Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Error 10050


  • This topic is locked This topic is locked
14 replies to this topic

#1 judicator

judicator

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 30 March 2012 - 04:59 PM

Hi all,

i recently got an infection (crypt.aqlw + generic26.bhlg + stuff) that i probably luckily got rid of using avast boot scan.

the miserable thing is, that i am not able to go online any more.

i figured out, that it is somehow connected to the windows firewall which i can not start.
when i try to start it, it states that the Internet Connection Sharing service can not be started: not even manually... i keep receiving the mentioned error code 10050.

i read through half the internet, but was not able to sort the issue out.

would be really glad to receive any help...

tx in advance!

Edited by hamluis, 30 March 2012 - 05:48 PM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:03 AM

Posted 30 March 2012 - 08:00 PM

Hello,let's see if we can find it.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Edited by boopme, 30 March 2012 - 08:01 PM.

How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#3 judicator

judicator
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 01 April 2012 - 01:02 AM

Hi,

thanks for the response!
(I thought, the virus is gone, but AVG reported afd.sys as infected --> Although it won't do anything with it. Can you pls comment on it as well? Tx!)

I ran the tool, the log is here:

Farbar Service Scanner Version: 01-03-2012
Ran by Dave (administrator) on 01-04-2012 at 07:44:00
Running from "E:\6 Installers\51 Rendszereszközök\Farbar Service Scanner"
Microsoft Windows XP Professional Szervizcsomag 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2003-04-25 14:00] - [2008-04-14 09:01] - 0126464 ____A (Microsoft Corporation) 88A08B697755D99FFCF229E3E773B21E

C:\WINDOWS\system32\Drivers\afd.sys
[2003-04-25 14:00] - [2008-04-13 12:19] - 0138112 ____A () B1F274C917AD0AF2BEE5A9CC2332DBB1

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2003-04-25 14:00] - [2008-04-14 09:01] - 0045568 ____A (Microsoft Corporation) A8E952263DED30FD5BD91E085A95FF98

C:\WINDOWS\system32\ipnathlp.dll
[2003-04-25 14:00] - [2008-04-14 09:01] - 0330752 ____A (Microsoft Corporation) 0D9AF293975F4565A53DB8876E0304CD

C:\WINDOWS\system32\netman.dll
[2003-04-25 14:00] - [2008-04-14 09:01] - 0198144 ____A (Microsoft Corporation) B27FCDC1175C84CCCEC8A543B9A2099A

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2008-10-23 02:05] - [2008-04-14 09:02] - 0145408 ____A (Microsoft Corporation) C0434C31A059EB92FF378DF3E60B9967

C:\WINDOWS\system32\srsvc.dll
[2008-10-23 02:06] - [2008-04-14 09:02] - 0171520 ____A (Microsoft Corporation) 58B62B642DEB5D9BC712269BF33073FA

C:\WINDOWS\system32\Drivers\sr.sys
[2008-10-23 02:06] - [2008-04-14 08:44] - 0073472 ____A (Microsoft Corporation) 38E904FB6139945822B929EAF2570CA5

C:\WINDOWS\system32\wscsvc.dll
[2008-10-23 02:27] - [2008-04-14 09:02] - 0080896 ____N (Microsoft Corporation) BC50F125804F7E5E2CCBCB2E008C57CE

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2008-10-23 02:05] - [2008-04-14 09:02] - 0145408 ____A (Microsoft Corporation) C0434C31A059EB92FF378DF3E60B9967

C:\WINDOWS\system32\wuauserv.dll
[2008-10-23 02:05] - [2008-04-14 09:02] - 0006656 ____A (Microsoft Corporation) 92F33CF2ED203160B68C16C51074D531

C:\WINDOWS\system32\qmgr.dll
[2008-10-23 02:06] - [2008-04-14 09:02] - 0409088 ____A (Microsoft Corporation) 15C6AF3ABC00614E6D0031A9C0C4650D

C:\WINDOWS\system32\es.dll
[2003-04-25 14:00] - [2008-04-14 09:01] - 0246272 ____A (Microsoft Corporation) 63D8CC6C7C32FCF9AC3C697FCE8071F3

C:\WINDOWS\system32\cryptsvc.dll
[2003-04-25 14:00] - [2008-04-14 09:01] - 0062464 ____A (Microsoft Corporation) 13CB7FC794D005D60712FDD9F1362235

C:\WINDOWS\system32\svchost.exe
[2003-04-25 14:00] - [2008-04-14 09:02] - 0014336 ____A (Microsoft Corporation) 05194D8A92CF7E559C1A38FC134C966A

C:\WINDOWS\system32\rpcss.dll
[2003-04-25 14:00] - [2008-04-14 09:02] - 0399360 ____A (Microsoft Corporation) 8F42DABD55C66EB0BB41E4F9AD68EE42

C:\WINDOWS\system32\services.exe
[2003-04-25 14:00] - [2008-04-14 09:02] - 0109056 ____A (Microsoft Corporation) A4F2504691E6B273EB901EACA253C05F


Extra List:
=======
Avgtdix(10) Bridge(9) BridgeMP(8) Gpc(3) IPSec(5) NetBT(6) networx(91) PSched(7) Tcpip(4)
0x0C00000005000000010000000200000003000000040000005B0000005A0000000B0000000A000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

Thanks for the help!

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:03 AM

Posted 01 April 2012 - 04:40 PM

OK.first we have to male sure malware is not stopping all these still.
Please run these and see.

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#5 judicator

judicator
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 01 April 2012 - 06:22 PM

Hi,

I ran the tools (updating was a bit complicated since i had no internet), but i managed...

Here is some summary:
- avast is not finding anything since the boot-time scan yesterday. but avg reports the same file to be corrupted again and again: "c:\windows\system32\drivers\afd.sys" although nothing "virus-like" happens since. the sys file (when opened in notepad) has inside it the following text: "this file was sanitized by avast! antivirus". maybe this editing triggers avg?...

- Malwarebytes found 5 registry entries which it cured.

- TDSSKiller found some sort of service "sptd" which it found suspicious. i skipped the warning. reboot was not necessary.

- aswMBR found the same service "sptd" being locked. it also found some other stuff with hexa-codes which it marked with red.

and here are the logs:


Malwarebytes
__________________


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.01.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Dave :: E8400 [administrator]

Protection: Enabled

2012.04.02. 0:50:39
mbam-log-2012-04-02 (00-50-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 189643
Time elapsed: 4 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


