 04:52:06 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2006/08/22 04:52:10 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2006/08/22 04:52:10 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2006/08/22 04:52:16 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2006/08/22 04:52:48 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2006/08/22 04:54:40 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2006/08/22 04:54:40 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2006/08/22 05:00:40 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2006/08/22 05:05:38 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2006/08/22 05:06:10 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2006/08/22 05:06:12 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006/08/22 05:06:48 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2006/08/22 05:09:48 | 000,000,000 | ---D | M] -- C:\Program Files\Acer Inc
[2006/08/22 05:10:42 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2006/08/22 05:11:52 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2006/08/22 05:14:44 | 000,000,000 | ---D | M] -- C:\Program Files\NewTech Infosystems
[2011/06/03 13:10:42 | 000,000,000 | ---D | M] -- C:\Program Files\Launch Manager
[2011/06/03 13:13:18 | 000,000,000 | ---D | M] -- C:\Program Files\WinPCap
[2011/06/03 13:16:20 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2011/06/03 09:02:24 | 000,000,000 | ---D | M] -- C:\Program Files\Unlocker
[2011/06/03 09:11:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/06/03 09:12:54 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/06/03 09:13:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2011/06/03 09:13:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2011/06/03 09:33:04 | 000,000,000 | ---D | M] -- C:\Program Files\Glary Utilities
[2011/06/03 09:33:14 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2011/06/03 09:41:32 | 000,000,000 | ---D | M] -- C:\Program Files\TechSmith
[2011/06/03 19:56:08 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2011/06/04 13:49:22 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2012/07/11 12:29:50 | 000,000,000 | ---D | M] -- C:\Program Files\Sierra Wireless Inc
[2012/07/11 12:38:28 | 000,000,000 | ---D | M] -- C:\Program Files\Telstra
[2012/07/11 12:55:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Download Manager
[2012/07/11 16:20:16 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2012/07/11 16:20:22 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2012/07/11 16:28:18 | 000,000,000 | ---D | M] -- C:\Program Files\Wajam
[2012/07/11 16:31:10 | 000,000,000 | ---D | M] -- C:\Program Files\Babylon
[2012/07/11 16:31:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Client
[2012/07/12 08:48:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender

< %appdata%\*.* >
[2006/08/22 04:42:58 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\DARRYL\Application Data\desktop.ini

< MD5 for: AFD.SYS >
[2011/08/17 21:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\SP3GDR\afd.sys
[2011/08/17 21:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011/08/17 21:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/14 03:19:24 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2008/04/14 03:19:24 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2008/10/16 23:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/08/14 18:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008/08/14 17:51:44 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2004/08/04 05:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB956803_0$\afd.sys
[2008/08/14 17:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys
[2008/10/16 22:43:02 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008/08/14 18:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys
[2008/08/14 18:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2008/06/20 19:48:04 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2011/08/17 21:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
[2011/08/17 21:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\SP3QFE\afd.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2011/06/05 09:24:54 | 023,852,652 | ---- | M] () .cab file -- C:\i386\sp3.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011/06/05 09:24:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2004/08/04 05:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008/04/14 08:11:52 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008/04/14 08:11:52 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2008/04/14 08:11:52 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=474B4DC3983173E4B4C9740B0DAC98A6 -- C:\WINDOWS\$NtUninstallKB2509553$\dnsrslvr.dll
[2008/04/14 08:11:52 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=474B4DC3983173E4B4C9740B0DAC98A6 -- C:\WINDOWS\ServicePackFiles\i386\dnsrslvr.dll
[2009/04/21 01:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=5F7E24FA9EAB896051FFB87F840730D2 -- C:\WINDOWS\system32\dllcache\dnsrslvr.dll
[2009/04/21 01:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=5F7E24FA9EAB896051FFB87F840730D2 -- C:\WINDOWS\system32\dnsrslvr.dll
[2004/08/04 05:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=7379DE06FD196E396A00AA97B990C00D -- C:\WINDOWS\$NtServicePackUninstall$\dnsrslvr.dll
[2009/04/21 01:06:44 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=D977659AE4D8ECE5286D99D1ED34614D -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\dnsrslvr.dll

< MD5 for: ES.DLL >
[2008/04/14 08:11:54 | 000,246,272 | ---- | M] (Microsoft Corporation) MD5=19A799805B24990867B00C120D300C3A -- C:\WINDOWS\$NtUninstallKB950974$\es.dll
[2008/04/14 08:11:54 | 000,246,272 | ---- | M] (Microsoft Corporation) MD5=19A799805B24990867B00C120D300C3A -- C:\WINDOWS\ServicePackFiles\i386\es.dll
[2004/08/04 05:00:00 | 000,243,200 | ---- | M] (Microsoft Corporation) MD5=ACD36A2DD7D1E9D8A060AA651DC07E63 -- C:\WINDOWS\$NtServicePackUninstall$\es.dll
[2008/07/08 04:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\system32\dllcache\es.dll
[2008/07/08 04:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\system32\es.dll
[2008/07/08 04:23:18 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=F17F6226BDC0CD5F0BEF0DAF84D29BEC -- C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 08:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 08:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2004/08/04 05:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=36CC8C01B5E50163037BEF56CB96DEFF -- C:\WINDOWS\$NtServicePackUninstall$\ipnathlp.dll
[2008/04/14 08:11:56 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\WINDOWS\ServicePackFiles\i386\ipnathlp.dll
[2008/04/14 08:11:56 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\WINDOWS\system32\ipnathlp.dll

< MD5 for: IPSEC.SYS >
[2008/04/14 03:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008/04/14 03:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2004/08/04 05:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys

< MD5 for: NETBT.SYS >
[2004/08/04 05:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2008/04/14 03:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2008/04/14 03:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys

< MD5 for: NETMAN.DLL >
[2008/04/14 08:12:02 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\ServicePackFiles\i386\netman.dll
[2008/04/14 08:12:02 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\system32\netman.dll
[2004/08/04 05:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=DAB9E6C7105D2EF49876FE92C524F565 -- C:\WINDOWS\$NtServicePackUninstall$\netman.dll