TDSSKiller
___________________


00:59:14.0703 0944 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
00:59:14.0781 0944 ============================================================
00:59:14.0781 0944 Current date / time: 2012/04/02 00:59:14.0781
00:59:14.0781 0944 SystemInfo:
00:59:14.0781 0944
00:59:14.0781 0944 OS Version: 5.1.2600 ServicePack: 3.0
00:59:14.0781 0944 Product type: Workstation
00:59:14.0781 0944 ComputerName: E8400
00:59:14.0781 0944 UserName: Dave
00:59:14.0781 0944 Windows directory: C:\WINDOWS
00:59:14.0781 0944 System windows directory: C:\WINDOWS
00:59:14.0781 0944 Processor architecture: Intel x86
00:59:14.0781 0944 Number of processors: 2
00:59:14.0781 0944 Page size: 0x1000
00:59:14.0781 0944 Boot type: Normal boot
00:59:14.0781 0944 ============================================================
00:59:15.0781 0944 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x764A9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000058
00:59:15.0781 0944 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:59:15.0781 0944 \Device\Harddisk1\DR1:
00:59:15.0781 0944 MBR used
00:59:15.0781 0944 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x41D1881
00:59:15.0781 0944 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x41D18C0, BlocksNum 0x16D3C1F0
00:59:15.0781 0944 \Device\Harddisk0\DR0:
00:59:15.0781 0944 MBR used
00:59:15.0781 0944 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
00:59:15.0875 0944 Initialize success
00:59:15.0875 0944 ============================================================
00:59:30.0609 1532 ============================================================
00:59:30.0609 1532 Scan started
00:59:30.0609 1532 Mode: Manual; TDLFS;
00:59:30.0609 1532 ============================================================
00:59:30.0875 1532 3compxe - ok
00:59:30.0890 1532 a347bus - ok
00:59:30.0921 1532 a347scsi (113e4b318bbaa7483ca4e582a4d63f49) C:\WINDOWS\system32\Drivers\a347scsi.sys
00:59:30.0921 1532 a347scsi - ok
00:59:30.0937 1532 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
00:59:30.0937 1532 Aavmker4 - ok
00:59:30.0937 1532 Abiosdsk - ok
00:59:30.0953 1532 abp480n5 - ok
00:59:30.0984 1532 ACPI (5482ff197e59b4ca97ccb1b4740a2949) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:59:30.0984 1532 ACPI - ok
00:59:31.0000 1532 ACPIEC (582c901174a7f0733c6fe41c37c9a80b) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:59:31.0000 1532 ACPIEC - ok
00:59:31.0046 1532 Adobe LM Service (c1eb9968ec89fba5f3a264e2e57923ab) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
00:59:31.0046 1532 Adobe LM Service - ok
00:59:31.0046 1532 adpu160m - ok
00:59:31.0093 1532 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:59:31.0093 1532 aec - ok
00:59:31.0109 1532 AFD (b1f274c917ad0af2bee5a9cc2332dbb1) C:\WINDOWS\System32\drivers\afd.sys
00:59:31.0109 1532 AFD - ok
00:59:31.0109 1532 AFGMp50 - ok
00:59:31.0125 1532 Aha154x - ok
00:59:31.0125 1532 aic78u2 - ok
00:59:31.0140 1532 aic78xx - ok
00:59:31.0171 1532 Alerter (30a9d14627f79da00907fd78472f2a2e) C:\WINDOWS\system32\alrsvc.dll
00:59:31.0171 1532 Alerter - ok
00:59:31.0187 1532 ALG (2ac9e97d0e32250098efc9ac937ca097) C:\WINDOWS\System32\alg.exe
00:59:31.0187 1532 ALG - ok
00:59:31.0187 1532 AliIde - ok
00:59:31.0203 1532 amsint - ok
00:59:31.0218 1532 Andbus (19f9b865832fc563ed8eed449cb4ff31) C:\WINDOWS\system32\DRIVERS\lgandbus.sys
00:59:31.0218 1532 Andbus - ok
00:59:31.0250 1532 AndDiag (c896b7dcd81862cb51e5c2ebcf0b50ca) C:\WINDOWS\system32\DRIVERS\lganddiag.sys
00:59:31.0250 1532 AndDiag - ok
00:59:31.0265 1532 AndGps (2d4f4ee70eb5a03cffaa50e6d6b67bc8) C:\WINDOWS\system32\DRIVERS\lgandgps.sys
00:59:31.0265 1532 AndGps - ok
00:59:31.0281 1532 ANDModem (13947a4e2343d1dae526fb9b8e7898dc) C:\WINDOWS\system32\DRIVERS\lgandmodem.sys
00:59:31.0281 1532 ANDModem - ok
00:59:31.0296 1532 ANIO - ok
00:59:31.0328 1532 AppMgmt (0326a8c356dd42048f61ca6128d0b32f) C:\WINDOWS\System32\appmgmts.dll
00:59:31.0328 1532 AppMgmt - ok
00:59:31.0328 1532 asc - ok
00:59:31.0343 1532 asc3350p - ok
00:59:31.0343 1532 asc3550 - ok
00:59:31.0359 1532 ASNDIS5 - ok
00:59:31.0421 1532 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
00:59:31.0421 1532 aspnet_state - ok
00:59:31.0453 1532 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:59:31.0453 1532 AsyncMac - ok
00:59:31.0484 1532 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:59:31.0484 1532 atapi - ok
00:59:31.0500 1532 Atdisk - ok
00:59:31.0515 1532 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:59:31.0515 1532 Atmarpc - ok
00:59:31.0546 1532 AudioSrv (8c5f1fbd05f9accb319234f52abd58a6) C:\WINDOWS\System32\audiosrv.dll
00:59:31.0546 1532 AudioSrv - ok
00:59:31.0562 1532 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:59:31.0562 1532 audstub - ok
00:59:31.0656 1532 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
00:59:31.0656 1532 avast! Antivirus - ok
00:59:31.0781 1532 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
00:59:31.0796 1532 AVGIDSAgent - ok
00:59:31.0843 1532 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
00:59:31.0843 1532 AVGIDSDriver - ok
00:59:31.0875 1532 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
00:59:31.0875 1532 AVGIDSEH - ok
00:59:31.0890 1532 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
00:59:31.0890 1532 AVGIDSFilter - ok
00:59:31.0921 1532 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
00:59:31.0921 1532 AVGIDSShim - ok
00:59:31.0953 1532 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
00:59:31.0953 1532 Avgldx86 - ok
00:59:31.0968 1532 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
00:59:31.0968 1532 Avgmfx86 - ok
00:59:31.0984 1532 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
00:59:31.0984 1532 Avgrkx86 - ok
00:59:32.0000 1532 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
00:59:32.0000 1532 Avgtdix - ok
00:59:32.0078 1532 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
00:59:32.0078 1532 avgwd - ok
00:59:32.0109 1532 avmeject (263cf9d248fd5e020a1333ed4f7eaa88) C:\WINDOWS\system32\drivers\avmeject.sys
00:59:32.0109 1532 avmeject - ok
00:59:32.0140 1532 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:59:32.0140 1532 Beep - ok
00:59:32.0140 1532 bhmonitorservice - ok
00:59:32.0187 1532 BITS (15c6af3abc00614e6d0031a9c0c4650d) C:\WINDOWS\system32\qmgr.dll
00:59:32.0187 1532 BITS - ok
00:59:32.0203 1532 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
00:59:32.0203 1532 Bridge - ok
00:59:32.0203 1532 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
00:59:32.0203 1532 BridgeMP - ok
00:59:32.0234 1532 Browser (c95fdb8ce9cc31632c044293dc0ddc49) C:\WINDOWS\System32\browser.dll
00:59:32.0234 1532 Browser - ok
00:59:32.0265 1532 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:59:32.0265 1532 cbidf2k - ok
00:59:32.0281 1532 cd20xrnt - ok
00:59:32.0281 1532 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:59:32.0281 1532 Cdaudio - ok
00:59:32.0296 1532 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:59:32.0296 1532 Cdfs - ok
00:59:32.0312 1532 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:59:32.0312 1532 Cdrom - ok
00:59:32.0328 1532 Changer - ok
00:59:32.0328 1532 CiSvc - ok
00:59:32.0343 1532 ClipSrv - ok
00:59:32.0406 1532 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:59:32.0406 1532 clr_optimization_v2.0.50727_32 - ok
00:59:32.0468 1532 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:59:32.0468 1532 clr_optimization_v4.0.30319_32 - ok
00:59:32.0468 1532 CmdIde - ok
00:59:32.0484 1532 COMSysApp - ok
00:59:32.0484 1532 Cpqarray - ok
00:59:32.0515 1532 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.EXE
00:59:32.0515 1532 Creative Service for CDROM Access - ok
00:59:32.0546 1532 CryptSvc (13cb7fc794d005d60712fdd9f1362235) C:\WINDOWS\System32\cryptsvc.dll
00:59:32.0546 1532 CryptSvc - ok
00:59:32.0546 1532 cwafrmiregistry - ok
00:59:32.0562 1532 dac2w2k - ok
00:59:32.0562 1532 dac960nt - ok
00:59:32.0593 1532 DcomLaunch (8f42dabd55c66eb0bb41e4f9ad68ee42) C:\WINDOWS\system32\rpcss.dll
00:59:32.0609 1532 DcomLaunch - ok
00:59:32.0625 1532 Dhcp (88a08b697755d99ffcf229e3e773b21e) C:\WINDOWS\System32\dhcpcsvc.dll
00:59:32.0625 1532 Dhcp - ok
00:59:32.0656 1532 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:59:32.0656 1532 Disk - ok
00:59:32.0656 1532 dlcf_device - ok
00:59:32.0656 1532 dmadmin - ok
00:59:32.0703 1532 dmboot (ae717be311722ceebd9a27b57757a123) C:\WINDOWS\system32\drivers\dmboot.sys
00:59:32.0703 1532 dmboot - ok
00:59:32.0718 1532 dmio (66b7462ad4844052d4a6cbea3aa486a0) C:\WINDOWS\system32\drivers\dmio.sys
00:59:32.0718 1532 dmio - ok
00:59:32.0718 1532 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:59:32.0718 1532 dmload - ok
00:59:32.0750 1532 dmserver (eb86919019e3a7fce1ded4f89eb32e54) C:\WINDOWS\System32\dmserver.dll
00:59:32.0750 1532 dmserver - ok
00:59:32.0765 1532 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:59:32.0765 1532 DMusic - ok
00:59:32.0781 1532 Dnscache (a8e952263ded30fd5bd91e085a95ff98) C:\WINDOWS\System32\dnsrslvr.dll
00:59:32.0781 1532 Dnscache - ok
00:59:32.0812 1532 Dot3svc (cded26aa86a41d839cf00e96614c3b9f) C:\WINDOWS\System32\dot3svc.dll
00:59:32.0812 1532 Dot3svc - ok
00:59:32.0812 1532 dpti2o - ok
00:59:32.0843 1532 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:59:32.0843 1532 drmkaud - ok
00:59:32.0859 1532 EapHost (d5e22253a2b7329a93631282fd336615) C:\WINDOWS\System32\eapsvc.dll
00:59:32.0859 1532 EapHost - ok
00:59:32.0859 1532 ERSvc (bf7e7d1f855ed30a0d754b72c2304123) C:\WINDOWS\System32\ersvc.dll
00:59:32.0859 1532 ERSvc - ok
00:59:32.0890 1532 Eventlog (a4f2504691e6b273eb901eaca253c05f) C:\WINDOWS\system32\services.exe
00:59:32.0890 1532 Eventlog - ok
00:59:32.0906 1532 EventSystem (63d8cc6c7c32fcf9ac3c697fce8071f3) C:\WINDOWS\system32\es.dll
00:59:32.0906 1532 EventSystem - ok
00:59:32.0921 1532 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:59:32.0921 1532 Fastfat - ok
00:59:32.0953 1532 FastUserSwitchingCompatibility (b5ad66d523fb3f5f0bab3d8b623b5a51) C:\WINDOWS\System32\shsvcs.dll
00:59:32.0953 1532 FastUserSwitchingCompatibility - ok
00:59:32.0968 1532 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:59:32.0968 1532 Fdc - ok
00:59:32.0984 1532 Fips (0986fca8fd7a56d9f1628fe6ef321090) C:\WINDOWS\system32\drivers\Fips.sys
00:59:32.0984 1532 Fips - ok
00:59:33.0000 1532 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:59:33.0000 1532 Flpydisk - ok
00:59:33.0015 1532 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
00:59:33.0015 1532 FltMgr - ok
00:59:33.0031 1532 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:59:33.0031 1532 Fs_Rec - ok
00:59:33.0046 1532 Ftdisk (44225407f69666099c4d4c6bc9cd804d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:59:33.0046 1532 Ftdisk - ok
00:59:33.0078 1532 FWLANUSB (ff12fa487265da2ac7de4be53f72ff1a) C:\WINDOWS\system32\DRIVERS\fwlanusb.sys
00:59:33.0078 1532 FWLANUSB - ok
00:59:33.0109 1532 gdrv (5c230948dd6652228f88ca7ae6cb276c) C:\WINDOWS\gdrv.sys
00:59:33.0109 1532 gdrv - ok
00:59:33.0125 1532 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
00:59:33.0125 1532 giveio - ok
00:59:33.0140 1532 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:59:33.0140 1532 Gpc - ok
00:59:33.0156 1532 gtstusbser - ok
00:59:33.0218 1532 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
00:59:33.0218 1532 gusvc - ok
00:59:33.0250 1532 GVTDrv (689a8eef2a2d62b28a0a578a6196531c) C:\WINDOWS\system32\Drivers\GVTDrv.sys
00:59:33.0250 1532 GVTDrv - ok
00:59:33.0265 1532 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:59:33.0265 1532 HDAudBus - ok
00:59:33.0281 1532 helpsvc - ok
00:59:33.0281 1532 HidServ - ok
00:59:33.0312 1532 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:59:33.0312 1532 HidUsb - ok
00:59:33.0328 1532 hkmsvc (1322f13bbc291adc31b5dca438747175) C:\WINDOWS\System32\kmsvc.dll
00:59:33.0328 1532 hkmsvc - ok
00:59:33.0343 1532 hpn - ok
00:59:33.0359 1532 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
00:59:33.0359 1532 HTTP - ok
00:59:33.0390 1532 HTTPFilter (08b50881bafb64ea335d33c365e5c66d) C:\WINDOWS\System32\w3ssl.dll
00:59:33.0390 1532 HTTPFilter - ok
00:59:33.0406 1532 i2omgmt - ok
00:59:33.0406 1532 i2omp - ok
00:59:33.0437 1532 i8042prt (d7947ecf17544ced478bd969939db349) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:59:33.0437 1532 i8042prt - ok
00:59:33.0515 1532 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
00:59:33.0515 1532 IDriverT - ok
00:59:33.0593 1532 idsvc (ea7267505149b3a10df32506a4e4e412) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:59:33.0593 1532 idsvc - ok
00:59:33.0640 1532 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:59:33.0640 1532 Imapi - ok
00:59:33.0687 1532 ImapiService (82911feaed2529008424da1d51a6651b) C:\WINDOWS\System32\imapi.exe
00:59:33.0687 1532 ImapiService - ok
00:59:33.0687 1532 ini910u - ok
00:59:33.0812 1532 IntcAzAudAddService (08baf30f6de95814f58af9ce7bbc5614) C:\WINDOWS\system32\drivers\RtkHDAud.sys
00:59:33.0843 1532 IntcAzAudAddService - ok
00:59:33.0843 1532 IntelIde - ok
00:59:33.0875 1532 intelppm (5182797825b78faba84f7a82603e212d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:59:33.0875 1532 intelppm - ok
00:59:33.0906 1532 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
00:59:33.0906 1532 ip6fw - ok
00:59:33.0921 1532 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:59:33.0921 1532 IpFilterDriver - ok
00:59:33.0937 1532 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:59:33.0937 1532 IpInIp - ok
00:59:33.0953 1532 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:59:33.0953 1532 IpNat - ok
00:59:33.0953 1532 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:59:33.0953 1532 IPSec - ok
00:59:33.0984 1532 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:59:33.0984 1532 IRENUM - ok
00:59:34.0000 1532 isapnp (3685529caa2b14c9632e85e265ba293b) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:59:34.0000 1532 isapnp - ok
00:59:34.0078 1532 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
00:59:34.0078 1532 JavaQuickStarterService - ok
00:59:34.0093 1532 JRAID (ab95b2ddb49f6b6cf52625e56c1f1f71) C:\WINDOWS\system32\DRIVERS\jraid.sys
00:59:34.0093 1532 JRAID - ok
00:59:34.0125 1532 Kbdclass (51d3342d1a0c19605095405352bb009b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:59:34.0125 1532 Kbdclass - ok
00:59:34.0156 1532 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:59:34.0156 1532 kmixer - ok
00:59:34.0171 1532 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
00:59:34.0171 1532 KSecDD - ok
00:59:34.0187 1532 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