< MD5 for: QMGR.DLL >
[2004/08/04 05:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/14 08:12:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/14 08:12:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/14 08:12:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: RPCSS.DLL >
[2009/02/09 18:01:54 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=24B5D53B9ACCC1E2EDCF0A878D6659D4 -- C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll
[2008/04/14 08:12:04 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll
[2008/04/14 08:12:04 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
[2004/08/04 05:00:00 | 000,395,776 | ---- | M] (Microsoft Corporation) MD5=5C83A4408604F737717AB96371201680 -- C:\WINDOWS\$NtUninstallKB956572_0$\rpcss.dll
[2009/02/09 20:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[2009/02/09 20:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\dllcache\rpcss.dll
[2009/02/09 20:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\rpcss.dll
[2009/02/09 18:56:36 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=9222562D44021B988B9F9F62207FB6F2 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll

< MD5 for: SERVICES.EXE >
[2009/02/06 19:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 08:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/14 08:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 18:22:22 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 19:11:06 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 19:11:06 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 19:11:06 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 05:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe

< MD5 for: SR.SYS >
[2008/04/14 02:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS\ServicePackFiles\i386\sr.sys
[2008/04/14 02:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS\system32\drivers\sr.sys
[2004/08/04 05:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=E41B6D037D6CD08461470AF04500DC24 -- C:\WINDOWS\$NtServicePackUninstall$\sr.sys

< MD5 for: SRSVC.DLL >
[2008/04/14 08:12:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/14 08:12:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/04 05:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/14 08:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 08:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008/04/14 03:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008/04/14 03:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/06/20 19:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 19:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004/08/04 05:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008/06/20 19:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008/06/20 19:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 08:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 08:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/14 02:41:02 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/14 02:41:02 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2004/08/04 05:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 08:12:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 08:12:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WMISVC.DLL >
[2008/04/14 08:12:10 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=2D0E4ED081963804CCC196A0929275B5 -- C:\WINDOWS\ServicePackFiles\i386\wmisvc.dll
[2008/04/14 08:12:10 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=2D0E4ED081963804CCC196A0929275B5 -- C:\WINDOWS\system32\wbem\wmisvc.dll
[2004/08/04 05:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=F399242A80C4066FD155EFA4CF96658E -- C:\WINDOWS\$NtServicePackUninstall$\wmisvc.dll

< MD5 for: WSCSVC.DLL >
[2004/08/04 05:00:00 | 000,081,408 | ---- | M] (Microsoft Corporation) MD5=4D59DAA66C60858CDF4F67A900F42D4A -- C:\WINDOWS\$NtServicePackUninstall$\wscsvc.dll
[2008/04/14 08:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\WINDOWS\ServicePackFiles\i386\wscsvc.dll
[2008/04/14 08:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\WINDOWS\system32\wscsvc.dll

< MD5 for: WUAUSERV.DLL >
[2004/08/04 05:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=13D72740963CBA12D9FF76A7F218BCD8 -- C:\WINDOWS\$NtServicePackUninstall$\wuauserv.dll
[2008/04/14 08:12:12 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- C:\WINDOWS\ServicePackFiles\i386\wuauserv.dll
[2008/04/14 08:12:12 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- C:\WINDOWS\system32\wuauserv.dll

< >

< End of report >

RonnieJo

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2012-07-12
Operating System : Windows XP

View user profile

Back to top Go down

Re: TrojanClicker: Win 32 Yabector.gen

Post by RonnieJo on Fri 20 Jul 2012, 9:18 pm

OTL Extras logfile created on: 12/07/2012 4:42:34 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\DARRYL\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1022.04 Mb Total Physical Memory | 434.57 Mb Available Physical Memory | 42.52% Memory free
2.40 Gb Paging File | 1.83 Gb Available in Paging File | 76.02% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.20 Gb Total Space | 40.49 Gb Free Space | 76.12% Space Free | Partition Type: FAT32
Drive D: | 53.69 Gb Total Space | 53.40 Gb Free Space | 99.47% Space Free | Partition Type: FAT32

Computer Name: ACER-FD6B6B72E3 | User Name: DARRYL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Documents and Settings\DARRYL\Local Settings\Temp\LMIR0002.tmp\lmi_rescue.exe" = C:\Documents and Settings\DARRYL\Local Settings\Temp\LMIR0002.tmp\lmi_rescue.exe:*:Disabled:LogMeIn Rescue
"C:\Documents and Settings\DARRYL\Local Settings\Temp\LMIR0001.tmp\lmi_rescue.exe" = C:\Documents and Settings\DARRYL\Local Settings\Temp\LMIR0001.tmp\lmi_rescue.exe:*:Disabled:LogMeIn Rescue
"C:\Program Files\Telstra\Mobile Broadband Manager\SwiApiMuxX.exe" = C:\Program Files\Telstra\Mobile Broadband Manager\SwiApiMuxX.exe:*:Enabled:SwiApiMuxX -- (Sierra Wireless, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4DA416AE-6D1C-40D6-BCA3-A65A59DD60FC}" = Acer eDataSecurity Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5AEB2D83-71F1-4C6F-BFA0-54FDEA0E4BBC}" = Telstra Mobile Broadband Manager
"{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B06B842F-2450-494F-BBDE-217CDC151A37}" = NTI Backup NOW! 4.5
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
"{DA0BF7AB-88EB-4675-8FA1-531EAD938821}" = SnagIt 8
"{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.26
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Babylon" = Babylon
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025007F" = HDAUDIO Soft Data Fax Modem with SmartCP
"ePresentation" = Acer ePresentation Management
"Glary Utilities_is1" = Glary Utilities 2.20.0.831
"GridVista" = Acer GridVista
"ie8" = Windows Internet Explorer 8
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"InstallShield_{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"LManager" = Launch Manager
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel(R) PROSet/Wireless Software
"PROPLUS" = Microsoft Office Professional Plus 2007
"Telstra Mobile Broadband Manager" = Telstra Mobile Broadband Manager
"Unlocker" = Unlocker 1.8.6
"Wajam" = Wajam
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/07/2012 12:50:06 AM | Computer Name = ACER-FD6B6B72E3 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/07/2012 12:50:06 AM | Computer Name = ACER-FD6B6B72E3 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The specified server cannot perform the requested operation.

Error - 11/07/2012 12:50:17 AM | Computer Name = ACER-FD6B6B72E3 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/07/2012 12:50:17 AM | Computer Name = ACER-FD6B6B72E3 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The specified server cannot perform the requested operation.

Error - 11/07/2012 12:50:17 AM | Computer Name = ACER-FD6B6B72E3 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/07/2012 12:50:17 AM | Computer Name = ACER-FD6B6B72E3 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The specified server cannot perform the requested operation.

Error - 11/07/2012 12:50:17 AM | Computer Name = ACER-FD6B6B72E3 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/07/2012 12:50:17 AM | Computer Name = ACER-FD6B6B72E3 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The specified server cannot perform the requested operation.