00:59:34.0187 1532 L8042Kbd - ok
00:59:34.0203 1532 lanmanserver (087418fa9583bee3cebcb80dea4d3cde) C:\WINDOWS\System32\srvsvc.dll
00:59:34.0203 1532 lanmanserver - ok
00:59:34.0218 1532 lanmanworkstation (6f752bbcc24729cea9680f435badc34b) C:\WINDOWS\System32\wkssvc.dll
00:59:34.0218 1532 lanmanworkstation - ok
00:59:34.0234 1532 lbrtfdc - ok
00:59:34.0296 1532 LBTServ (3af6b73a3ad1fc37c5933441f66ceb91) C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
00:59:34.0296 1532 LBTServ - ok
00:59:34.0328 1532 LgBttPort (4dd47b5af0b24871ebb9efc012a7474e) C:\WINDOWS\system32\DRIVERS\lgbtport.sys
00:59:34.0328 1532 LgBttPort - ok
00:59:34.0359 1532 lgbusenum (1d038ca6c529203087a990e5e97887b4) C:\WINDOWS\system32\DRIVERS\lgbtbus.sys
00:59:34.0359 1532 lgbusenum - ok
00:59:34.0390 1532 LGVMODEM (26f1976a330195d62a6224c76968cf0d) C:\WINDOWS\system32\DRIVERS\lgvmodem.sys
00:59:34.0390 1532 LGVMODEM - ok
00:59:34.0421 1532 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
00:59:34.0421 1532 LHidFilt - ok
00:59:34.0421 1532 liveupdate - ok
00:59:34.0437 1532 LmHosts (5b56b702c586e0ecab3f73d3a8b804f4) C:\WINDOWS\System32\lmhsvc.dll
00:59:34.0437 1532 LmHosts - ok
00:59:34.0453 1532 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
00:59:34.0453 1532 LMouFilt - ok
00:59:34.0468 1532 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
00:59:34.0468 1532 LUsbFilt - ok
00:59:34.0468 1532 MarkFun_NT - ok
00:59:34.0468 1532 massfilter - ok
00:59:34.0500 1532 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
00:59:34.0500 1532 MBAMProtector - ok
00:59:34.0531 1532 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
00:59:34.0546 1532 MBAMService - ok
00:59:34.0562 1532 Messenger (05c44a00bc1f84ac9b959e0389b9f7f1) C:\WINDOWS\System32\msgsvc.dll
00:59:34.0562 1532 Messenger - ok
00:59:34.0578 1532 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:59:34.0578 1532 mnmdd - ok
00:59:34.0609 1532 mnmsrvc (eb005cb40470ce2980affed53fe0c84f) C:\WINDOWS\System32\mnmsrvc.exe
00:59:34.0609 1532 mnmsrvc - ok
00:59:34.0625 1532 Modem (226b93eb15b1c819fa021a5167c5809d) C:\WINDOWS\system32\drivers\Modem.sys
00:59:34.0625 1532 Modem - ok
00:59:34.0640 1532 Mouclass (705cac1902dcd3e3181a199d7ad40d13) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:59:34.0640 1532 Mouclass - ok
00:59:34.0671 1532 mouhid (6a79cb27d0e608a45638cd9468269a3e) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:59:34.0671 1532 mouhid - ok
00:59:34.0671 1532 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:59:34.0671 1532 MountMgr - ok
00:59:34.0687 1532 mraid35x - ok
00:59:34.0703 1532 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:59:34.0703 1532 MRxDAV - ok
00:59:34.0718 1532 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:59:34.0718 1532 MRxSmb - ok
00:59:34.0750 1532 MSDTC (95468a97bb0cabca3baa14d2f25adf58) C:\WINDOWS\System32\msdtc.exe
00:59:34.0750 1532 MSDTC - ok
00:59:34.0765 1532 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:59:34.0765 1532 Msfs - ok
00:59:34.0765 1532 MSIServer - ok
00:59:34.0796 1532 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:59:34.0796 1532 MSKSSRV - ok
00:59:34.0796 1532 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:59:34.0796 1532 MSPCLOCK - ok
00:59:34.0812 1532 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:59:34.0812 1532 MSPQM - ok
00:59:34.0828 1532 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:59:34.0828 1532 mssmbios - ok
00:59:34.0843 1532 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
00:59:34.0843 1532 Mup - ok
00:59:34.0875 1532 napagent (ba626dd0478f59e6d841b5ba136f7851) C:\WINDOWS\System32\qagentrt.dll
00:59:34.0875 1532 napagent - ok
00:59:34.0890 1532 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:59:34.0890 1532 NDIS - ok
00:59:34.0906 1532 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:59:34.0906 1532 NdisTapi - ok
00:59:34.0921 1532 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:59:34.0921 1532 Ndisuio - ok
00:59:34.0937 1532 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:59:34.0937 1532 NdisWan - ok
00:59:34.0953 1532 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
00:59:34.0953 1532 NDProxy - ok
00:59:34.0968 1532 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:59:34.0968 1532 NetBIOS - ok
00:59:34.0968 1532 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:59:34.0984 1532 NetBT - ok
00:59:35.0000 1532 NetDDE (760dca57a43ee12a544d3c4c172944f1) C:\WINDOWS\system32\netdde.exe
00:59:35.0015 1532 NetDDE - ok
00:59:35.0015 1532 NetDDEdsdm (760dca57a43ee12a544d3c4c172944f1) C:\WINDOWS\system32\netdde.exe
00:59:35.0015 1532 NetDDEdsdm - ok
00:59:35.0046 1532 Netlogon (21844f6da13ece4737d0b7524edeb6ec) C:\WINDOWS\System32\lsass.exe
00:59:35.0046 1532 Netlogon - ok
00:59:35.0062 1532 Netman (b27fcdc1175c84cccec8a543b9a2099a) C:\WINDOWS\System32\netman.dll
00:59:35.0062 1532 Netman - ok
00:59:35.0078 1532 NetTcpActivator - ok
00:59:35.0140 1532 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:59:35.0140 1532 NetTcpPortSharing - ok
00:59:35.0171 1532 networx (323d4ca30902a190197e7dc39f12a251) C:\WINDOWS\system32\drivers\networx.sys
00:59:35.0171 1532 networx - ok
00:59:35.0187 1532 Nla (4c1d3961bba71cdd963c0253ab581d22) C:\WINDOWS\System32\mswsock.dll
00:59:35.0187 1532 Nla - ok
00:59:35.0265 1532 nosGetPlusHelper (f44addbf29905cb19f52fc9fe6a0efa1) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
00:59:35.0265 1532 nosGetPlusHelper - ok
00:59:35.0296 1532 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:59:35.0296 1532 Npfs - ok
00:59:35.0312 1532 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:59:35.0328 1532 Ntfs - ok
00:59:35.0328 1532 NtLmSsp (21844f6da13ece4737d0b7524edeb6ec) C:\WINDOWS\System32\lsass.exe
00:59:35.0343 1532 NtLmSsp - ok
00:59:35.0359 1532 NtmsSvc (7bcab6a25f1dcab6057b94afd308703d) C:\WINDOWS\system32\ntmssvc.dll
00:59:35.0375 1532 NtmsSvc - ok
00:59:35.0375 1532 ntsecure - ok
00:59:35.0390 1532 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:59:35.0390 1532 Null - ok
00:59:35.0562 1532 nv (b961fa7cdb31e7f6d97185d8763a1267) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:59:35.0593 1532 nv - ok
00:59:35.0671 1532 NVSvc (8314b51e228e23beb34312795e10f2c2) C:\WINDOWS\system32\nvsvc32.exe
00:59:35.0671 1532 NVSvc - ok
00:59:35.0703 1532 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:59:35.0703 1532 NwlnkFlt - ok
00:59:35.0718 1532 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:59:35.0718 1532 NwlnkFwd - ok
00:59:35.0718 1532 NwSapAgent - ok
00:59:35.0796 1532 odserv (e54aa592a65f317390eee386a8821692) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:59:35.0796 1532 odserv - ok
00:59:35.0796 1532 omniinet - ok
00:59:35.0812 1532 oracleorahomeagent - ok
00:59:35.0843 1532 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:59:35.0843 1532 ose - ok
00:59:35.0859 1532 PAC7302 - ok
00:59:35.0890 1532 Parport (632f154061074a9a1b75ecbba89d8d42) C:\WINDOWS\system32\DRIVERS\parport.sys
00:59:35.0890 1532 Parport - ok
00:59:35.0906 1532 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:59:35.0906 1532 PartMgr - ok
00:59:35.0937 1532 ParVdm (4df92a889e7fe15ed3834d288a0271f5) C:\WINDOWS\system32\drivers\ParVdm.sys
00:59:35.0937 1532 ParVdm - ok
00:59:35.0953 1532 PCI (b4a9c91cfdd5c68e2e48c0754e3a88f9) C:\WINDOWS\system32\DRIVERS\pci.sys
00:59:35.0953 1532 PCI - ok
00:59:35.0953 1532 PCIDump - ok
00:59:35.0968 1532 PCIIde (fbf3cc42488fd2ce49f9427240cd5809) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:59:35.0968 1532 PCIIde - ok
00:59:35.0984 1532 Pcmcia (3defb381b9cdca9d4375bd37a3c0189b) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:59:35.0984 1532 Pcmcia - ok
00:59:36.0000 1532 PDCOMP - ok
00:59:36.0000 1532 PDFRAME - ok
00:59:36.0015 1532 PDRELI - ok
00:59:36.0015 1532 PDRFRAME - ok
00:59:36.0031 1532 perc2 - ok
00:59:36.0031 1532 perc2hib - ok
00:59:36.0062 1532 PlugPlay (a4f2504691e6b273eb901eaca253c05f) C:\WINDOWS\system32\services.exe
00:59:36.0062 1532 PlugPlay - ok
00:59:36.0093 1532 PolicyAgent (21844f6da13ece4737d0b7524edeb6ec) C:\WINDOWS\System32\lsass.exe
00:59:36.0093 1532 PolicyAgent - ok
00:59:36.0109 1532 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:59:36.0109 1532 PptpMiniport - ok
00:59:36.0125 1532 Processor (545fb7671a581085fb70dee465c3d980) C:\WINDOWS\system32\DRIVERS\processr.sys
00:59:36.0125 1532 Processor - ok
00:59:36.0125 1532 ProtectedStorage (21844f6da13ece4737d0b7524edeb6ec) C:\WINDOWS\system32\lsass.exe
00:59:36.0125 1532 ProtectedStorage - ok
00:59:36.0140 1532 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:59:36.0140 1532 PSched - ok
00:59:36.0171 1532 PSSDK42 (c8eb36910d3bd582891977e80925e21e) C:\WINDOWS\system32\Drivers\pssdk42.sys
00:59:36.0171 1532 PSSDK42 - ok
00:59:36.0187 1532 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:59:36.0187 1532 Ptilink - ok
00:59:36.0203 1532 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:59:36.0203 1532 PxHelp20 - ok
00:59:36.0203 1532 ql1080 - ok
00:59:36.0218 1532 Ql10wnt - ok
00:59:36.0234 1532 ql12160 - ok
00:59:36.0234 1532 ql1240 - ok
00:59:36.0250 1532 ql1280 - ok
00:59:36.0265 1532 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:59:36.0265 1532 RasAcd - ok
00:59:36.0281 1532 RasAuto (99056dedcecd84c97199df04b0c2a06c) C:\WINDOWS\System32\rasauto.dll
00:59:36.0281 1532 RasAuto - ok
00:59:36.0296 1532 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:59:36.0296 1532 Rasl2tp - ok
00:59:36.0312 1532 RasMan (06bde13f36b12b0732160815d4dee293) C:\WINDOWS\System32\rasmans.dll
00:59:36.0312 1532 RasMan - ok
00:59:36.0328 1532 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:59:36.0328 1532 RasPppoe - ok
00:59:36.0343 1532 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:59:36.0343 1532 Raspti - ok
00:59:36.0359 1532 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:59:36.0359 1532 Rdbss - ok
00:59:36.0359 1532 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:59:36.0359 1532 RDPCDD - ok
00:59:36.0390 1532 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:59:36.0390 1532 rdpdr - ok
00:59:36.0406 1532 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
00:59:36.0406 1532 RDPWD - ok
00:59:36.0421 1532 RDSessMgr (021ecf2d4cf03ff4f6f7fb55bce980b7) C:\WINDOWS\system32\sessmgr.exe
00:59:36.0421 1532 RDSessMgr - ok
00:59:36.0453 1532 redbook (3c706fd765482112c3a6d42e1d7b58bb) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:59:36.0453 1532 redbook - ok
00:59:36.0468 1532 RemoteAccess (48330a8af52d0fbfa8ed9b25af882eb1) C:\WINDOWS\System32\mprdim.dll
00:59:36.0468 1532 RemoteAccess - ok
00:59:36.0484 1532 RemoteRegistry (523a1fafa0b72c5d865e0c15149c3ce1) C:\WINDOWS\system32\regsvc.dll
00:59:36.0484 1532 RemoteRegistry - ok
00:59:36.0515 1532 RpcLocator (a60d90c4e394f350d0fe26976839e10b) C:\WINDOWS\System32\locator.exe
00:59:36.0515 1532 RpcLocator - ok
00:59:36.0531 1532 RpcSs (8f42dabd55c66eb0bb41e4f9ad68ee42) C:\WINDOWS\System32\rpcss.dll
00:59:36.0531 1532 RpcSs - ok
00:59:36.0562 1532 RSVP (f11743652869182b2a0ad40ee16e914c) C:\WINDOWS\System32\rsvp.exe
00:59:36.0562 1532 RSVP - ok
00:59:36.0578 1532 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
00:59:36.0578 1532 rtl8139 - ok
00:59:36.0609 1532 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
00:59:36.0609 1532 RTLE8023xp - ok
00:59:36.0640 1532 SamSs (21844f6da13ece4737d0b7524edeb6ec) C:\WINDOWS\system32\lsass.exe
00:59:36.0640 1532 SamSs - ok
00:59:36.0656 1532 SCardSvr (47a1586f642c33b2300d8ac9822ec5e6) C:\WINDOWS\System32\SCardSvr.exe
00:59:36.0656 1532 SCardSvr - ok
00:59:36.0687 1532 Schedule (2e1b2df1abe710e2928ae095a2416ca2) C:\WINDOWS\system32\schedsvc.dll
00:59:36.0687 1532 Schedule - ok
00:59:36.0703 1532 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:59:36.0718 1532 Secdrv - ok
00:59:36.0734 1532 seclogon (d437de698f9301baf0fc451a4fea79eb) C:\WINDOWS\System32\seclogon.dll
00:59:36.0734 1532 seclogon - ok
00:59:36.0734 1532 SENS (d92f5928e1c76fa421cd469ccd599855) C:\WINDOWS\System32\sens.dll
00:59:36.0734 1532 SENS - ok
00:59:36.0765 1532 Sentinel (aebba7428a6c40cce3c5abde45190b24) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
00:59:36.0765 1532 Sentinel - ok
00:59:36.0781 1532 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:59:36.0781 1532 serenum - ok
00:59:36.0796 1532 Serial (87df40b4db611efbdf74c9b3eccab417) C:\WINDOWS\system32\DRIVERS\serial.sys
00:59:36.0796 1532 Serial - ok
00:59:36.0812 1532 SetupNT - ok
00:59:36.0828 1532 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:59:36.0828 1532 Sfloppy - ok
00:59:36.0843 1532 SharedAccess (0d9af293975f4565a53db8876e0304cd) C:\WINDOWS\System32\ipnathlp.dll
00:59:36.0843 1532 SharedAccess - ok
00:59:36.0875 1532 ShellHWDetection (b5ad66d523fb3f5f0bab3d8b623b5a51) C:\WINDOWS\System32\shsvcs.dll
00:59:36.0875 1532 ShellHWDetection - ok
00:59:36.0890 1532 Simbad - ok
00:59:36.0906 1532 SimpTcp (ab1097f0c511b1f1f7506e7467b1931d) C:\WINDOWS\System32\tcpsvcs.exe
00:59:36.0921 1532 SimpTcp - ok
00:59:36.0953 1532 SNMP (91861e9deecad3d213cb0b3175bcd66d) C:\WINDOWS\System32\snmp.exe
00:59:36.0953 1532 SNMP - ok
00:59:36.0968 1532 SNMPTRAP (6a0913b93f4a3f86e8da1ffaddafb848) C:\WINDOWS\System32\snmptrap.exe
00:59:36.0968 1532 SNMPTRAP - ok
00:59:36.0968 1532 Sparrow - ok
00:59:37.0000 1532 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
00:59:37.0000 1532 speedfan - ok
00:59:37.0031 1532 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:59:37.0031 1532 splitter - ok
00:59:37.0046 1532 Spooler (75090d3ac252ed03c85b20bf9663f8de) C:\WINDOWS\system32\spoolsv.exe
00:59:37.0046 1532 Spooler - ok
00:59:37.0078 1532 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
00:59:37.0078 1532 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
00:59:37.0078 1532 sptd ( LockedFile.Multi.Generic ) - warning
00:59:37.0078 1532 sptd - detected LockedFile.Multi.Generic (1)
00:59:37.0093 1532 sr (38e904fb6139945822b929eaf2570ca5) C:\WINDOWS\system32\DRIVERS\sr.sys
00:59:37.0093 1532 sr - ok
00:59:37.0140 1532 srescan (44f8645bcffbd1fbda6c3766f6ec61e2) C:\WINDOWS\system32\ZoneLabs\srescan.sys
00:59:37.0140 1532 srescan - ok
00:59:37.0156 1532 srservice (58b62b642deb5d9bc712269bf33073fa) C:\WINDOWS\system32\srsvc.dll
00:59:37.0156 1532 srservice - ok
00:59:37.0171 1532 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
00:59:37.0171 1532 Srv - ok
00:59:37.0187 1532 SSDPSRV (05ef84f349b5718acfc7f166c9ed8349) C:\WINDOWS\System32\ssdpsrv.dll
00:59:37.0187 1532 SSDPSRV - ok
00:59:37.0234 1532 StarWindServiceAE (b1691af4a072cb674d600db16dd7308e) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
00:59:37.0234 1532 StarWindServiceAE - ok