Error - 11/07/2012 12:50:17 AM | Computer Name = ACER-FD6B6B72E3 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/07/2012 12:50:17 AM | Computer Name = ACER-FD6B6B72E3 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The specified server cannot perform the requested operation.

[ System Events ]
Error - 3/06/2011 8:52:57 PM | Computer Name = ACER-FD6B6B72E3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 3/06/2011 8:53:00 PM | Computer Name = ACER-FD6B6B72E3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 3/06/2011 8:53:08 PM | Computer Name = ACER-FD6B6B72E3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/06/2011 8:53:46 PM | Computer Name = ACER-FD6B6B72E3 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 3/06/2011 8:53:46 PM | Computer Name = ACER-FD6B6B72E3 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 3/06/2011 8:53:46 PM | Computer Name = ACER-FD6B6B72E3 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 3/06/2011 8:53:46 PM | Computer Name = ACER-FD6B6B72E3 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 3/06/2011 8:53:46 PM | Computer Name = ACER-FD6B6B72E3 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m AFD agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc
asc3350p
asc3550
Avgldx86
Avgmfx86
Avgtdix
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
Fips
hpn
i2omp
ini910u
IntelIde
intelppm
IPSec
mraid35x
MRxSmb
NetBIOS
NetBT
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
RasAcd
Rdbss
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
Tcpip
TosIde
ultra
viaagp
ViaIde

Error - 3/06/2011 8:55:53 PM | Computer Name = ACER-FD6B6B72E3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/06/2011 1:52:46 AM | Computer Name = ACER-FD6B6B72E3 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80246007: Security Update for Windows Media Format Runtime 9, 9.5
& 11 for Windows XP SP 2 (KB954155).


< End of report >

RonnieJo

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2012-07-12
Operating System : Windows XP

View user profile

Back to top Go down

Re: TrojanClicker: Win 32 Yabector.gen

Post by RonnieJo on Fri 20 Jul 2012, 9:38 pm

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-12 17:21:47
-----------------------------
17:21:47.437 OS Version: Windows 5.1.2600 Service Pack 3
17:21:47.437 Number of processors: 2 586 0xE0C
17:21:47.437 ComputerName: ACER-FD6B6B72E3 UserName: DARRYL
17:21:48.125 Initialize success
17:22:19.093 AVAST engine download error: 0
17:22:32.906 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:22:32.906 Disk 0 Vendor: TOSHIBA_MK1234GSX AH001J Size: 114473MB BusType: 3
17:22:32.937 Disk 0 MBR read successfully
17:22:32.937 Disk 0 MBR scan
17:22:32.937 Disk 0 unknown MBR code
17:22:32.953 Disk 0 Partition 1 00 12 Compaq diag MSWIN4.1 4996 MB offset 63
17:22:32.968 Disk 0 Partition 2 80 (A) 0B FAT32 MSWIN4.1 54486 MB offset 10233405
17:22:33.015 Disk 0 Partition 3 00 0C FAT32 LBA MSWIN4.1 54988 MB offset 121820895
17:22:33.046 Disk 0 scanning sectors +234436545
17:22:33.140 Disk 0 scanning C:\WINDOWS\system32\drivers
17:22:38.796 Service scanning
17:22:43.203 Service MpKsl532fe94f C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1768BD45-3A63-4B8D-AB76-CC702D8238BC}\MpKsl532fe94f.sys **LOCKED** 32
17:22:48.359 Modules scanning
17:22:53.578 Disk 0 trace - called modules:
17:22:53.625 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:22:53.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f06238]
17:22:53.640 3 CLASSPNP.SYS[f7632fd7] -> nt!IofCallDriver -> \Device\000000b1[0x86f4f9e8]
17:22:53.656 5 ACPI.sys[f7429620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f43940]
17:22:53.671 Scan finished successfully
17:23:31.437 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\DARRYL\Desktop\MBR.dat"
17:23:31.484 The log file has been saved successfully to "C:\Documents and Settings\DARRYL\Desktop\aswMBR log.txt"


Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Please wait while WMIC is being installed.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
M
i
c
r
o
s
o
f
t
ECHO is off.
S
e
c
u
r
i
t
y
ECHO is off.
E
s
e
n
t
i
a
l
s
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Windows Defender
Adobe Reader X 10.0.1 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Windows Defender MSMpEng.exe
Windows Defender MSASCui.exe
Windows Defender MsMpEng.exe
Windows Defender MSASCui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 8%
````````````````````End of Log``````````````````````

RonnieJo

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2012-07-12
Operating System : Windows XP

View user profile

Back to top Go down

Re: TrojanClicker: Win 32 Yabector.gen

Post by houndmom on Sat 21 Jul 2012, 10:54 am

Hello again.
I see you have ask.com and ask toolbar on your computer.
You have a program on in your program list known to be adware.
It would be a good idea to remove Ask.com and Ask Toolbar from your program list. .
To do this, Go to Control Panel>>Add/Remove Programs.


Let's run the following scans
Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.





  • If an infected file is detected, the default action will be Cure, click on Continue.



  • If a suspicious file is detected, the default action will be Skip, click on Continue.





  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents the report here.


Then

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\combofix.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


houndmom

Tech Advisor
Tech Advisor

Posts : 1053
Joined : 2010-04-28
Operating System : 7 ultimate

View user profile

Back to top Go down

Re: TrojanClicker: Win 32 Yabector.gen

Post by RonnieJo on Sat 21 Jul 2012, 12:56 pm

Hi Houndmom, TDDSK09:46:13.0593 2796 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
09:46:14.0593 2796 ============================================================
09:46:14.0593 2796 Current date / time: 2012/07/21 09:46:14.0593
09:46:14.0593 2796 SystemInfo:
09:46:14.0593 2796
09:46:14.0593 2796 OS Version: 5.1.2600 ServicePack: 3.0
09:46:14.0593 2796 Product type: Workstation
09:46:14.0593 2796 ComputerName: ACER-FD6B6B72E3
09:46:14.0593 2796 UserName: DARRYL
09:46:14.0593 2796 Windows directory: C:\WINDOWS
09:46:14.0593 2796 System windows directory: C:\WINDOWS
09:46:14.0593 2796 Processor architecture: Intel x86
09:46:14.0593 2796 Number of processors: 2
09:46:14.0593 2796 Page size: 0x1000
09:46:14.0593 2796 Boot type: Normal boot
09:46:14.0593 2796 ============================================================
09:46:18.0156 2796 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:46:18.0156 2796 ============================================================
09:46:18.0156 2796 \Device\Harddisk0\DR0:
09:46:18.0156 2796 MBR partitions:
09:46:18.0156 2796 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xB, StartLBA 0x9C263D, BlocksNum 0x6A6B0A2
09:46:18.0156 2796 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x742D6DF, BlocksNum 0x6B660E2
09:46:18.0156 2796 ============================================================
09:46:18.0171 2796 C: <-> \Device\Harddisk0\DR0\Partition0
09:46:18.0187 2796 D: <-> \Device\Harddisk0\DR0\Partition1
09:46:18.0187 2796 ============================================================
09:46:18.0187 2796 Initialize success
09:46:18.0187 2796 ============================================================
09:46:22.0671 4020 ============================================================
09:46:22.0671 4020 Scan started
09:46:22.0671 4020 Mode: Manual;
09:46:22.0671 4020 ============================================================
09:46:23.0828 4020 Abiosdsk - ok
09:46:23.0843 4020 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:46:23.0875 4020 abp480n5 - ok
09:46:23.0906 4020 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:46:23.0906 4020 ACPI - ok
09:46:23.0906 4020 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
09:46:23.0921 4020 ACPIEC - ok
09:46:23.0937 4020 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:46:23.0984 4020 adpu160m - ok
09:46:24.0031 4020 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:46:24.0093 4020 aec - ok
09:46:24.0125 4020 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
09:46:24.0140 4020 AegisP - ok
09:46:24.0187 4020 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:46:24.0203 4020 AFD - ok
09:46:24.0218 4020 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:46:24.0250 4020 agp440 - ok
09:46:24.0312 4020 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:46:24.0343 4020 agpCPQ - ok
09:46:24.0359 4020 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:46:24.0375 4020 Aha154x - ok
09:46:24.0390 4020 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:46:24.0421 4020 aic78u2 - ok
09:46:24.0437 4020 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:46:24.0468 4020 aic78xx - ok
09:46:24.0515 4020 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
09:46:24.0531 4020 Alerter - ok
09:46:24.0578 4020 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
09:46:24.0609 4020 ALG - ok
09:46:24.0609 4020 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
09:46:24.0625 4020 AliIde - ok
09:46:24.0640 4020 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:46:24.0671 4020 alim1541 - ok
09:46:24.0687 4020 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:46:24.0718 4020 amdagp - ok
09:46:24.0718 4020 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
09:46:24.0734 4020 amsint - ok
09:46:24.0781 4020 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
09:46:24.0796 4020 AppMgmt - ok
09:46:24.0828 4020 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:46:24.0875 4020 Arp1394 - ok
09:46:24.0906 4020 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
09:46:24.0921 4020 asc - ok
09:46:24.0937 4020 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:46:24.0953 4020 asc3350p - ok
09:46:24.0968 4020 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:46:24.0984 4020 asc3550 - ok
09:46:25.0062 4020 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:46:25.0078 4020 aspnet_state - ok
09:46:25.0093 4020 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:46:25.0109 4020 AsyncMac - ok
09:46:25.0125 4020 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:46:25.0125 4020 atapi - ok
09:46:25.0140 4020 Atdisk - ok
09:46:25.0171 4020 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:46:25.0218 4020 Atmarpc - ok
09:46:25.0328 4020 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
09:46:25.0359 4020 AudioSrv - ok
09:46:25.0375 4020 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:46:25.0390 4020 audstub - ok
09:46:25.0406 4020 AWService - ok
09:46:25.0421 4020 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
09:46:25.0453 4020 bcm4sbxp - ok
09:46:25.0468 4020 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:46:25.0500 4020 Beep - ok
09:46:25.0546 4020 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
09:46:25.0578 4020 BITS - ok
09:46:25.0625 4020 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
09:46:25.0656 4020 Browser - ok
09:46:25.0687 4020 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
09:46:25.0718 4020 BthEnum - ok
09:46:25.0750 4020 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
09:46:25.0765 4020 BthPan - ok
09:46:25.0812 4020 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
09:46:25.0843 4020 BTHPORT - ok
09:46:25.0875 4020 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
09:46:25.0906 4020 BthServ - ok
09:46:25.0953 4020 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
09:46:25.0968 4020 BTHUSB - ok
09:46:25.0984 4020 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:46:26.0015 4020 cbidf - ok
09:46:26.0015 4020 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:46:26.0015 4020 cbidf2k - ok
09:46:26.0031 4020 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:46:26.0046 4020 cd20xrnt - ok
09:46:26.0062 4020 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:46:26.0078 4020 Cdaudio - ok
09:46:26.0093 4020 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:46:26.0125 4020 Cdfs - ok
09:46:26.0156 4020 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:46:26.0203 4020 Cdrom - ok
09:46:26.0203 4020 Changer - ok
09:46:26.0250 4020 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
09:46:26.0281 4020 CiSvc - ok
09:46:26.0343 4020 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
09:46:26.0390 4020 ClipSrv - ok
09:46:26.0437 4020 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:46:26.0468 4020 clr_optimization_v2.0.50727_32 - ok
09:46:26.0484 4020 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:46:26.0500 4020 CmBatt - ok
09:46:26.0515 4020 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:46:26.0531 4020 CmdIde - ok
09:46:26.0531 4020 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:46:26.0546 4020 Compbatt - ok
09:46:26.0593 4020 COMSysApp - ok
09:46:26.0609 4020 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:46:26.0625 4020 Cpqarray - ok
09:46:26.0671 4020 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
09:46:26.0703 4020 CryptSvc - ok
09:46:26.0734 4020 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:46:26.0765 4020 dac2w2k - ok
09:46:26.0781 4020 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:46:26.0796 4020 dac960nt - ok
09:46:26.0859 4020 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:46:26.0875 4020 DcomLaunch - ok
09:46:26.0890 4020 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
09:46:26.0890 4020 Dhcp - ok
09:46:26.0906 4020 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:46:26.0937 4020 Disk - ok
09:46:26.0937 4020 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
09:46:26.0968 4020 DKbFltr - ok
09:46:27.0015 4020 dmadmin - ok
09:46:27.0078 4020 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:46:27.0140 4020 dmboot - ok
09:46:27.0156 4020 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:46:27.0187 4020 dmio - ok
09:46:27.0203 4020 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:46:27.0203 4020 dmload - ok
09:46:27.0250 4020 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
09:46:27.0265 4020 dmserver - ok
09:46:27.0281 4020 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:46:27.0312 4020 DMusic - ok
09:46:27.0328 4020 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
09:46:27.0359 4020 Dnscache - ok
09:46:27.0421 4020 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
09:46:27.0468 4020 Dot3svc - ok
09:46:27.0468 4020 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:46:27.0500 4020 dpti2o - ok
09:46:27.0515 4020 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:46:27.0531 4020 drmkaud - ok
09:46:27.0562 4020 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
09:46:27.0593 4020 EapHost - ok
09:46:27.0609 4020 EMSCR (5aee9eedcfbf2b0f9dec53c27ee722a3) C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
09:46:27.0656 4020 EMSCR - ok
09:46:27.0671 4020 EpmPsd (d68564fcfbdfc04280cdbbb37cf7ef7f) C:\WINDOWS\system32\drivers\epm-psd.sys
09:46:27.0687 4020 EpmPsd - ok
09:46:27.0703 4020 EpmShd (50425cbd80468bf53ba90f0d7cc61805) C:\WINDOWS\system32\drivers\epm-shd.sys
09:46:27.0718 4020 EpmShd - ok
09:46:27.0781 4020 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
09:46:27.0812 4020 ERSvc - ok
09:46:27.0812 4020 ESDCR (8e56ab21d10c368029cea57de47d79c2) C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
09:46:27.0843 4020 ESDCR - ok
09:46:27.0859 4020 ESMCR (0a58fade5e12d3a611427292073362cb) C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
09:46:27.0875 4020 ESMCR - ok
09:46:27.0937 4020 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:46:27.0984 4020 Eventlog - ok
09:46:28.0015 4020 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
09:46:28.0062 4020 EventSystem - ok
09:46:28.0140 4020 EvtEng (56ded3ade453272e6a0ad582d945d1a4) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
09:46:28.0187 4020 EvtEng - ok
09:46:28.0203 4020 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:46:28.0234 4020 Fastfat - ok
09:46:28.0265 4020 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:46:28.0296 4020 FastUserSwitchingCompatibility - ok
09:46:28.0375 4020 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
09:46:28.0421 4020 Fax - ok
09:46:28.0437 4020 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
09:46:28.0468 4020 Fdc - ok
09:46:28.0484 4020 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:46:28.0515 4020 Fips - ok
09:46:28.0515 4020 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
09:46:28.0546 4020 Flpydisk - ok
09:46:28.0562 4020 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:46:28.0593 4020 FltMgr - ok
09:46:28.0671 4020 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:46:28.0687 4020 FontCache3.0.0.0 - ok
09:46:28.0687 4020 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:46:28.0718 4020 Fs_Rec - ok
09:46:28.0734 4020 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:46:28.0765 4020 Ftdisk - ok
09:46:28.0781 4020 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:46:28.0812 4020 Gpc - ok
09:46:28.0843 4020 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:46:28.0843 4020 HDAudBus - ok
09:46:28.0906 4020 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:46:28.0921 4020 helpsvc - ok
09:46:28.0984 4020 HidServ - ok
09:46:29.0015 4020 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:46:29.0031 4020 HidUsb - ok
09:46:29.0093 4020 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
09:46:29.0140 4020 hkmsvc - ok
09:46:29.0140 4020 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
09:46:29.0171 4020 hpn - ok
09:46:29.0187 4020 HSFHWAZL (a902a7e76c245210eee9ef5185158e9c) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
09:46:29.0218 4020 HSFHWAZL - ok
09:46:29.0265 4020 HSF_DPV (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
09:46:29.0359 4020 HSF_DPV - ok
09:46:29.0500 4020 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:46:29.0500 4020 HTTP - ok
09:46:29.0531 4020 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
09:46:29.0531 4020 HTTPFilter - ok
09:46:29.0562 4020 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:46:29.0578 4020 i2omgmt - ok
09:46:29.0593 4020 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:46:29.0609 4020 i2omp - ok
09:46:29.0640 4020 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:46:29.0671 4020 i8042prt - ok
09:46:29.0750 4020 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:46:29.0812 4020 ialm - ok
09:46:29.0921 4020 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:46:30.0062 4020 idsvc - ok
09:46:30.0125 4020 IERA (9ae728273f7fac488c157939b1be51ba) C:\Program Files\Sierra Wireless Inc\IERA\IERA.exe
09:46:30.0187 4020 IERA - ok
09:46:30.0250 4020 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:46:30.0281 4020 Imapi - ok
09:46:30.0343 4020 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
09:46:30.0421 4020 ImapiService - ok