00:59:37.0250 1532 stisvc (68dd74d33b4b0ec3221024bf17649404) C:\WINDOWS\system32\wiaservc.dll
00:59:37.0265 1532 stisvc - ok
00:59:37.0281 1532 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:59:37.0281 1532 swenum - ok
00:59:37.0312 1532 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:59:37.0312 1532 swmidi - ok
00:59:37.0312 1532 SwPrv - ok
00:59:37.0328 1532 symc810 - ok
00:59:37.0328 1532 symc8xx - ok
00:59:37.0343 1532 sym_hi - ok
00:59:37.0343 1532 sym_u3 - ok
00:59:37.0359 1532 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:59:37.0359 1532 sysaudio - ok
00:59:37.0390 1532 SysmonLog (5c95e044e50ee133a1f9cd7a20c642ed) C:\WINDOWS\system32\smlogsvc.exe
00:59:37.0390 1532 SysmonLog - ok
00:59:37.0406 1532 TapiSrv (dc7489bbf629fa7e8eb1be6a96ec5366) C:\WINDOWS\System32\tapisrv.dll
00:59:37.0406 1532 TapiSrv - ok
00:59:37.0437 1532 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:59:37.0437 1532 Tcpip - ok
00:59:37.0453 1532 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:59:37.0453 1532 TDPIPE - ok
00:59:37.0468 1532 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:59:37.0468 1532 TDTCP - ok
00:59:37.0484 1532 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:59:37.0484 1532 TermDD - ok
00:59:37.0515 1532 TermService (9ba79e5a12285e988fe65d26643b2930) C:\WINDOWS\System32\termsrv.dll
00:59:37.0515 1532 TermService - ok
00:59:37.0531 1532 Themes (b5ad66d523fb3f5f0bab3d8b623b5a51) C:\WINDOWS\System32\shsvcs.dll
00:59:37.0531 1532 Themes - ok
00:59:37.0546 1532 TlntSvr (944938e466c084c8959a3c0ed67f6db3) C:\WINDOWS\System32\tlntsvr.exe
00:59:37.0546 1532 TlntSvr - ok
00:59:37.0562 1532 TosIde - ok
00:59:37.0578 1532 TrkWks (95d39c8dab384c298a0fcae9d11e70cd) C:\WINDOWS\system32\trkwks.dll
00:59:37.0593 1532 TrkWks - ok
00:59:37.0609 1532 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:59:37.0609 1532 Udfs - ok
00:59:37.0609 1532 ultra - ok
00:59:37.0640 1532 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:59:37.0640 1532 Update - ok
00:59:37.0656 1532 upnphost (720f67b91a60baa415bc42fb5502a6b1) C:\WINDOWS\System32\upnphost.dll
00:59:37.0656 1532 upnphost - ok
00:59:37.0671 1532 UPS (29677a815edaea1afddcb0706c5252d2) C:\WINDOWS\System32\ups.exe
00:59:37.0671 1532 UPS - ok
00:59:37.0703 1532 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:59:37.0703 1532 usbccgp - ok
00:59:37.0734 1532 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:59:37.0734 1532 usbehci - ok
00:59:37.0750 1532 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:59:37.0750 1532 usbhub - ok
00:59:37.0765 1532 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:59:37.0765 1532 usbprint - ok
00:59:37.0796 1532 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:59:37.0796 1532 usbscan - ok
00:59:37.0828 1532 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:59:37.0828 1532 USBSTOR - ok
00:59:37.0828 1532 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:59:37.0828 1532 usbuhci - ok
00:59:37.0843 1532 vcommmgr - ok
00:59:37.0875 1532 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:59:37.0875 1532 VgaSave - ok
00:59:37.0875 1532 ViaIde - ok
00:59:37.0906 1532 VolSnap (9946cfcc7e445e1d846db748299724eb) C:\WINDOWS\system32\drivers\VolSnap.sys
00:59:37.0906 1532 VolSnap - ok
00:59:37.0953 1532 vsdatant (da43fd5e1eccca4ada414ce5f8582b86) C:\WINDOWS\system32\vsdatant.sys
00:59:37.0953 1532 vsdatant - ok
00:59:37.0953 1532 vsmon - ok
00:59:37.0984 1532 VSS (0e732b7febd8e568c299f7b7844a58d2) C:\WINDOWS\System32\vssvc.exe
00:59:37.0984 1532 VSS - ok
00:59:38.0093 1532 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
00:59:38.0093 1532 vToolbarUpdater10.2.0 - ok
00:59:38.0125 1532 W32Time (0064029a603fcaae6fe923a36be93d86) C:\WINDOWS\system32\w32time.dll
00:59:38.0125 1532 W32Time - ok
00:59:38.0156 1532 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:59:38.0156 1532 Wanarp - ok
00:59:38.0187 1532 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
00:59:38.0187 1532 wceusbsh - ok
00:59:38.0218 1532 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
00:59:38.0218 1532 Wdf01000 - ok
00:59:38.0218 1532 WDICA - ok
00:59:38.0250 1532 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:59:38.0250 1532 wdmaud - ok
00:59:38.0265 1532 WebClient (ff0bfdf40334a24d5c3334004966b505) C:\WINDOWS\System32\webclnt.dll
00:59:38.0265 1532 WebClient - ok
00:59:38.0296 1532 winmgmt (c0434c31a059eb92ff378df3e60b9967) C:\WINDOWS\system32\wbem\WMIsvc.dll
00:59:38.0296 1532 winmgmt - ok
00:59:38.0375 1532 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
00:59:38.0375 1532 WLSetupSvc - ok
00:59:38.0390 1532 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
00:59:38.0390 1532 WmdmPmSN - ok
00:59:38.0437 1532 Wmi (544e06dd90dcccbf8d9fe1ca249d06fe) C:\WINDOWS\System32\advapi32.dll
00:59:38.0437 1532 Wmi - ok
00:59:38.0453 1532 WmiApSrv (74a8863a5d168af325fe7744359374c6) C:\WINDOWS\System32\wbem\wmiapsrv.exe
00:59:38.0468 1532 WmiApSrv - ok
00:59:38.0515 1532 WMPNetworkSvc (efd0218c157dbfc71cf88df8ff6ed100) C:\Program Files\Windows Media Player\WMPNetwk.exe
00:59:38.0515 1532 WMPNetworkSvc - ok
00:59:38.0531 1532 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
00:59:38.0531 1532 WpdUsb - ok
00:59:38.0640 1532 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:59:38.0640 1532 WPFFontCache_v0400 - ok
00:59:38.0671 1532 wuauserv (92f33cf2ed203160b68c16c51074d531) C:\WINDOWS\system32\wuauserv.dll
00:59:38.0671 1532 wuauserv - ok
00:59:38.0703 1532 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:59:38.0703 1532 WudfPf - ok
00:59:38.0718 1532 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:59:38.0718 1532 WudfRd - ok
00:59:38.0734 1532 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
00:59:38.0734 1532 WudfSvc - ok
00:59:38.0765 1532 WZCSVC (2158a38f056e1c10dc7fb4277c8e6dab) C:\WINDOWS\System32\wzcsvc.dll
00:59:38.0765 1532 WZCSVC - ok
00:59:38.0796 1532 xmlprov (d14bda868a9d712ee9c0da009031b1d6) C:\WINDOWS\System32\xmlprov.dll
00:59:38.0796 1532 xmlprov - ok
00:59:38.0796 1532 ZTEusbmdm6k - ok
00:59:38.0812 1532 ZTEusbnmea - ok
00:59:38.0812 1532 ZTEusbser6k - ok
00:59:38.0828 1532 MBR (0x1B8) (186a4159d7661245314a7a933981403e) \Device\Harddisk1\DR1
00:59:39.0109 1532 \Device\Harddisk1\DR1 - ok
00:59:39.0109 1532 MBR (0x1B8) (186a4159d7661245314a7a933981403e) \Device\Harddisk0\DR0
00:59:39.0171 1532 \Device\Harddisk0\DR0 - ok
00:59:39.0187 1532 Boot (0x1200) (0081c3cf3a260c611317388a0644af2e) \Device\Harddisk1\DR1\Partition0
00:59:39.0203 1532 \Device\Harddisk1\DR1\Partition0 - ok
00:59:39.0203 1532 Boot (0x1200) (8808cd35af2962bd5222262547dbd8f5) \Device\Harddisk1\DR1\Partition1
00:59:39.0218 1532 \Device\Harddisk1\DR1\Partition1 - ok
00:59:39.0218 1532 Boot (0x1200) (b6f5cc77f9a861200b15ed468ee69332) \Device\Harddisk0\DR0\Partition0
00:59:39.0218 1532 \Device\Harddisk0\DR0\Partition0 - ok
00:59:39.0218 1532 ============================================================
00:59:39.0218 1532 Scan finished
00:59:39.0218 1532 ============================================================
00:59:39.0218 3764 Detected object count: 1
00:59:39.0218 3764 Actual detected object count: 1
01:00:49.0828 3764 sptd ( LockedFile.Multi.Generic ) - skipped by user
01:00:49.0828 3764 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
01:01:59.0859 2732 Deinitialize success