09:46:30.0437 4020 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:46:30.0453 4020 ini910u - ok
09:46:30.0468 4020 int15.sys - ok
09:46:30.0703 4020 IntcAzAudAddService (909d03b3b7fb7c830b74f74f4d0ea7ce) C:\WINDOWS\system32\drivers\RtkHDAud.sys
09:46:30.0875 4020 IntcAzAudAddService - ok
09:46:30.0984 4020 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:46:31.0000 4020 IntelIde - ok
09:46:31.0015 4020 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:46:31.0015 4020 intelppm - ok
09:46:31.0046 4020 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:46:31.0078 4020 Ip6Fw - ok
09:46:31.0109 4020 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:46:31.0125 4020 IpFilterDriver - ok
09:46:31.0171 4020 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:46:31.0218 4020 IpInIp - ok
09:46:31.0234 4020 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:46:31.0234 4020 IpNat - ok
09:46:31.0250 4020 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:46:31.0296 4020 IPSec - ok
09:46:31.0343 4020 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
09:46:31.0375 4020 irda - ok
09:46:31.0406 4020 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:46:31.0421 4020 IRENUM - ok
09:46:31.0500 4020 Irmon (49cc4533ce897cb2e93c1e84a818fde5) C:\WINDOWS\System32\irmon.dll
09:46:31.0531 4020 Irmon - ok
09:46:31.0562 4020 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:46:31.0593 4020 isapnp - ok
09:46:31.0625 4020 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:46:31.0640 4020 Kbdclass - ok
09:46:31.0671 4020 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:46:31.0671 4020 kmixer - ok
09:46:31.0687 4020 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:46:31.0734 4020 KSecDD - ok
09:46:31.0765 4020 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
09:46:31.0781 4020 lanmanserver - ok
09:46:31.0828 4020 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
09:46:31.0859 4020 lanmanworkstation - ok
09:46:31.0875 4020 lbrtfdc - ok
09:46:31.0937 4020 LightScribeService (86e8bcaa91fc2acfacd99cf2bf9f1f47) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
09:46:32.0031 4020 LightScribeService - ok
09:46:32.0046 4020 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
09:46:32.0062 4020 LmHosts - ok
09:46:32.0109 4020 massfilter (59f57b06d1e3c7a3f22d62c7c5b4c3c3) C:\WINDOWS\system32\drivers\massfilter.sys
09:46:32.0125 4020 massfilter - ok
09:46:32.0140 4020 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:46:32.0171 4020 mdmxsdk - ok
09:46:32.0218 4020 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
09:46:32.0250 4020 Messenger - ok
09:46:32.0265 4020 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:46:32.0281 4020 mnmdd - ok
09:46:32.0312 4020 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
09:46:32.0390 4020 mnmsrvc - ok
09:46:32.0406 4020 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:46:32.0406 4020 Modem - ok
09:46:32.0437 4020 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:46:32.0468 4020 Mouclass - ok
09:46:32.0484 4020 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:46:32.0500 4020 mouhid - ok
09:46:32.0531 4020 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:46:32.0562 4020 MountMgr - ok
09:46:32.0578 4020 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
09:46:32.0609 4020 MpFilter - ok
09:46:32.0734 4020 MpKsl7d315408 (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85616E90-85BF-4B2A-942E-4386B1E727F5}\MpKsl7d315408.sys
09:46:32.0734 4020 MpKsl7d315408 - ok
09:46:32.0750 4020 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:46:32.0765 4020 mraid35x - ok
09:46:32.0796 4020 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:46:32.0812 4020 MRxDAV - ok
09:46:32.0859 4020 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:46:32.0921 4020 MRxSmb - ok
09:46:33.0000 4020 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
09:46:33.0015 4020 MSDTC - ok
09:46:33.0046 4020 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:46:33.0125 4020 Msfs - ok
09:46:33.0187 4020 MSIServer - ok
09:46:33.0203 4020 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:46:33.0234 4020 MSKSSRV - ok
09:46:33.0296 4020 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
09:46:33.0312 4020 MsMpSvc - ok
09:46:33.0328 4020 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:46:33.0343 4020 MSPCLOCK - ok
09:46:33.0359 4020 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:46:33.0375 4020 MSPQM - ok
09:46:33.0390 4020 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:46:33.0390 4020 mssmbios - ok
09:46:33.0406 4020 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:46:33.0437 4020 Mup - ok
09:46:33.0515 4020 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
09:46:33.0578 4020 napagent - ok
09:46:33.0609 4020 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:46:33.0656 4020 NDIS - ok
09:46:33.0687 4020 NdisFilt (1f76996253071cbae0a5ab5d8551ef88) C:\WINDOWS\system32\Drivers\NdisFilt.sys
09:46:33.0703 4020 NdisFilt - ok
09:46:33.0718 4020 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:46:33.0734 4020 NdisTapi - ok
09:46:33.0750 4020 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:46:33.0781 4020 Ndisuio - ok
09:46:33.0796 4020 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:46:33.0843 4020 NdisWan - ok
09:46:33.0859 4020 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:46:33.0875 4020 NDProxy - ok
09:46:33.0906 4020 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:46:33.0937 4020 NetBIOS - ok
09:46:33.0968 4020 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:46:34.0000 4020 NetBT - ok
09:46:34.0062 4020 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:46:34.0140 4020 NetDDE - ok
09:46:34.0156 4020 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:46:34.0156 4020 NetDDEdsdm - ok
09:46:34.0187 4020 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:46:34.0218 4020 Netlogon - ok
09:46:34.0250 4020 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
09:46:34.0250 4020 Netman - ok
09:46:34.0281 4020 NETMNT (6a25f27202f3122a44a6b74ee46e7a76) C:\WINDOWS\system32\DRIVERS\NETMNT.sys
09:46:34.0312 4020 NETMNT - ok
09:46:34.0390 4020 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:46:34.0421 4020 NetTcpPortSharing - ok
09:46:34.0437 4020 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:46:34.0484 4020 NIC1394 - ok
09:46:34.0531 4020 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
09:46:34.0531 4020 Nla - ok
09:46:34.0578 4020 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys
09:46:34.0593 4020 NPF - ok
09:46:34.0609 4020 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:46:34.0640 4020 Npfs - ok
09:46:34.0718 4020 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:46:34.0765 4020 Ntfs - ok
09:46:34.0781 4020 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
09:46:34.0796 4020 NTIDrvr - ok
09:46:34.0828 4020 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:46:34.0828 4020 NtLmSsp - ok
09:46:34.0921 4020 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
09:46:34.0984 4020 NtmsSvc - ok
09:46:34.0984 4020 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:46:35.0000 4020 Null - ok
09:46:35.0281 4020 nv (59e5d945934ec2e7eaa22af81813dabf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:46:35.0468 4020 nv - ok
09:46:35.0640 4020 NVSvc (6d88c26bf33d2b8404f01cecbdd47d3a) C:\WINDOWS\system32\nvsvc32.exe
09:46:35.0703 4020 NVSvc - ok
09:46:35.0734 4020 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:46:35.0750 4020 NwlnkFlt - ok
09:46:35.0765 4020 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:46:35.0796 4020 NwlnkFwd - ok
09:46:35.0906 4020 odserv (e54aa592a65f317390eee386a8821692) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:46:36.0000 4020 odserv - ok
09:46:36.0031 4020 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:46:36.0062 4020 ohci1394 - ok
09:46:36.0078 4020 OsaFsLoc (26c4a4b64d1dd8e6fdfb2f4897be029c) C:\WINDOWS\system32\drivers\OsaFsLoc.sys
09:46:36.0109 4020 OsaFsLoc - ok
09:46:36.0140 4020 osaio (9d1177c2a8de936b33d85ff75e8cbf1a) C:\WINDOWS\system32\drivers\osaio.sys
09:46:36.0156 4020 osaio - ok
09:46:36.0187 4020 osanbm (3245bee5176697faf0744a2e1288dc77) C:\WINDOWS\system32\drivers\osanbm.sys
09:46:36.0203 4020 osanbm - ok
09:46:36.0234 4020 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:46:36.0296 4020 ose - ok
09:46:36.0328 4020 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
09:46:36.0390 4020 Parport - ok
09:46:36.0390 4020 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:46:36.0406 4020 PartMgr - ok
09:46:36.0437 4020 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:46:36.0453 4020 ParVdm - ok
09:46:36.0500 4020 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
09:46:36.0531 4020 PCASp50 - ok
09:46:36.0546 4020 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:46:36.0578 4020 PCI - ok
09:46:36.0593 4020 PCIDump - ok
09:46:36.0609 4020 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:46:36.0625 4020 PCIIde - ok
09:46:36.0640 4020 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
09:46:36.0671 4020 Pcmcia - ok
09:46:36.0671 4020 PDCOMP - ok
09:46:36.0687 4020 PDFRAME - ok
09:46:36.0703 4020 PDRELI - ok
09:46:36.0703 4020 PDRFRAME - ok
09:46:36.0718 4020 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
09:46:36.0750 4020 perc2 - ok
09:46:36.0750 4020 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:46:36.0765 4020 perc2hib - ok
09:46:36.0828 4020 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:46:36.0843 4020 PlugPlay - ok
09:46:36.0859 4020 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:46:36.0859 4020 PolicyAgent - ok
09:46:36.0890 4020 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:46:36.0921 4020 PptpMiniport - ok
09:46:36.0937 4020 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:46:36.0937 4020 ProtectedStorage - ok
09:46:36.0953 4020 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:46:37.0000 4020 PSched - ok
09:46:37.0000 4020 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:46:37.0031 4020 Ptilink - ok
09:46:37.0046 4020 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:46:37.0062 4020 ql1080 - ok
09:46:37.0062 4020 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:46:37.0093 4020 Ql10wnt - ok
09:46:37.0093 4020 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:46:37.0109 4020 ql12160 - ok
09:46:37.0125 4020 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:46:37.0140 4020 ql1240 - ok
09:46:37.0156 4020 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:46:37.0187 4020 ql1280 - ok
09:46:37.0203 4020 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:46:37.0218 4020 RasAcd - ok
09:46:37.0234 4020 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
09:46:37.0265 4020 RasAuto - ok
09:46:37.0281 4020 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
09:46:37.0312 4020 Rasirda - ok
09:46:37.0312 4020 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:46:37.0343 4020 Rasl2tp - ok
09:46:37.0390 4020 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
09:46:37.0437 4020 RasMan - ok
09:46:37.0437 4020 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:46:37.0468 4020 RasPppoe - ok
09:46:37.0484 4020 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:46:37.0515 4020 Raspti - ok
09:46:37.0531 4020 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:46:37.0562 4020 Rdbss - ok
09:46:37.0562 4020 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:46:37.0578 4020 RDPCDD - ok
09:46:37.0609 4020 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:46:37.0625 4020 rdpdr - ok
09:46:37.0671 4020 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
09:46:37.0750 4020 RDPWD - ok
09:46:37.0812 4020 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
09:46:37.0890 4020 RDSessMgr - ok
09:46:37.0906 4020 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:46:37.0937 4020 redbook - ok
09:46:38.0046 4020 RegSrvc (1b2857ef12d79a9f9adba14b0637cbf8) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
09:46:38.0125 4020 RegSrvc - ok
09:46:38.0203 4020 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
09:46:38.0234 4020 RemoteAccess - ok
09:46:38.0265 4020 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
09:46:38.0281 4020 RemoteRegistry - ok
09:46:38.0328 4020 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
09:46:38.0375 4020 RFCOMM - ok
09:46:38.0390 4020 rpcapd (67c607857ccd6ebffe768dad5b2ca239) C:\Program Files\WinPcap\rpcapd.exe
09:46:38.0437 4020 rpcapd - ok
09:46:38.0484 4020 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
09:46:38.0531 4020 RpcLocator - ok
09:46:38.0609 4020 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:46:38.0609 4020 RpcSs - ok
09:46:38.0656 4020 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
09:46:38.0703 4020 RSVP - ok
09:46:38.0765 4020 S24EventMonitor (6c5155cc0e805c7be6028bff7ac14524) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
09:46:40.0687 4020 S24EventMonitor - ok
09:46:40.0703 4020 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
09:46:40.0734 4020 s24trans - ok
09:46:40.0765 4020 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:46:40.0765 4020 SamSs - ok
09:46:40.0828 4020 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
09:46:40.0875 4020 SCardSvr - ok
09:46:40.0921 4020 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
09:46:40.0968 4020 Schedule - ok
09:46:41.0000 4020 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
09:46:41.0031 4020 sdbus - ok
09:46:41.0062 4020 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:46:41.0078 4020 Secdrv - ok
09:46:41.0125 4020 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
09:46:41.0156 4020 seclogon - ok
09:46:41.0187 4020 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
09:46:41.0187 4020 SENS - ok
09:46:41.0203 4020 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
09:46:41.0281 4020 Serial - ok
09:46:41.0312 4020 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:46:41.0328 4020 Sfloppy - ok
09:46:41.0375 4020 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
09:46:41.0421 4020 SharedAccess - ok
09:46:41.0453 4020 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:46:41.0453 4020 ShellHWDetection - ok
09:46:41.0468 4020 Simbad - ok
09:46:41.0484 4020 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:46:41.0515 4020 sisagp - ok
09:46:41.0562 4020 SMCIRDA (a8eb0aa07632a4c936ff6f8eda5bdead) C:\WINDOWS\system32\DRIVERS\smcirda.sys
09:46:41.0578 4020 SMCIRDA - ok
09:46:41.0593 4020 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:46:41.0609 4020 Sparrow - ok
09:46:41.0640 4020 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:46:41.0656 4020 splitter - ok
09:46:41.0687 4020 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:46:41.0718 4020 Spooler - ok
09:46:41.0734 4020 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:46:41.0781 4020 sr - ok
09:46:41.0812 4020 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
09:46:41.0843 4020 srservice - ok
09:46:41.0875 4020 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:46:41.0906 4020 Srv - ok