aswMBR
_________________
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-02 01:02:35
-----------------------------
01:02:35.078 OS Version: Windows 5.1.2600 Szervizcsomag 3
01:02:35.078 Number of processors: 2 586 0x170A
01:02:35.078 ComputerName: E8400 UserName: Dave
01:02:35.343 Initialize success
01:02:36.031 AVAST engine defs: 12033101
01:02:44.843 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
01:02:44.843 Disk 0 Vendor: SAMSUNG_HD501LJ CR100-13 Size: 476938MB BusType: 3
01:02:44.843 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Scsi\JRAID1Port4Path0Target0Lun0
01:02:44.843 Disk 1 Vendor: SAMSUNG_ Size: 238475MB BusType: 1
01:02:44.859 Disk 1 MBR read successfully
01:02:44.859 Disk 1 MBR scan
01:02:45.031 Disk 1 Windows XP default MBR code
01:02:45.031 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 33699 MB offset 63
01:02:45.203 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 187000 MB offset 69015744
01:02:45.234 Disk 1 Partition 3 00 DE Dell Utility 11634 MB offset 464304490
01:02:45.328 Disk 1 scanning sectors +488130922
01:02:45.484 Disk 1 scanning C:\WINDOWS\system32\drivers
01:03:01.062 Service scanning
01:03:06.968 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
01:03:07.734 Service vsdatant C:\WINDOWS\System32\vsdatant.sys **LOCKED** 32
01:03:09.203 Modules scanning
01:03:13.078 Disk 1 trace - called modules:
01:03:13.093 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a7da1e8]<<
01:03:13.093 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8a6ffab8]
01:03:13.093 3 CLASSPNP.SYS[ba8f8fd7] -> nt!IofCallDriver -> \Device\0000007e[0x8a79e920]
01:03:13.093 5 ACPI.sys[ba67d620] -> nt!IofCallDriver -> \Device\Scsi\JRAID1Port4Path0Target0Lun0[0x8a7b0a38]
01:03:13.093 \Driver\JRAID[0x8a7dab00] -> IRP_MJ_CREATE -> 0x8a7da1e8
01:03:13.296 AVAST engine scan C:\WINDOWS
01:03:16.843 AVAST engine scan C:\WINDOWS\system32
01:04:16.171 AVAST engine scan C:\WINDOWS\system32\drivers
01:04:21.765 AVAST engine scan C:\Documents and Settings\Dave
01:09:18.375 AVAST engine scan C:\Documents and Settings\All Users
01:10:59.421 Scan finished successfully
01:17:30.437 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Dave\Asztal\MBR.dat"
01:17:30.437 The log file has been saved successfully to "C:\Documents and Settings\Dave\Asztal\aswMBR.txt"



thanks for the help!

bye

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:03 AM

Posted 01 April 2012 - 07:41 PM

Lets just check that AVG file if we can.

This is possibly a False positive. We should double check it before we take action.

Lets' upload this file for a second opinion on what it actually is..

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.
<filepath>suspect.file

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/


NOTE:
For submission to a specific anti-virus vendor see Submitting Virus Samples: How to Submit a Virus.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#7 judicator

judicator
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 02 April 2012 - 01:50 PM

hi,

I made the jotti-scan (btw: is it normal to copy an infected file from one computer to another to have it scanned??? did i just infect the other computer as well?)

the results:

Scanners
[ArcaVir]
2012-04-02 Found nothing
[Frisk F-Prot Antivirus]
2012-04-02 W32/SuspPack.AA.gen!Eldorado
[Avast! antivirus]
2012-04-02 Found nothing
[F-Secure Anti-Virus]
2012-04-02 Found nothing
[Grisoft AVG Anti-Virus]
2012-04-02 Corrupted
[G DATA]
2012-04-02 Found nothing
[Avira AntiVir]
2012-04-02 RKIT/ZAccess.TE
[Ikarus]
2012-04-02 Rootkit.Win32.ZAccess
[Softwin BitDefender]
2012-04-02 Found nothing
[Kaspersky Anti-Virus]
2012-04-02 Found nothing
[ClamAV]
2012-04-02 Found nothing
[Panda Antivirus]
2012-04-02 Found nothing
[CPsecure]
2012-04-02 Found nothing
[Quick Heal]
2012-04-02 Found nothing
[Dr.Web]
2012-04-02 Found nothing
[Sophos]
2012-04-02 Found nothing
[Emsisoft Anti-Malware]
2012-04-02 Rootkit.Win32.ZAccess!IK
[VirusBlokAda VBA32]
2012-04-02 Found nothing
[ESET]
2012-04-02 Found nothing
[VirusBuster]
2012-04-02 Found nothing

tx for the help!

Bye

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:03 AM

Posted 02 April 2012 - 08:17 PM

Hello. no they open it it a virtual machine. So in a sense yes you did infect them but once thety close your file its all erased..

You do have a 0access infection and we need yo move you and get it dug out.

Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#9 judicator

judicator
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 04 April 2012 - 01:28 PM

Hi,

thanks for the response, I will post the logs.

But my question was badly formulated: i wanted to know, whether i just infected this very computer i am posting from?
My original problem was - namely - that i do not have internet on my infected pc --> i could not post the file for the scan directly...

I renamed the infected file, and copied to this computer --> does it mean, that this computer became also infected?

Thanks for the info!

Bye

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:03 AM

Posted 04 April 2012 - 07:22 PM

I see,no as you did not run the file there.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#11 judicator

judicator
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 05 April 2012 - 02:31 PM

Hi,

thanks for the help of every one of you: i can go online again!

So i can go online, but the still active Malwarebytes steadily reports about contact attempts (inbound/outbound) to suspicious sites like 67.215.246.204 etc.

Does it mean, that the virus still resides on my comp somewhere?

Many thanks already...

Bye

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:03 AM

Posted 05 April 2012 - 07:21 PM

This is why I want you to do the Prep Guide in post 8 to be sure there is nothing lurking that we cannot see.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#13 judicator

judicator
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 09 April 2012 - 12:51 PM

Yup, I'm already over it...

I followed the advices in the other topic:
ComboFix found something, I posted the log right now for analysis.

Bye

#14 judicator

judicator
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 10 May 2012 - 11:14 AM

Hi,

I seem to have been forgotten in my other topic that you have suggested opening: it is locked already, although I did not receive any response to my latest post...
Could you help me please?

http://www.bleepingcomputer.com/forums/topic448664.html

Thanks in advance!

Bye

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:03 AM

Posted 10 May 2012 - 06:44 PM

I reopened this topic..
http://www.bleepingcomputer.com/forums/topic448664.html/page__st__15

Please start at page 2,post 16.


Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 5 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users