09:46:41.0968 4020 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
09:46:42.0000 4020 SSDPSRV - ok
09:46:42.0062 4020 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
09:46:42.0125 4020 stisvc - ok
09:46:42.0156 4020 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:46:42.0171 4020 swenum - ok
09:46:42.0265 4020 SwiCardDetectSvc (bc5928341e04f472cc9759a1d965e184) C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
09:46:42.0375 4020 SwiCardDetectSvc - ok
09:46:42.0406 4020 swiwdmbus (ebeee5b1ecad1dad0babc60f82cb96cf) C:\WINDOWS\system32\DRIVERS\swiwdmbus.sys
09:46:42.0437 4020 swiwdmbus - ok
09:46:42.0453 4020 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:46:42.0484 4020 swmidi - ok
09:46:42.0515 4020 SWNC8UA3 (d1ad925dac20520d019281d03334f50b) C:\WINDOWS\system32\DRIVERS\swnc8ua3.sys
09:46:42.0531 4020 SWNC8UA3 - ok
09:46:42.0609 4020 SwPrv - ok
09:46:42.0640 4020 SWUMXA3 (acc595933992488b5de0a5ae17019f75) C:\WINDOWS\system32\DRIVERS\swumxa3.sys
09:46:42.0671 4020 SWUMXA3 - ok
09:46:42.0687 4020 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
09:46:42.0703 4020 symc810 - ok
09:46:42.0718 4020 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:46:42.0734 4020 symc8xx - ok
09:46:42.0750 4020 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:46:42.0765 4020 sym_hi - ok
09:46:42.0781 4020 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:46:42.0796 4020 sym_u3 - ok
09:46:42.0812 4020 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:46:42.0859 4020 sysaudio - ok
09:46:42.0921 4020 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
09:46:42.0984 4020 SysmonLog - ok
09:46:43.0031 4020 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
09:46:43.0078 4020 TapiSrv - ok
09:46:43.0109 4020 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:46:43.0156 4020 Tcpip - ok
09:46:43.0187 4020 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:46:43.0203 4020 TDPIPE - ok
09:46:43.0218 4020 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:46:43.0234 4020 TDTCP - ok
09:46:43.0250 4020 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:46:43.0281 4020 TermDD - ok
09:46:43.0359 4020 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
09:46:43.0390 4020 TermService - ok
09:46:43.0437 4020 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:46:43.0437 4020 Themes - ok
09:46:43.0484 4020 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
09:46:43.0531 4020 TlntSvr - ok
09:46:43.0546 4020 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
09:46:43.0562 4020 TosIde - ok
09:46:43.0593 4020 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
09:46:43.0625 4020 TrkWks - ok
09:46:43.0640 4020 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
09:46:43.0656 4020 UBHelper - ok
09:46:43.0671 4020 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:46:43.0718 4020 Udfs - ok
09:46:43.0734 4020 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
09:46:43.0750 4020 ultra - ok
09:46:43.0828 4020 UnlockerDriver5 (0f8c01ec10588c0bd2e319df3d4c04fc) C:\Program Files\Unlocker\UnlockerDriver5.sys
09:46:43.0843 4020 UnlockerDriver5 - ok
09:46:43.0890 4020 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:46:43.0906 4020 Update - ok
09:46:43.0984 4020 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
09:46:44.0015 4020 upnphost - ok
09:46:44.0078 4020 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
09:46:44.0140 4020 UPS - ok
09:46:44.0171 4020 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:46:44.0187 4020 usbehci - ok
09:46:44.0218 4020 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:46:44.0265 4020 usbhub - ok
09:46:44.0281 4020 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:46:44.0312 4020 USBSTOR - ok
09:46:44.0328 4020 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:46:44.0343 4020 usbuhci - ok
09:46:44.0359 4020 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:46:44.0375 4020 VgaSave - ok
09:46:44.0390 4020 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:46:44.0437 4020 viaagp - ok
09:46:44.0437 4020 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
09:46:44.0453 4020 ViaIde - ok
09:46:44.0468 4020 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:46:44.0500 4020 VolSnap - ok
09:46:44.0562 4020 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
09:46:44.0609 4020 VSS - ok
09:46:44.0640 4020 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
09:46:44.0671 4020 W32Time - ok
09:46:44.0812 4020 w39n51 (c79918a5bd269035f3a34d157401b9df) C:\WINDOWS\system32\DRIVERS\w39n51.sys
09:46:44.0828 4020 w39n51 - ok
09:46:44.0953 4020 WajamUpdater (4aa2cc5979aff984227364f2c23b04f3) C:\Program Files\Wajam\Updater\WajamUpdater.exe
09:46:45.0000 4020 WajamUpdater - ok
09:46:45.0015 4020 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:46:45.0046 4020 Wanarp - ok
09:46:45.0046 4020 WDICA - ok
09:46:45.0109 4020 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:46:45.0140 4020 wdmaud - ok
09:46:45.0468 4020 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
09:46:45.0500 4020 WebClient - ok
09:46:45.0562 4020 winachsf (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:46:45.0593 4020 winachsf - ok
09:46:45.0640 4020 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe
09:46:45.0656 4020 WinDefend - ok
09:46:45.0703 4020 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:46:45.0750 4020 winmgmt - ok
09:46:45.0812 4020 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
09:46:45.0843 4020 WmdmPmSN - ok
09:46:45.0906 4020 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
09:46:45.0906 4020 Wmi - ok
09:46:45.0921 4020 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
09:46:45.0937 4020 WmiAcpi - ok
09:46:45.0984 4020 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:46:46.0062 4020 WmiApSrv - ok
09:46:46.0093 4020 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
09:46:46.0140 4020 wscsvc - ok
09:46:46.0218 4020 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
09:46:46.0218 4020 wuauserv - ok
09:46:46.0296 4020 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
09:46:46.0296 4020 WZCSVC - ok
09:46:46.0375 4020 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
09:46:46.0406 4020 xmlprov - ok
09:46:46.0453 4020 MBR (0x1B8) (99852d5c3a78447c3d6d82b6155fe848) \Device\Harddisk0\DR0
09:46:49.0765 4020 \Device\Harddisk0\DR0 - ok
09:46:49.0765 4020 Boot (0x1200) (7756b1b70cece02eb83134478866e973) \Device\Harddisk0\DR0\Partition0
09:46:49.0765 4020 \Device\Harddisk0\DR0\Partition0 - ok
09:46:49.0796 4020 Boot (0x1200) (c1702c837e734e719d4ee5a13b4e4251) \Device\Harddisk0\DR0\Partition1
09:46:49.0796 4020 \Device\Harddisk0\DR0\Partition1 - ok
09:46:49.0796 4020 ============================================================
09:46:49.0796 4020 Scan finished
09:46:49.0796 4020 ============================================================
09:46:49.0812 2392 Detected object count: 0
09:46:49.0812 2392 Actual detected object count: 0

RonnieJo

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2012-07-12
Operating System : Windows XP

View user profile

Back to top Go down

Re: TrojanClicker: Win 32 Yabector.gen

Post by houndmom on Sun 22 Jul 2012, 1:03 am

Did you run combofix? I also need to see those results.
Thanks

houndmom

Tech Advisor
Tech Advisor

Posts : 1053
Joined : 2010-04-28
Operating System : 7 ultimate

View user profile

Back to top Go down

Re: TrojanClicker: Win 32 Yabector.gen

Post by Sponsored content Today at 11:29 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum