Jump to content


 

Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista runs fine in safe mode, VERY slow otherwise

Started by ElectroSpecter , Jul 28 2012 07:23 AM

  • Please log in to reply
12 replies to this topic

#1 ElectroSpecter

ElectroSpecter

    New Member

  • Members
  • Pip
  • 12 posts

Posted 28 July 2012 - 07:23 AM

So a few nights ago, there was a bad storm. I turned the computer off manually (by holding the power button in) and unplugged it before the storm hit. When I turned it back on, I noticed that it was taking around 20 minutes to start up. When it gets to the point where I can open programs, it takes them forever to respond. At first I thought this was related to the storm or the way I turned the computer off. I took out the CMOS battery and let that sit for a while, thinking that might have been a problem, but it wasn't.

At this point, I'm thinking it's coincidental that this happened right when the storm hit and the problem is actually malware or something.

I have the latest version and updates for AVG, but it didn't find anything on a full computer scan. Does it sound like there's something I should be able to do?

 

  • BC Ads
  • BleepingComputer.com

#2 swagger

swagger

    Senior Member

  • Members
  • PipPipPipPip
  • 476 posts
  • Gender:Male
  • Location:South Carolina

Posted 31 July 2012 - 12:07 PM

Hello ElectroSpecter,

My name is swagger and I'll be assisting you.

Could you tell me what OS you are running?

regards,

swagger

#3 boopme

boopme

    To Insanity and Beyond

  • Global Moderator
  • PipPipPipPipPipPip
  • 55,329 posts
  • Gender:Male
  • Location:NJ USA

Posted 01 August 2012 - 10:53 PM

Hello as per your 3 day post,, please run these..

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).




Next run Superantisypware (SAS):

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
    For instructions with screenshots, please refer to the How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all other options as they are set):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the Control Center screen.
  • Back on the main screen, under "Select Scan Type" check the box for Complete Scan.
  • If your computer is badly infected, be sure to check the box next to Enable Rescue Scan (Highly Infected Systems ONLY).
  • Click the Scan your computer... button.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the scan log after reboot, launch SUPERAntiSpyware again.
  • Click the View Scan Logs button at the bottom.
  • This will open the Scanner Logs Window.
  • Click on the log to highlight it and then click on View Selected Log to open it.
  • Copy and paste the scan log results in your next reply.
-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#4 ElectroSpecter

ElectroSpecter

    New Member

  • Members
  • Pip
  • 12 posts

Posted 02 August 2012 - 12:28 PM

Here are the results of MiniToolBox:

MiniToolBox by Farbar  Version: 23-07-2012
Ran by Aimee (administrator) on 02-08-2012 at 09:33:20
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ============================== 

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ============================== 


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 abcstats.com
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 aconti.net
127.0.0.1 secure.aconti.net
127.0.0.1 www.aconti.net 127.0.0.1 ads.active.com

There are 12680 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Aimee-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.ct.comcast.net.

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : hsd1.ct.comcast.net.
   Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
   Physical Address. . . . . . . . . : 00-1C-25-87-02-F7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::f1ee:9f4c:1b22:6e6d%8(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, August 02, 2012 9:16:42 AM
   Lease Expires . . . . . . . . . . : Friday, August 03, 2012 9:16:41 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 201333797
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-4E-A2-3B-00-1C-25-87-02-F7
   DNS Servers . . . . . . . . . . . : 75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : isatap.{046FDA4B-8902-4F5D-931F-1E0C82707CAA}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.ct.comcast.net.
   Description . . . . . . . . . . . : isatap.hsd1.ct.comcast.net.
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  cdns01.comcast.net
Address:  75.75.75.75

Name:    google.com
Addresses:  2607:f8b0:4006:802::1009
	  173.194.43.35
	  173.194.43.46
	  173.194.43.41
	  173.194.43.39
	  173.194.43.34
	  173.194.43.36
	  173.194.43.38
	  173.194.43.33
	  173.194.43.32
	  173.194.43.40
	  173.194.43.37

Pinging google.com [173.194.43.34] with 32 bytes of data:Reply from 173.194.43.34: bytes=32 time=20ms TTL=53Reply from 173.194.43.34: bytes=32 time=19ms TTL=53Ping statistics for 173.194.43.34:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 19ms, Maximum = 20ms, Average = 19msDNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  75.75.75.75

Name:    yahoo.com
Addresses:  72.30.38.140
	  98.139.183.24
	  209.191.122.70

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:Reply from 209.191.122.70: bytes=32 time=73ms TTL=50Reply from 209.191.122.70: bytes=32 time=73ms TTL=50Ping statistics for 209.191.122.70:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 73ms, Maximum = 73ms, Average = 73msServer:  cdns01.comcast.net
Address:  75.75.75.75

DNS request timed out.
    timeout was 2 seconds.
Name:    bleepingcomputer.com
Address:  208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Pinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
  8 ...00 1c 25 87 02 f7 ...... NVIDIA nForce Networking Controller
  1 ........................... Software Loopback Interface 1
 10 ...00 00 00 00 00 00 00 e0  isatap.{046FDA4B-8902-4F5D-931F-1E0C82707CAA}
  9 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 14 ...00 00 00 00 00 00 00 e0  isatap.hsd1.ct.comcast.net.
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.100     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.100    276
    192.168.1.100  255.255.255.255         On-link     192.168.1.100    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.100    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.100    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.100    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  8    276 fe80::/64                On-link
  8    276 fe80::f1ee:9f4c:1b22:6e6d/128
                                    On-link
  1    306 ff00::/8                 On-link
  8    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/28/2012 07:35:20 AM) (Source: Automatic LiveUpdate Scheduler) (User: NT AUTHORITY)NT AUTHORITY
Description: Informasjonsnivå: error

Initialization of the COM subsystem failed. Error code: 0x8007041D.

Error: (07/28/2012 06:18:47 AM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (07/27/2012 11:12:08 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (07/27/2012 11:09:18 PM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\msiexec.exe /V; Descripton = Installed AVG 2012; Hr = 0x8007043c).

Error: (07/27/2012 11:06:41 PM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\msiexec.exe /V; Descripton = Installed AVG 2012; Hr = 0x8007043c).

Error: (07/27/2012 11:06:32 PM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\msiexec.exe /V; Descripton = Installed AVG 2012; Hr = 0x8007043c).

Error: (07/27/2012 11:02:24 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (07/27/2012 10:58:33 PM) (Source: MsiInstaller) (User: Aimee-PC)Aimee-PC
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1722. SA_Error1722: StandardAction(0xC00706BA): There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action RegisterTuneUp, location: C:\Program Files\AVG\AVG2012\PCTuneup\MicroScanner.exe, command: -REGSERVER

Error: (07/27/2012 10:09:25 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/01/2007 00:27:26 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (08/02/2012 09:31:39 AM) (Source: disk) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (08/02/2012 09:31:35 AM) (Source: disk) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (08/02/2012 09:31:30 AM) (Source: disk) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (08/02/2012 09:31:26 AM) (Source: disk) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (08/02/2012 09:31:21 AM) (Source: disk) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (08/02/2012 09:31:17 AM) (Source: disk) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (08/02/2012 09:31:13 AM) (Source: disk) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (08/02/2012 09:31:08 AM) (Source: disk) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (08/02/2012 09:30:34 AM) (Source: disk) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (08/02/2012 09:30:29 AM) (Source: disk) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.


Microsoft Office Sessions:
=========================
Error: (07/28/2012 07:35:20 AM) (Source: Automatic LiveUpdate Scheduler)(User: NT AUTHORITY)NT AUTHORITY
Description: errorInitialization of the COM subsystem failed. Error code: 0x8007041D.

Error: (07/28/2012 06:18:47 AM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (07/27/2012 11:12:08 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (07/27/2012 11:09:18 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VInstalled AVG 20120x8007043c

Error: (07/27/2012 11:06:41 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VInstalled AVG 20120x8007043c

Error: (07/27/2012 11:06:32 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VInstalled AVG 20120x8007043c

Error: (07/27/2012 11:02:24 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (07/27/2012 10:58:33 PM) (Source: MsiInstaller)(User: Aimee-PC)Aimee-PC
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1722. SA_Error1722: StandardAction(0xC00706BA): There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action RegisterTuneUp, location: C:\Program Files\AVG\AVG2012\PCTuneup\MicroScanner.exe, command: -REGSERVER (NULL)(NULL)(NULL)(NULL)

Error: (07/27/2012 10:09:25 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/01/2007 00:27:26 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


=========================== Installed Programs ============================

µTorrent (Version: 1.8.0)
32 Bit HP CIO Components Installer (Version: 7.1.8)
Ad-Aware (Version: 7.1.0.7)
Adobe AIR (Version: 3.0.0.4080)
Adobe Flash Media Live Encoder 3.1 (Version: 3.1.0)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin (Version: 11.1.102.62)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
AIM 7
AIO_Scan (Version: 90.0.222.000)
Amazon Kindle
AppCore (Version: 1.3)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Audacity 1.2.6
AVG 2012 (Version: 12.0.2197)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2197)
AVS DVD Copy version 4.1.1
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
BitTorrent
Bonjour (Version: 3.0.0.10)
Bradford Persistent Agent (Version: 2.0.3.8)
BufferChm (Version: 90.0.146.000)
Cain & Abel v4.9.39
Cain & Abel v4.9.43
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000)
ccCommon (Version: 107.0.0.102)
CDisplay 1.8
Comcast Desktop Software (v1.2.0.9) (Version: 23)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Component Framework (Version: 2006.1.3.35)
Copy (Version: 90.0.146.000)
CustomerResearchQFolder (Version: 1.00.0000)
CyberLink DVD Suite Deluxe (Version: 5.5.1019)
Desktop Doctor (Version: 2.5.5)
Destination Component (Version: 090.000.091.086)
DeviceDiscovery (Version: 90.0.205.000)
DeviceManagementQFolder (Version: 1.00.0000)
DivX Setup (Version: 2.5.0.11)
DJ_AIO_ProductContext (Version: 90.0.236.000)
DJ_AIO_Software (Version: 90.0.222.000)
DJ_AIO_Software_min (Version: 90.0.222.000)
DNA (Version: 2.2.2 (13666))
Download Updater (AOL LLC)
Dropbox (Version: 1.4.9)
DVD Architect Pro 5.0 (Version: 5.0.180)
Dyyno Broadcaster
Enhanced Multimedia Keyboard Solution
eSupportQFolder (Version: 1.00.0000)
Facebook Plug-In
FFsplit (Version: 0.3.2)
Financial Planning Software (Version: 1.00.000)
Garmin POI Loader (Version: 2.5.2.0)
Gizmos and Gadgets!
Google Chrome (Version: 21.0.1180.60)
Google Earth Plug-in (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.115)
Grand Theft Auto Vice City (Version: 1.00.000)
GSAK 8.1.0.10 (Final)
Hardware Diagnostic Tools (Version: 5.00.4589.14)
Hewlett-Packard Active Check (Version: 1.1.11.0)
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.62.5)
Hex Workshop v6.6 (Version: 6.6.0.5152)
HHD Software Free Hex Editor Neo 4.97 (Version: 4.97.1.3661)
HostsMan 3.2.73 (Version: 3.2.73)
HP Active Support Library (Version: 2.3.0.2)
HP Advisor (Version: 3.1.9152.3107)
HP Customer Experience Enhancements (Version: 5.4.0.2360)
HP Customer Feedback (Version: 1.0.0)
HP Customer Participation Program 9.0 (Version: 9.0)
HP Deskjet All-In-One Software 9.0 (Version: 9.0)
HP Easy Setup - Frontend (Version: 5.4.0.2430)
HP Imaging Device Functions 9.0 (Version: 9.0)
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.5 (Version: 1.02.0000)
HP Photosmart Essential 2.5 (Version: 2.5)
HP Picasso Media Center Add-In (Version: 1.0.0)
HP Product Assistant (Version: 100.000.001.000)
HP Solution Center 9.0 (Version: 9.0)
HP Update (Version: 5.003.001.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000)
HPProductAssistant (Version: 90.0.146.000)
HPSSupply (Version: 2.2.0.0000)
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.1.6.0)
Java DB 10.6.2.1 (Version: 10.6.2.1)
Java(TM) 6 Update 31 (Version: 6.0.310)
Java(TM) 7 Update 5 (Version: 7.0.50)
Java(TM) SE Development Kit 6 Update 27 (Version: 1.6.0.270)
Java(TM) SE Development Kit 7 (Version: 1.7.0.0)
Java(TM) SE Development Kit 7 Update 3 (Version: 1.7.0.30)
Java(TM) SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
JavaFX 2.0.3 SDK (Version: 2.0.3)
JavaFX 2.1.1 (Version: 2.1.1)
Juniper Networks Host Checker (Version: 7.0.0.16499)
Juniper Networks Secure Application Manager (Version: 7.0.0.16499)
Juniper Networks Setup Client Activex Control (Version: 2.1.1.1)
Juniper Networks, Inc. Setup Client (Version: 7.1.3.11013)
KG-Chart LE for Cross Stitch 1.24.04 (Version: 1.24.04)
LabelPrint (Version: 2.2.2209)
LightScribe System Software  1.10.16.1 (Version: 1.10.16.1)
LightScribe Template Labeler (Version: 1.10.13.1)
LiveUpdate (Symantec Corporation) (Version: 3.4.0.162)
LiveUpdate (Symantec Corporation) (Version: 3.4.0.164)
Magic ISO Maker v5.5 (build 0281)
Malwarebytes' Anti-Malware
MarketResearch (Version: 90.0.146.000)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Works (Version: 9.7.0621)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Minitab 15 English (Version: 15.1.30)
Move Media Player
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee autoProducer 6.1 (Version: 6.10.050)
My HP Games (Version: HPCMPQ1902)
Norton AntiVirus (Version: 15.0.0.58)
Norton AntiVirus Help (Version: 15.0)
Norton Confidential Core (Version: 2.0.0.84)
Norton Internet Security (Symantec Corporation) (Version: 15.0.0.60)
Norton Internet Security (Version: 15.0.0.60)
Norton Protection Center (Version: 3.1.0.98)
NVIDIA Drivers
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenOffice.org 3.2 (Version: 3.2.9502)
PCStitch 10 (Version: 10.00.18)
Pinnacle Instant DVD Recorder (Version: 2.00.088)
Power2Go (Version: 5.6.3417)
PowerDirector (Version: 6.5.2209)
Project64 1.6 (Version: 1.6)
PSSWCORE (Version: 2.02.0000)
Python 2.5 (Version: 2.5.150)
QuickTime (Version: 7.72.80.56)
Rainlendar2 (remove only)
Realtek High Definition Audio Driver (Version: 6.0.1.5789)
RPG Maker VX (Version: 1.02)
RPG Maker VX RTP (Version: 1.02)
Scan (Version: 9.0.0.0)
Skype™ 5.10 (Version: 5.10.115)
Snapfish Picture Mover (Version: 1.9.0.16)
Soft Data Fax Modem with SmartCP (Version: 7.74.00)
SolutionCenter (Version: 90.0.146.000)
Sony Vegas 7.0 (Version: 7.0.192)
SPBBC 32bit (Version: 4.0.0.134)
Spotify (Version: 0.5.2)
Spotify (Version: 0.8.3.222.g317ab79d)
Status (Version: 90.0.146.000)
Studio 11 (Version: 11.0)
Studio 11 (Version: 11.0.0.0)
Symantec Real Time Storage Protection Component (Version: 10.2.2.6)
SymNet (Version: 8.0.3.4)
The Sims 2
The Sims™ 3 (Version: 1.0.631)
Toolbox (Version: 90.0.146.000)
TrayApp (Version: 90.0.146.000)
Unity Web Player (Version: )
UnloadSupport (Version: 9.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VideoToolkit01 (Version: 100.0.128.000)
Viewpoint Media Player
WeatherBug Gadget (Version: 1.0.0.6)
WebReg (Version: 90.0.146.000)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinPcap 4.1.2 (Version: 4.1.0.2001)
WinRAR archiver
XSplit (Version: 1.0.1206.0203)
Yahoo! Desktop Login (Version: 1.00.0001)
Yahoo! Detect
ZoneAlarm Firewall (Version: 10.2.068.000)
ZoneAlarm LTD Toolbar
ZoneAlarm Pro (Version: 10.2.064.000)
ZoneAlarm Security (Version: 10.2.068.000)
Zune (Version: 04.02.0202.00)
Zune Language Pack (DE) (Version: 04.02.0202.00)
Zune Language Pack (ES) (Version: 04.02.0202.00)
Zune Language Pack (FR) (Version: 04.02.0202.00)
Zune Language Pack (IT) (Version: 04.02.0202.00)

========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 1916.45 MB
Available physical RAM: 967.02 MB
Total Pagefile: 4074.93 MB
Available Pagefile: 2993.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1941.57 MB

========================= Partitions: =====================================

1 Drive c: (HP) (Fixed) (Total:456.21 GB) (Free:342.12 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.55 GB) (Free:0.91 GB) NTFS
8 Drive j: () (Fixed) (Total:298.08 GB) (Free:154.17 GB) NTFS

========================= Users: ========================================

User accounts for \\AIMEE-PC

Administrator            Aimee                    Guest                    
Matt                     


**** End of log ****

Here is the log for MWB:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.03.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Aimee :: AIMEE-PC [administrator]

8/2/2012 9:53:34 AM
mbam-log-2012-08-02 (09-53-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245803
Time elapsed: 8 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\$RECYCLE.BIN\S-1-5-21-4095007493-1665805158-2214465134-1000\$RIA0MH8.exe (PUP.PasswordTool) -> Quarantined and deleted successfully.

(end)

And here is the log for SAS:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/02/2012 at 12:57 PM

Application Version : 5.5.1012

Core Rules Database Version : 8997
Trace Rules Database Version: 6809

Scan type       : Complete Scan
Total Scan Time : 01:41:56

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned      : 644
Memory threats detected   : 0
Registry items scanned    : 36645
Registry threats detected : 0
File items scanned        : 88341
File threats detected     : 78

Adware.Tracking Cookie
	C:\Users\Aimee\AppData\Roaming\Microsoft\Windows\Cookies\M54ZD330.txt [ /eyewonder.com ]
	insight.torbit.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.lucidmedia.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.flagcounter.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.azjmp.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.azjmp.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ru4.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.flagcounter.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.bizrate.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.bizrate.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.bizrate.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.bizrate.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.amazon-adsystem.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.amazon-adsystem.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.estat.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.pcworldcommunication.122.2o7.net [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	wstat.wibiya.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.themis-media.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.microsoftwwretailservices.112.2o7.net [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	media.gsimedia.net [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.discountelectronics.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.discountelectronics.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	adserver.twitpic.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	my360stats.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.doubleclick.net [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.fastclick.net [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.fastclick.net [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.advertising.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tmobile.db.advertising.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.interclick.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.interclick.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.interclick.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tribalfusion.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	stats.unionleader.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	stats.unionleader.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	stats.unionleader.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	stats.unionleader.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	stats.unionleader.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	stats.newhampshire.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	stats.newhampshire.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	stats.newhampshire.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	stats.nh365.org [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	stats.nh365.org [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	stats.nh365.org [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.saxounionleader.112.2o7.net [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	adx.razorshift.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.sixflags.122.2o7.net [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.accountonline.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.accountonline.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.c1.atdmt.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media6degrees.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media6degrees.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media6degrees.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media6degrees.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media6degrees.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	coremetrics.ibanking-services.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	accounts.youtube.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	accounts.google.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	accounts.google.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.ebtaccount.jpmorgan.com [ C:\USERS\AIMEE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	macromedia.com [ C:\USERS\AIMEE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\VIRTUALIZED\C\USERS\AIMEE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3LDXCHJP ]
	ia.media-imdb.com [ C:\USERS\AIMEE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VPTWMTBX ]

Trojan.Agent/Gen-Kitter
	J:\MORE STUFF\GAMES\CAT MARIO\T¬TST+TªT¬GAGNGVGTG(.EXE
	J:\MORE STUFF\GAMES\T¬TST+TªT¬GAGNGVGTG(.EXE

Trojan.Agent/Gen-Downloader
	J:\MORE STUFF\MUSIC\NSF CONVERTER\NSFTEN01.EXE

#5 boopme

boopme

    To Insanity and Beyond

  • Global Moderator
  • PipPipPipPipPipPip
  • 55,329 posts
  • Gender:Male
  • Location:NJ USA

Posted 02 August 2012 - 11:15 PM

OK, that was good.

lets clean the Temp files amd do another scan.
Let me know how it is after.
We need to update some things too.

Run TFC by OT (Temp File Cleaner)
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
>>>>>>

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.

>>>>>>


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#6 ElectroSpecter

ElectroSpecter

    New Member

  • Members
  • Pip
  • 12 posts

Posted 03 August 2012 - 04:25 PM

I couldn't get the first link to work. I used the other two:

09:19:10.0516 5464	TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
09:19:12.0545 5464	============================================================
09:19:12.0545 5464	Current date / time: 2012/08/03 09:19:12.0545
09:19:12.0545 5464	SystemInfo:
09:19:12.0545 5464	
09:19:12.0545 5464	OS Version: 6.0.6002 ServicePack: 2.0
09:19:12.0545 5464	Product type: Workstation
09:19:12.0545 5464	ComputerName: AIMEE-PC
09:19:12.0545 5464	UserName: Aimee
09:19:12.0545 5464	Windows directory: C:\Windows
09:19:12.0546 5464	System windows directory: C:\Windows
09:19:12.0546 5464	Processor architecture: Intel x86
09:19:12.0546 5464	Number of processors: 2
09:19:12.0546 5464	Page size: 0x1000
09:19:12.0546 5464	Boot type: Normal boot
09:19:12.0546 5464	============================================================
09:21:14.0327 5464	Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:21:14.0344 5464	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:21:14.0415 5464	============================================================
09:21:14.0415 5464	\Device\Harddisk1\DR1:
09:21:14.0415 5464	MBR partitions:
09:21:14.0415 5464	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x39069DE3
09:21:14.0415 5464	\Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x39069E22, BlocksNum 0x131AE1F
09:21:14.0416 5464	\Device\Harddisk0\DR0:
09:21:14.0416 5464	MBR partitions:
09:21:14.0416 5464	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
09:21:14.0416 5464	============================================================
09:21:14.0450 5464	C: <-> \Device\Harddisk1\DR1\Partition0
09:21:14.0500 5464	D: <-> \Device\Harddisk1\DR1\Partition1
09:21:14.0521 5464	J: <-> \Device\Harddisk0\DR0\Partition0
09:21:14.0521 5464	============================================================
09:21:14.0521 5464	Initialize success
09:21:14.0521 5464	============================================================
09:21:24.0264 5348	============================================================
09:21:24.0264 5348	Scan started
09:21:24.0264 5348	Mode: Manual; TDLFS; 
09:21:24.0264 5348	============================================================
09:21:25.0851 5348	!SASCORE        (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
09:21:25.0854 5348	!SASCORE - ok
09:21:25.0975 5348	aawservice      (17067069b9a7865028c1f2e6971d0ccc) C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
09:21:25.0986 5348	aawservice - ok
09:21:26.0128 5348	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
09:21:26.0132 5348	ACPI - ok
09:21:26.0240 5348	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:21:26.0242 5348	AdobeARMservice - ok
09:21:26.0282 5348	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
09:21:26.0338 5348	adp94xx - ok
09:21:26.0384 5348	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
09:21:26.0431 5348	adpahci - ok
09:21:26.0466 5348	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
09:21:26.0506 5348	adpu160m - ok
09:21:26.0517 5348	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
09:21:26.0537 5348	adpu320 - ok
09:21:26.0576 5348	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
09:21:26.0578 5348	AeLookupSvc - ok
09:21:26.0630 5348	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
09:21:26.0634 5348	AFD - ok
09:21:26.0676 5348	agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
09:21:26.0713 5348	agp440 - ok
09:21:26.0747 5348	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
09:21:26.0806 5348	aic78xx - ok
09:21:26.0846 5348	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
09:21:26.0848 5348	ALG - ok
09:21:26.0860 5348	aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
09:21:26.0897 5348	aliide - ok
09:21:26.0932 5348	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
09:21:26.0978 5348	amdagp - ok
09:21:27.0005 5348	amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
09:21:27.0043 5348	amdide - ok
09:21:27.0083 5348	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
09:21:27.0130 5348	AmdK7 - ok
09:21:27.0165 5348	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
09:21:27.0242 5348	AmdK8 - ok
09:21:27.0303 5348	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
09:21:27.0305 5348	Appinfo - ok
09:21:27.0392 5348	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:21:27.0396 5348	Apple Mobile Device - ok
09:21:27.0440 5348	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
09:21:27.0480 5348	arc - ok
09:21:27.0519 5348	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
09:21:27.0536 5348	arcsas - ok
09:21:27.0631 5348	aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:21:27.0685 5348	aspnet_state - ok
09:21:27.0735 5348	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
09:21:27.0746 5348	AsyncMac - ok
09:21:27.0775 5348	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
09:21:27.0776 5348	atapi - ok
09:21:27.0827 5348	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
09:21:27.0834 5348	AudioEndpointBuilder - ok
09:21:27.0842 5348	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
09:21:27.0847 5348	Audiosrv - ok
09:21:27.0892 5348	Automatic LiveUpdate Scheduler (7c813eb232c7aefa627a12a104dda221) c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
09:21:27.0897 5348	Automatic LiveUpdate Scheduler - ok
09:21:28.0255 5348	AVGIDSAgent     (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG10\AVGG\avgidsagent.exe
09:21:28.0342 5348	AVGIDSAgent - ok
09:21:28.0483 5348	AVGIDSDriver    (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys
09:21:28.0486 5348	AVGIDSDriver - ok
09:21:28.0540 5348	AVGIDSFilter    (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys
09:21:28.0542 5348	AVGIDSFilter - ok
09:21:28.0555 5348	AVGIDSHX        (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys
09:21:28.0557 5348	AVGIDSHX - ok
09:21:28.0570 5348	AVGIDSShim      (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys
09:21:28.0572 5348	AVGIDSShim - ok
09:21:28.0644 5348	Avgldx86        (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys
09:21:28.0648 5348	Avgldx86 - ok
09:21:28.0657 5348	Avgmfx86        (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys
09:21:28.0660 5348	Avgmfx86 - ok
09:21:28.0693 5348	Avgrkx86        (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys
09:21:28.0695 5348	Avgrkx86 - ok
09:21:28.0723 5348	Avgtdix         (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys
09:21:28.0728 5348	Avgtdix - ok
09:21:28.0889 5348	avgwd           (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG10\AVGG\avgwdsvc.exe
09:21:28.0893 5348	avgwd - ok
09:21:28.0935 5348	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
09:21:28.0937 5348	Beep - ok
09:21:28.0990 5348	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
09:21:28.0998 5348	BFE - ok
09:21:29.0088 5348	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
09:21:29.0106 5348	BITS - ok
09:21:29.0122 5348	blbdrive - ok
09:21:29.0468 5348	BNPagent        (eb4dbd440b3b7138a5f16808d9dee638) C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
09:21:29.0566 5348	BNPagent - ok
09:21:29.0656 5348	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
09:21:29.0662 5348	Bonjour Service - ok
09:21:29.0838 5348	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
09:21:29.0842 5348	bowser - ok
09:21:29.0875 5348	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
09:21:29.0886 5348	BrFiltLo - ok
09:21:29.0898 5348	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
09:21:29.0932 5348	BrFiltUp - ok
09:21:29.0987 5348	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
09:21:29.0990 5348	Browser - ok
09:21:30.0010 5348	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
09:21:30.0024 5348	Brserid - ok
09:21:30.0039 5348	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
09:21:30.0054 5348	BrSerWdm - ok
09:21:30.0080 5348	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
09:21:30.0092 5348	BrUsbMdm - ok
09:21:30.0102 5348	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
09:21:30.0114 5348	BrUsbSer - ok
09:21:30.0131 5348	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
09:21:30.0170 5348	BTHMODEM - ok
09:21:30.0273 5348	ccEvtMgr        (2f237aab91497aaa03af48eae68758fc) c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
09:21:30.0276 5348	ccEvtMgr - ok
09:21:30.0282 5348	ccSetMgr        (2f237aab91497aaa03af48eae68758fc) c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
09:21:30.0286 5348	ccSetMgr - ok
09:21:30.0322 5348	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
09:21:30.0326 5348	cdfs - ok
09:21:30.0361 5348	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
09:21:30.0363 5348	cdrom - ok
09:21:30.0388 5348	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
09:21:30.0391 5348	CertPropSvc - ok
09:21:30.0415 5348	circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
09:21:30.0430 5348	circlass - ok
09:21:30.0471 5348	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
09:21:30.0478 5348	CLFS - ok
09:21:30.0542 5348	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:21:30.0600 5348	clr_optimization_v2.0.50727_32 - ok
09:21:30.0794 5348	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:21:30.0832 5348	clr_optimization_v4.0.30319_32 - ok
09:21:30.0846 5348	CLTNetCnService (2f237aab91497aaa03af48eae68758fc) c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
09:21:30.0849 5348	CLTNetCnService - ok
09:21:30.0872 5348	cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
09:21:30.0913 5348	cmdide - ok
09:21:31.0009 5348	COH_Mon         (6186b6b953bdc884f0f379b84b3e3a98) C:\Windows\system32\Drivers\COH_Mon.sys
09:21:31.0011 5348	COH_Mon - ok
09:21:31.0053 5348	comHost         (75a69ca9998577f8b2be8695040e5df4) c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
09:21:31.0075 5348	comHost - ok
09:21:31.0083 5348	Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
09:21:31.0098 5348	Compbatt - ok
09:21:31.0104 5348	COMSysApp - ok
09:21:31.0132 5348	CO_Mon          (73f5d6835bfa66019c03e316d99649da) C:\Windows\system32\drivers\CO_Mon.sys
09:21:31.0174 5348	CO_Mon - ok
09:21:31.0201 5348	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
09:21:31.0203 5348	crcdisk - ok
09:21:31.0222 5348	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
09:21:31.0254 5348	Crusoe - ok
09:21:31.0319 5348	CryptSvc        (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
09:21:31.0322 5348	CryptSvc - ok
09:21:31.0390 5348	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
09:21:31.0403 5348	DcomLaunch - ok
09:21:31.0445 5348	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
09:21:31.0448 5348	DfsC - ok
09:21:31.0541 5348	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
09:21:31.0621 5348	DFSR - ok
09:21:31.0749 5348	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
09:21:31.0753 5348	Dhcp - ok
09:21:31.0793 5348	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
09:21:31.0798 5348	disk - ok
09:21:31.0836 5348	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
09:21:31.0878 5348	Dnscache - ok
09:21:31.0927 5348	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
09:21:31.0932 5348	dot3svc - ok
09:21:31.0956 5348	Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
09:21:31.0958 5348	Dot4 - ok
09:21:31.0981 5348	Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
09:21:31.0983 5348	Dot4Print - ok
09:21:31.0998 5348	dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
09:21:32.0000 5348	dot4usb - ok
09:21:32.0040 5348	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
09:21:32.0045 5348	DPS - ok
09:21:32.0103 5348	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
09:21:32.0135 5348	drmkaud - ok
09:21:32.0198 5348	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
09:21:32.0210 5348	DXGKrnl - ok
09:21:32.0294 5348	Dyyno Launcher  (c507a291037cc929f955d2834c741f75) C:\Program Files\Dyyno\Dyyno Broadcaster\launcherd.exe
09:21:32.0303 5348	Dyyno Launcher - ok
09:21:32.0336 5348	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
09:21:32.0353 5348	E1G60 - ok
09:21:32.0403 5348	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
09:21:32.0405 5348	EapHost - ok
09:21:32.0449 5348	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
09:21:32.0453 5348	Ecache - ok
09:21:32.0512 5348	eeCtrl          (96bcd90ed9235a21629effde5e941fb1) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
09:21:32.0525 5348	eeCtrl - ok
09:21:32.0578 5348	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
09:21:32.0583 5348	ehRecvr - ok
09:21:32.0604 5348	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
09:21:32.0607 5348	ehSched - ok
09:21:32.0627 5348	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
09:21:32.0628 5348	ehstart - ok
09:21:32.0668 5348	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
09:21:32.0703 5348	elxstor - ok
09:21:32.0760 5348	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
09:21:32.0768 5348	EMDMgmt - ok
09:21:32.0843 5348	EraserUtilRebootDrv (392c86f6b45c0bc696c32c27f51e749f) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:21:32.0883 5348	EraserUtilRebootDrv - ok
09:21:32.0929 5348	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
09:21:32.0934 5348	EventSystem - ok
09:21:32.0990 5348	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
09:21:33.0002 5348	exfat - ok
09:21:33.0019 5348	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
09:21:33.0057 5348	fastfat - ok
09:21:33.0091 5348	fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
09:21:33.0124 5348	fdc - ok
09:21:33.0160 5348	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
09:21:33.0162 5348	fdPHost - ok
09:21:33.0189 5348	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
09:21:33.0192 5348	FDResPub - ok
09:21:33.0216 5348	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
09:21:33.0219 5348	FileInfo - ok
09:21:33.0246 5348	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
09:21:33.0256 5348	Filetrace - ok
09:21:33.0271 5348	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
09:21:33.0310 5348	flpydisk - ok
09:21:33.0360 5348	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
09:21:33.0365 5348	FltMgr - ok
09:21:33.0435 5348	FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
09:21:33.0449 5348	FontCache - ok
09:21:33.0520 5348	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:21:33.0571 5348	FontCache3.0.0.0 - ok
09:21:33.0612 5348	Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
09:21:33.0614 5348	Fs_Rec - ok
09:21:33.0642 5348	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
09:21:33.0657 5348	gagp30kx - ok
09:21:33.0725 5348	GameConsoleService (44d07e5a444692e9b6a5cdd7401b4402) C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
09:21:33.0782 5348	GameConsoleService - ok
09:21:33.0823 5348	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:21:33.0825 5348	GEARAspiWDM - ok
09:21:33.0877 5348	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
09:21:33.0929 5348	gpsvc - ok
09:21:33.0993 5348	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
09:21:33.0997 5348	gupdate - ok
09:21:34.0003 5348	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
09:21:34.0010 5348	gupdatem - ok
09:21:34.0047 5348	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
09:21:34.0088 5348	HdAudAddService - ok
09:21:34.0152 5348	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:21:34.0162 5348	HDAudBus - ok
09:21:34.0185 5348	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
09:21:34.0224 5348	HidBth - ok
09:21:34.0252 5348	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
09:21:34.0293 5348	HidIr - ok
09:21:34.0365 5348	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
09:21:34.0368 5348	hidserv - ok
09:21:34.0405 5348	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
09:21:34.0447 5348	HidUsb - ok
09:21:34.0488 5348	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
09:21:34.0493 5348	hkmsvc - ok
09:21:34.0554 5348	HP Health Check Service (0d26c438e2938a3e6bdd91173bc96ff0) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
09:21:34.0557 5348	HP Health Check Service - ok
09:21:34.0577 5348	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
09:21:34.0615 5348	HpCISSs - ok
09:21:34.0687 5348	hpqcxs08        (38d6b51f04def7fb248fa56e4c47407e) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
09:21:34.0692 5348	hpqcxs08 - ok
09:21:34.0710 5348	hpqddsvc        (3ee4a63539ec04ee2d4bd293985087ab) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
09:21:34.0713 5348	hpqddsvc - ok
09:21:34.0794 5348	HSF_DP          (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
09:21:34.0810 5348	HSF_DP - ok
09:21:34.0836 5348	HSXHWBS2        (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
09:21:34.0841 5348	HSXHWBS2 - ok
09:21:34.0880 5348	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
09:21:34.0888 5348	HTTP - ok
09:21:34.0914 5348	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
09:21:34.0927 5348	i2omp - ok
09:21:34.0960 5348	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
09:21:34.0962 5348	i8042prt - ok
09:21:34.0984 5348	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
09:21:35.0040 5348	iaStorV - ok
09:21:35.0148 5348	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:21:35.0219 5348	idsvc - ok
09:21:35.0305 5348	IDSvix86        (74f2b7d99b8613eac36edf22a2ab3b08) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20091111.001\IDSvix86.sys
09:21:35.0353 5348	IDSvix86 - ok
09:21:35.0453 5348	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
09:21:35.0467 5348	iirsp - ok
09:21:35.0515 5348	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
09:21:35.0525 5348	IKEEXT - ok
09:21:35.0645 5348	IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:\Windows\system32\drivers\RTKVHDA.sys
09:21:35.0682 5348	IntcAzAudAddService - ok
09:21:35.0777 5348	intelide        (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
09:21:35.0812 5348	intelide - ok
09:21:35.0862 5348	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
09:21:35.0866 5348	intelppm - ok
09:21:35.0893 5348	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
09:21:35.0898 5348	IPBusEnum - ok
09:21:35.0927 5348	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:21:35.0980 5348	IpFilterDriver - ok
09:21:36.0028 5348	iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
09:21:36.0035 5348	iphlpsvc - ok
09:21:36.0049 5348	IpInIp - ok
09:21:36.0064 5348	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
09:21:36.0079 5348	IPMIDRV - ok
09:21:36.0116 5348	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
09:21:36.0160 5348	IPNAT - ok
09:21:36.0305 5348	iPod Service    (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
09:21:36.0320 5348	iPod Service - ok
09:21:36.0360 5348	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
09:21:36.0398 5348	IRENUM - ok
09:21:36.0442 5348	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
09:21:36.0456 5348	isapnp - ok
09:21:36.0687 5348	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
09:21:36.0702 5348	iScsiPrt - ok
09:21:36.0719 5348	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
09:21:36.0755 5348	iteatapi - ok
09:21:36.0799 5348	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
09:21:36.0837 5348	iteraid - ok
09:21:36.0883 5348	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:21:36.0885 5348	kbdclass - ok
09:21:36.0919 5348	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
09:21:36.0954 5348	kbdhid - ok
09:21:36.0995 5348	KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
09:21:36.0997 5348	KeyIso - ok
09:21:37.0066 5348	KSecDD          (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
09:21:37.0073 5348	KSecDD - ok
09:21:37.0111 5348	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
09:21:37.0118 5348	KtmRm - ok
09:21:37.0156 5348	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
09:21:37.0160 5348	LanmanServer - ok
09:21:37.0224 5348	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
09:21:37.0230 5348	LanmanWorkstation - ok
09:21:37.0315 5348	LightScribeService (75ac54b996f7c8e17594ebc32b6614bd) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
09:21:37.0317 5348	LightScribeService - ok
09:21:37.0471 5348	LiveUpdate      (63ed50a6ed61829c2def5b733d258a05) c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
09:21:37.0493 5348	LiveUpdate - ok
09:21:37.0558 5348	LiveUpdate Notice (2f237aab91497aaa03af48eae68758fc) c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
09:21:37.0560 5348	LiveUpdate Notice - ok
09:21:37.0668 5348	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
09:21:37.0669 5348	lltdio - ok
09:21:37.0703 5348	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
09:21:37.0716 5348	lltdsvc - ok
09:21:37.0738 5348	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
09:21:37.0741 5348	lmhosts - ok
09:21:37.0774 5348	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
09:21:37.0784 5348	LSI_FC - ok
09:21:37.0797 5348	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
09:21:37.0831 5348	LSI_SAS - ok
09:21:37.0874 5348	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
09:21:37.0909 5348	LSI_SCSI - ok
09:21:37.0952 5348	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
09:21:37.0956 5348	luafv - ok
09:21:37.0997 5348	MarvinBus       (a3e700d78eec390f1208098cdca5c6b6) C:\Windows\system32\DRIVERS\MarvinBus.sys
09:21:38.0001 5348	MarvinBus - ok
09:21:38.0030 5348	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
09:21:38.0070 5348	Mcx2Svc - ok
09:21:38.0109 5348	mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:21:38.0111 5348	mdmxsdk - ok
09:21:38.0132 5348	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
09:21:38.0172 5348	megasas - ok
09:21:38.0209 5348	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
09:21:38.0214 5348	MMCSS - ok
09:21:38.0249 5348	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
09:21:38.0252 5348	Modem - ok
09:21:38.0290 5348	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
09:21:38.0293 5348	monitor - ok
09:21:38.0325 5348	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
09:21:38.0327 5348	mouclass - ok
09:21:38.0337 5348	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
09:21:38.0375 5348	mouhid - ok
09:21:38.0422 5348	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
09:21:38.0429 5348	MountMgr - ok
09:21:38.0483 5348	MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:21:38.0529 5348	MozillaMaintenance - ok
09:21:38.0572 5348	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
09:21:38.0584 5348	mpio - ok
09:21:38.0612 5348	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
09:21:38.0614 5348	mpsdrv - ok
09:21:38.0658 5348	MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
09:21:38.0697 5348	MpsSvc - ok
09:21:38.0730 5348	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
09:21:38.0790 5348	Mraid35x - ok
09:21:38.0835 5348	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
09:21:38.0838 5348	MRxDAV - ok
09:21:38.0882 5348	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:21:38.0885 5348	mrxsmb - ok
09:21:38.0927 5348	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:21:38.0932 5348	mrxsmb10 - ok
09:21:38.0946 5348	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:21:38.0948 5348	mrxsmb20 - ok
09:21:38.0971 5348	msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
09:21:39.0007 5348	msahci - ok
09:21:39.0037 5348	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
09:21:39.0073 5348	msdsm - ok
09:21:39.0117 5348	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
09:21:39.0163 5348	MSDTC - ok
09:21:39.0212 5348	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
09:21:39.0214 5348	Msfs - ok
09:21:39.0259 5348	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
09:21:39.0262 5348	msisadrv - ok
09:21:39.0301 5348	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
09:21:39.0351 5348	MSiSCSI - ok
09:21:39.0359 5348	msiserver - ok
09:21:39.0399 5348	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
09:21:39.0410 5348	MSKSSRV - ok
09:21:39.0442 5348	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
09:21:39.0452 5348	MSPCLOCK - ok
09:21:39.0462 5348	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
09:21:39.0474 5348	MSPQM - ok
09:21:39.0506 5348	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
09:21:39.0511 5348	MsRPC - ok
09:21:39.0529 5348	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
09:21:39.0532 5348	mssmbios - ok
09:21:39.0541 5348	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
09:21:39.0553 5348	MSTEE - ok
09:21:39.0570 5348	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
09:21:39.0573 5348	Mup - ok
09:21:39.0624 5348	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
09:21:39.0633 5348	napagent - ok
09:21:39.0671 5348	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
09:21:39.0724 5348	NativeWifiP - ok
09:21:39.0802 5348	NAVENG          (78d629767dbcdbb1ee888f4fda841acd) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20091123.005\NAVENG.SYS
09:21:39.0806 5348	NAVENG - ok
09:21:39.0872 5348	NAVEX15         (6176ce576509ee71bac1b61fc8f1f138) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20091123.005\NAVEX15.SYS
09:21:39.0908 5348	NAVEX15 - ok
09:21:40.0053 5348	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
09:21:40.0064 5348	NDIS - ok
09:21:40.0088 5348	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
09:21:40.0091 5348	NdisTapi - ok
09:21:40.0121 5348	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
09:21:40.0163 5348	Ndisuio - ok
09:21:40.0212 5348	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:21:40.0215 5348	NdisWan - ok
09:21:40.0250 5348	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
09:21:40.0253 5348	NDProxy - ok
09:21:40.0295 5348	NEOFLTR_700_16499 (f0724c800d53b7f494a6d063fcdf85d7) C:\Windows\system32\Drivers\NEOFLTR_700_16499.SYS
09:21:40.0335 5348	NEOFLTR_700_16499 - ok
09:21:40.0389 5348	Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
09:21:40.0392 5348	Net Driver HPZ12 - ok
09:21:40.0417 5348	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
09:21:40.0420 5348	NetBIOS - ok
09:21:40.0466 5348	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
09:21:40.0470 5348	netbt - ok
09:21:40.0503 5348	Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
09:21:40.0506 5348	Netlogon - ok
09:21:40.0543 5348	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
09:21:40.0551 5348	Netman - ok
09:21:40.0650 5348	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:21:40.0740 5348	NetMsmqActivator - ok
09:21:40.0746 5348	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:21:40.0752 5348	NetPipeActivator - ok
09:21:40.0804 5348	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
09:21:40.0826 5348	netprofm - ok
09:21:40.0835 5348	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:21:40.0840 5348	NetTcpActivator - ok
09:21:40.0846 5348	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:21:40.0853 5348	NetTcpPortSharing - ok
09:21:40.0876 5348	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
09:21:40.0889 5348	nfrd960 - ok
09:21:40.0908 5348	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
09:21:40.0912 5348	NlaSvc - ok
09:21:40.0942 5348	NPF             (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
09:21:40.0944 5348	NPF - ok
09:21:40.0972 5348	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
09:21:40.0975 5348	Npfs - ok
09:21:40.0999 5348	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
09:21:41.0003 5348	nsi - ok
09:21:41.0020 5348	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
09:21:41.0024 5348	nsiproxy - ok
09:21:41.0098 5348	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
09:21:41.0115 5348	Ntfs - ok
09:21:41.0130 5348	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
09:21:41.0138 5348	ntrigdigi - ok
09:21:41.0155 5348	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
09:21:41.0157 5348	Null - ok
09:21:41.0220 5348	NVENETFD        (b896fb556b4dc1e1d2943559ea79c5c5) C:\Windows\system32\DRIVERS\nvmfdx32.sys
09:21:41.0233 5348	NVENETFD - ok
09:21:41.0522 5348	nvlddmkm        (fbba09782f2fac5a57619df378ba9372) C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:21:41.0640 5348	nvlddmkm - ok
09:21:41.0760 5348	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
09:21:41.0799 5348	nvraid - ok
09:21:41.0834 5348	nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
09:21:41.0879 5348	nvstor - ok
09:21:41.0938 5348	nvsvc           (cf7769f13b3ecc5e2bf1b3d1c5831ae8) C:\Windows\system32\nvvsvc.exe
09:21:41.0944 5348	nvsvc - ok
09:21:41.0965 5348	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
09:21:42.0027 5348	nv_agp - ok
09:21:42.0034 5348	NwlnkFlt - ok
09:21:42.0047 5348	NwlnkFwd - ok
09:21:42.0112 5348	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
09:21:42.0115 5348	ohci1394 - ok
09:21:42.0171 5348	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
09:21:42.0186 5348	p2pimsvc - ok
09:21:42.0200 5348	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
09:21:42.0213 5348	p2psvc - ok
09:21:42.0240 5348	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
09:21:42.0280 5348	Parport - ok
09:21:42.0327 5348	partmgr         (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
09:21:42.0330 5348	partmgr - ok
09:21:42.0346 5348	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
09:21:42.0383 5348	Parvdm - ok
09:21:42.0438 5348	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
09:21:42.0445 5348	PcaSvc - ok
09:21:42.0551 5348	PCD5SRVC{BD6912E3-AC9D80E8-05040000} (0aad6f0a129ddf453b2f99ee0a495923) C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms
09:21:42.0586 5348	PCD5SRVC{BD6912E3-AC9D80E8-05040000} - ok
09:21:42.0628 5348	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
09:21:42.0631 5348	pci - ok
09:21:42.0650 5348	pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
09:21:42.0652 5348	pciide - ok
09:21:42.0696 5348	PCLEPCI         (1bebe7de8508a02650cdce45c664c2a2) C:\Windows\system32\drivers\pclepci.sys
09:21:42.0743 5348	PCLEPCI - ok
09:21:42.0796 5348	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
09:21:42.0808 5348	pcmcia - ok
09:21:42.0856 5348	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
09:21:42.0868 5348	PEAUTH - ok
09:21:42.0923 5348	PinnacleMarvinAVS (c463f4e36e7a90bed38483939adab014) C:\Windows\system32\DRIVERS\MarvinAVS.sys
09:21:42.0940 5348	PinnacleMarvinAVS - ok
09:21:42.0975 5348	PinnacleMarvinUsb (33f059df48cfa585d0292017546f3bfb) C:\Windows\system32\DRIVERS\MarvinUsb.sys
09:21:42.0993 5348	PinnacleMarvinUsb - ok
09:21:43.0063 5348	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
09:21:43.0086 5348	pla - ok
09:21:43.0219 5348	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
09:21:43.0249 5348	PlugPlay - ok
09:21:43.0283 5348	Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
09:21:43.0318 5348	Pml Driver HPZ12 - ok
09:21:43.0533 5348	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
09:21:43.0545 5348	PNRPAutoReg - ok
09:21:43.0565 5348	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
09:21:43.0576 5348	PNRPsvc - ok
09:21:43.0691 5348	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
09:21:43.0745 5348	PolicyAgent - ok
09:21:43.0976 5348	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
09:21:43.0979 5348	PptpMiniport - ok
09:21:44.0001 5348	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
09:21:44.0036 5348	Processor - ok
09:21:44.0093 5348	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
09:21:44.0099 5348	ProfSvc - ok
09:21:44.0127 5348	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
09:21:44.0130 5348	ProtectedStorage - ok
09:21:44.0167 5348	Ps2             (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
09:21:44.0168 5348	Ps2 - ok
09:21:44.0202 5348	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
09:21:44.0205 5348	PSched - ok
09:21:44.0265 5348	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
09:21:44.0338 5348	ql2300 - ok
09:21:44.0381 5348	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
09:21:44.0419 5348	ql40xx - ok
09:21:44.0471 5348	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
09:21:44.0479 5348	QWAVE - ok
09:21:44.0509 5348	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
09:21:44.0511 5348	QWAVEdrv - ok
09:21:44.0534 5348	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
09:21:44.0536 5348	RasAcd - ok
09:21:44.0570 5348	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
09:21:44.0576 5348	RasAuto - ok
09:21:44.0607 5348	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:21:44.0613 5348	Rasl2tp - ok
09:21:44.0666 5348	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
09:21:44.0675 5348	RasMan - ok
09:21:44.0710 5348	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
09:21:44.0713 5348	RasPppoe - ok
09:21:44.0730 5348	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
09:21:44.0733 5348	RasSstp - ok
09:21:44.0757 5348	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
09:21:44.0763 5348	rdbss - ok
09:21:44.0792 5348	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:21:44.0794 5348	RDPCDD - ok
09:21:44.0840 5348	rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
09:21:44.0878 5348	rdpdr - ok
09:21:44.0886 5348	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
09:21:44.0889 5348	RDPENCDD - ok
09:21:44.0953 5348	RDPWD           (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
09:21:44.0969 5348	RDPWD - ok
09:21:44.0998 5348	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
09:21:45.0004 5348	RemoteAccess - ok
09:21:45.0036 5348	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
09:21:45.0042 5348	RemoteRegistry - ok
09:21:45.0093 5348	rpcapd          (b60f58f175de20a6739194e85b035178) C:\Program Files\WinPcap\rpcapd.exe
09:21:45.0168 5348	rpcapd - ok
09:21:45.0216 5348	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
09:21:45.0220 5348	RpcLocator - ok
09:21:45.0281 5348	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll
09:21:45.0292 5348	RpcSs - ok
09:21:45.0317 5348	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
09:21:45.0320 5348	rspndr - ok
09:21:45.0341 5348	SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
09:21:45.0346 5348	SamSs - ok
09:21:45.0462 5348	SASDIFSV        (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:21:45.0471 5348	SASDIFSV - ok
09:21:45.0480 5348	SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
09:21:45.0494 5348	SASKUTIL - ok
09:21:45.0521 5348	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
09:21:45.0561 5348	sbp2port - ok
09:21:45.0616 5348	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
09:21:45.0625 5348	SCardSvr - ok
09:21:45.0689 5348	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
09:21:45.0705 5348	Schedule - ok
09:21:45.0732 5348	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
09:21:45.0734 5348	SCPolicySvc - ok
09:21:45.0775 5348	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
09:21:45.0781 5348	SDRSVC - ok
09:21:45.0800 5348	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:21:45.0802 5348	secdrv - ok
09:21:45.0843 5348	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
09:21:45.0847 5348	seclogon - ok
09:21:45.0868 5348	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
09:21:45.0873 5348	SENS - ok
09:21:45.0887 5348	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
09:21:45.0922 5348	Serenum - ok
09:21:46.0037 5348	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
09:21:46.0074 5348	Serial - ok
09:21:46.0113 5348	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
09:21:46.0147 5348	sermouse - ok
09:21:46.0230 5348	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
09:21:46.0235 5348	SessionEnv - ok
09:21:46.0247 5348	sffdisk         (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
09:21:46.0255 5348	sffdisk - ok
09:21:46.0271 5348	sffp_mmc        (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
09:21:46.0308 5348	sffp_mmc - ok
09:21:46.0338 5348	sffp_sd         (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
09:21:46.0345 5348	sffp_sd - ok
09:21:46.0351 5348	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
09:21:46.0362 5348	sfloppy - ok
09:21:46.0400 5348	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
09:21:46.0406 5348	SharedAccess - ok
09:21:46.0440 5348	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
09:21:46.0446 5348	ShellHWDetection - ok
09:21:46.0468 5348	sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
09:21:46.0524 5348	sisagp - ok
09:21:46.0531 5348	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
09:21:46.0559 5348	SiSRaid2 - ok
09:21:46.0590 5348	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
09:21:46.0625 5348	SiSRaid4 - ok
09:21:46.0737 5348	SkypeUpdate     (ea396139541706b4b433641d62ea53ce) C:\Program Files\Skype\Updater\Updater.exe
09:21:46.0739 5348	SkypeUpdate - ok
09:21:46.0896 5348	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
09:21:46.0949 5348	slsvc - ok
09:21:47.0046 5348	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
09:21:47.0050 5348	SLUINotify - ok
09:21:47.0103 5348	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
09:21:47.0105 5348	Smb - ok
09:21:47.0145 5348	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
09:21:47.0149 5348	SNMPTRAP - ok
09:21:47.0254 5348	SPBBCDrv        (dc4dc886d3779c446f9b0e9d6b006e72) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
09:21:47.0272 5348	SPBBCDrv - ok
09:21:47.0296 5348	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
09:21:47.0298 5348	spldr - ok
09:21:47.0348 5348	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
09:21:47.0355 5348	Spooler - ok
09:21:47.0485 5348	sprtsvc_ddoctorv2 (c3716ec0d36ad924b6888d794563e647) C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
09:21:47.0490 5348	sprtsvc_ddoctorv2 - ok
09:21:47.0521 5348	SRTSP           (655773f2f1a3730c6cf20280a49f4ee1) C:\Windows\system32\Drivers\SRTSP.SYS
09:21:47.0527 5348	SRTSP - ok
09:21:47.0556 5348	SRTSPL          (2a0aaf370d4c6574a34ae2f4a0709cae) C:\Windows\system32\Drivers\SRTSPL.SYS
09:21:47.0576 5348	SRTSPL - ok
09:21:47.0589 5348	SRTSPX          (3104bdceace2d5710776dd05e6a286c1) C:\Windows\system32\Drivers\SRTSPX.SYS
09:21:47.0592 5348	SRTSPX - ok
09:21:47.0635 5348	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
09:21:47.0642 5348	srv - ok
09:21:47.0666 5348	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
09:21:47.0671 5348	srv2 - ok
09:21:47.0690 5348	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
09:21:47.0694 5348	srvnet - ok
09:21:47.0725 5348	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
09:21:47.0733 5348	SSDPSRV - ok
09:21:47.0772 5348	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
09:21:47.0779 5348	SstpSvc - ok
09:21:47.0828 5348	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
09:21:47.0840 5348	stisvc - ok
09:21:47.0862 5348	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
09:21:47.0864 5348	swenum - ok
09:21:47.0913 5348	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
09:21:47.0923 5348	swprv - ok
09:21:48.0052 5348	Symantec Core LC (fa2f6a8849219b16460bf44f9d1f3aa7) C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
09:21:48.0073 5348	Symantec Core LC - ok
09:21:48.0172 5348	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
09:21:48.0209 5348	Symc8xx - ok
09:21:48.0263 5348	SYMDNS          (fe9f8b3a8bc22d85332b42e92308ddf9) C:\Windows\System32\Drivers\SYMDNS.SYS
09:21:48.0266 5348	SYMDNS - ok
09:21:48.0313 5348	SymEvent        (06b95820df51502099a8a15c93e87986) C:\Windows\system32\Drivers\SYMEVENT.SYS
09:21:48.0329 5348	SymEvent - ok
09:21:48.0347 5348	SYMFW           (a0ea9d273889e53cfaabf2444692ccbf) C:\Windows\System32\Drivers\SYMFW.SYS
09:21:48.0351 5348	SYMFW - ok
09:21:48.0387 5348	SymIM           (8eab28dd6cd25355b951ae460fa86b48) C:\Windows\system32\DRIVERS\SymIMv.sys
09:21:48.0389 5348	SymIM - ok
09:21:48.0397 5348	SymIMMP - ok
09:21:48.0428 5348	SYMNDISV        (c94eaca4b522012ee0691f1e79c42a7d) C:\Windows\System32\Drivers\SYMNDISV.SYS
09:21:48.0430 5348	SYMNDISV - ok
09:21:48.0446 5348	SYMREDRV        (7c6505ea598e58099d3b7e1f70426864) C:\Windows\System32\Drivers\SYMREDRV.SYS
09:21:48.0449 5348	SYMREDRV - ok
09:21:48.0469 5348	SYMTDI          (e6ff7ace71d07ca90119f2c6ab592ba4) C:\Windows\System32\Drivers\SYMTDI.SYS
09:21:48.0473 5348	SYMTDI - ok
09:21:48.0488 5348	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
09:21:48.0520 5348	Sym_hi - ok
09:21:48.0557 5348	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
09:21:48.0566 5348	Sym_u3 - ok
09:21:48.0617 5348	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
09:21:48.0630 5348	SysMain - ok
09:21:48.0660 5348	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
09:21:48.0664 5348	TabletInputService - ok
09:21:48.0711 5348	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
09:21:48.0717 5348	TapiSrv - ok
09:21:48.0738 5348	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
09:21:48.0742 5348	TBS - ok
09:21:48.0809 5348	Tcpip           (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
09:21:48.0822 5348	Tcpip - ok
09:21:48.0840 5348	Tcpip6          (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
09:21:48.0848 5348	Tcpip6 - ok
09:21:48.0865 5348	tcpipreg        (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
09:21:48.0868 5348	tcpipreg - ok
09:21:48.0894 5348	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
09:21:48.0902 5348	TDPIPE - ok
09:21:48.0917 5348	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
09:21:48.0926 5348	TDTCP - ok
09:21:48.0945 5348	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
09:21:48.0947 5348	tdx - ok
09:21:48.0980 5348	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
09:21:48.0982 5348	TermDD - ok
09:21:49.0030 5348	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
09:21:49.0039 5348	TermService - ok
09:21:49.0073 5348	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
09:21:49.0078 5348	Themes - ok
09:21:49.0091 5348	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
09:21:49.0095 5348	THREADORDER - ok
09:21:49.0112 5348	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
09:21:49.0116 5348	TrkWks - ok
09:21:49.0162 5348	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
09:21:49.0163 5348	TrustedInstaller - ok
09:21:49.0193 5348	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:21:49.0201 5348	tssecsrv - ok
09:21:49.0234 5348	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
09:21:49.0236 5348	tunmp - ok
09:21:49.0269 5348	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
09:21:49.0271 5348	tunnel - ok
09:21:49.0325 5348	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
09:21:49.0338 5348	uagp35 - ok
09:21:49.0356 5348	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
09:21:49.0457 5348	udfs - ok
09:21:49.0506 5348	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
09:21:49.0511 5348	UI0Detect - ok
09:21:49.0529 5348	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
09:21:49.0541 5348	uliagpkx - ok
09:21:49.0560 5348	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
09:21:49.0573 5348	uliahci - ok
09:21:49.0598 5348	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
09:21:49.0635 5348	UlSata - ok
09:21:49.0670 5348	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
09:21:49.0711 5348	ulsata2 - ok
09:21:49.0749 5348	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
09:21:49.0751 5348	umbus - ok
09:21:49.0793 5348	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
09:21:49.0800 5348	upnphost - ok
09:21:49.0858 5348	USBAAPL         (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
09:21:49.0891 5348	USBAAPL - ok
09:21:49.0935 5348	usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
09:21:49.0947 5348	usbaudio - ok
09:21:49.0977 5348	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
09:21:49.0979 5348	usbccgp - ok
09:21:50.0002 5348	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
09:21:50.0013 5348	usbcir - ok
09:21:50.0057 5348	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
09:21:50.0059 5348	usbehci - ok
09:21:50.0081 5348	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
09:21:50.0085 5348	usbhub - ok
09:21:50.0104 5348	usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
09:21:50.0106 5348	usbohci - ok
09:21:50.0127 5348	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
09:21:50.0130 5348	usbprint - ok
09:21:50.0161 5348	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
09:21:50.0163 5348	usbscan - ok
09:21:50.0182 5348	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:21:50.0185 5348	USBSTOR - ok
09:21:50.0199 5348	usbuhci         (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
09:21:50.0231 5348	usbuhci - ok
09:21:50.0312 5348	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
09:21:50.0364 5348	usbvideo - ok
09:21:50.0400 5348	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
09:21:50.0440 5348	UxSms - ok
09:21:50.0496 5348	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
09:21:50.0507 5348	vds - ok
09:21:50.0535 5348	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
09:21:50.0548 5348	vga - ok
09:21:50.0580 5348	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
09:21:50.0583 5348	VgaSave - ok
09:21:50.0600 5348	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
09:21:50.0615 5348	viaagp - ok
09:21:50.0638 5348	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
09:21:50.0651 5348	ViaC7 - ok
09:21:50.0668 5348	viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
09:21:50.0682 5348	viaide - ok
09:21:50.0721 5348	Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files\Viewpoint\Common\ViewpointService.exe
09:21:50.0723 5348	Viewpoint Manager Service - ok
09:21:50.0753 5348	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
09:21:50.0757 5348	volmgr - ok
09:21:50.0802 5348	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
09:21:50.0808 5348	volmgrx - ok
09:21:50.0850 5348	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
09:21:50.0856 5348	volsnap - ok
09:21:50.0916 5348	Vsdatant        (6983d0bcac64c2d7460c2125f804f118) C:\Windows\system32\DRIVERS\vsdatant.sys
09:21:50.0924 5348	Vsdatant - ok
09:21:50.0955 5348	vsmon - ok
09:21:50.0987 5348	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
09:21:51.0003 5348	vsmraid - ok
09:21:51.0077 5348	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
09:21:51.0099 5348	VSS - ok
09:21:51.0140 5348	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
09:21:51.0150 5348	W32Time - ok
09:21:51.0195 5348	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
09:21:51.0208 5348	WacomPen - ok
09:21:51.0239 5348	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:21:51.0242 5348	Wanarp - ok
09:21:51.0250 5348	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:21:51.0253 5348	Wanarpv6 - ok
09:21:51.0279 5348	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
09:21:51.0291 5348	wcncsvc - ok
09:21:51.0324 5348	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
09:21:51.0328 5348	WcsPlugInService - ok
09:21:51.0357 5348	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
09:21:51.0366 5348	Wd - ok
09:21:51.0414 5348	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
09:21:51.0421 5348	Wdf01000 - ok
09:21:51.0445 5348	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
09:21:51.0450 5348	WdiServiceHost - ok
09:21:51.0455 5348	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
09:21:51.0460 5348	WdiSystemHost - ok
09:21:51.0499 5348	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
09:21:51.0505 5348	WebClient - ok
09:21:51.0529 5348	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
09:21:51.0535 5348	Wecsvc - ok
09:21:51.0560 5348	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
09:21:51.0564 5348	wercplsupport - ok
09:21:51.0601 5348	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
09:21:51.0607 5348	WerSvc - ok
09:21:51.0667 5348	winachsf        (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
09:21:51.0676 5348	winachsf - ok
09:21:51.0739 5348	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
09:21:51.0759 5348	WinDefend - ok
09:21:51.0782 5348	WinHttpAutoProxySvc - ok
09:21:51.0838 5348	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
09:21:51.0842 5348	Winmgmt - ok
09:21:51.0915 5348	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
09:21:51.0936 5348	WinRM - ok
09:21:52.0026 5348	WinUSB          (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
09:21:52.0062 5348	WinUSB - ok
09:21:52.0125 5348	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
09:21:52.0140 5348	Wlansvc - ok
09:21:52.0367 5348	wlidsvc         (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:21:52.0393 5348	wlidsvc - ok
09:21:52.0562 5348	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:21:52.0564 5348	WmiAcpi - ok
09:21:52.0645 5348	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
09:21:52.0651 5348	wmiApSrv - ok
09:21:52.0928 5348	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
09:21:52.0943 5348	WMPNetworkSvc - ok
09:21:52.0999 5348	WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
09:21:53.0007 5348	WPCSvc - ok
09:21:53.0040 5348	WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
09:21:53.0047 5348	WPDBusEnum - ok
09:21:53.0101 5348	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
09:21:53.0115 5348	WpdUsb - ok
09:21:53.0232 5348	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:21:53.0246 5348	WPFFontCache_v0400 - ok
09:21:53.0274 5348	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
09:21:53.0307 5348	ws2ifsl - ok
09:21:53.0351 5348	wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
09:21:53.0358 5348	wscsvc - ok
09:21:53.0366 5348	WSearch - ok
09:21:53.0487 5348	wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
09:21:53.0517 5348	wuauserv - ok
09:21:53.0642 5348	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
09:21:53.0645 5348	WudfPf - ok
09:21:53.0681 5348	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:21:53.0684 5348	WUDFRd - ok
09:21:53.0710 5348	wudfsvc         (2c0206ff8d2c75ac027d1096fa2fafda) C:\Windows\System32\WUDFSvc.dll
09:21:53.0715 5348	wudfsvc - ok
09:21:53.0743 5348	XAudio          (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
09:21:53.0746 5348	XAudio - ok
09:21:53.0774 5348	XAudioService   (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
09:21:53.0780 5348	XAudioService - ok
09:21:54.0059 5348	ZuneNetworkSvc  (bcc62ed44d85236f802efccda3fba457) c:\Program Files\Zune\ZuneNss.exe
09:21:54.0184 5348	ZuneNetworkSvc - ok
09:21:54.0311 5348	ZuneWlanCfgSvc  (b10cc66b7947bb1a2a24ff563bf36021) c:\Windows\system32\ZuneWlanCfgSvc.exe
09:21:54.0376 5348	ZuneWlanCfgSvc - ok
09:21:54.0424 5348	MBR (0x1B8)     (81cd5ec01db0ce57edd853f82462ef27) \Device\Harddisk1\DR1
09:21:54.0653 5348	\Device\Harddisk1\DR1 - ok
09:21:54.0660 5348	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:21:54.0890 5348	\Device\Harddisk0\DR0 - ok
09:21:54.0896 5348	Boot (0x1200)   (f435ec24ee9e41e5d7adc952685c4ca0) \Device\Harddisk1\DR1\Partition0
09:21:54.0898 5348	\Device\Harddisk1\DR1\Partition0 - ok
09:21:54.0906 5348	Boot (0x1200)   (095f1936e61b69532ac130a179a973ce) \Device\Harddisk1\DR1\Partition1
09:21:54.0909 5348	\Device\Harddisk1\DR1\Partition1 - ok
09:21:54.0917 5348	Boot (0x1200)   (306dc0af56fd8aa9660e37573525686f) \Device\Harddisk0\DR0\Partition0
09:21:54.0920 5348	\Device\Harddisk0\DR0\Partition0 - ok
09:21:54.0922 5348	============================================================
09:21:54.0923 5348	Scan finished
09:21:54.0923 5348	============================================================
09:21:54.0956 5404	Detected object count: 0
09:21:54.0956 5404	Actual detected object count: 0

And the other:

C:\Users\Aimee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\5f9c7fbd-2a778186	multiple threats	deleted - quarantined

#7 boopme

boopme

    To Insanity and Beyond

  • Global Moderator
  • PipPipPipPipPipPip
  • 55,329 posts
  • Gender:Male
  • Location:NJ USA

Posted 03 August 2012 - 08:15 PM

So it's runnning well now?

Your HOSTS file may be infected.
Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the prompts in the Fix it wizard.
I don't know what you get from using,µTorrent but I so know it usually carries malware in the downloads. I am just letting you know in case you are unaware.



I see you run 2 AV's Norton and AVG. This can cause a lot of slowness. Ome needs to be removed.
Also remove your older Java versions. Version Number: 7.0. Update 5 is the latest..
Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#8 ElectroSpecter

ElectroSpecter

    New Member

  • Members
  • Pip
  • 12 posts

Posted 04 August 2012 - 07:51 AM

Yes, my system is running fine now, thank you! I've done everything you suggested in the most recent post.

One thing though, I reset my HOSTS file, which is good, but I had it configured so that I had almost no ads anywhere on any site. I did this a while ago, and now I don't remember where I found this HOSTS file, but it was very useful (I think someone on this site pointed me to it).

EDIT: Ah, nevermind, I found it again.

Edited by ElectroSpecter, 04 August 2012 - 07:58 AM.

#9 boopme

boopme

    To Insanity and Beyond

  • Global Moderator
  • PipPipPipPipPipPip
  • 55,329 posts
  • Gender:Male
  • Location:NJ USA

Posted 05 August 2012 - 01:30 PM

You're welcome,
Some Good Hosts file info,see post 11
http://www.bleepingcomputer.com/forums/topic282250.html#entry1568093


If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#10 ElectroSpecter

ElectroSpecter

    New Member

  • Members
  • Pip
  • 12 posts

Posted 05 August 2012 - 08:24 PM

Everything seems to be working fine except for one thing: Pre-infection, I used to be able to play and stream videos (from sites like YouTube and Twitch.tv) in 720p without noticing much choppiness, if at all. Now my computer seems to have a difficult time, particularly in full-screen. Is there something I can do to increase the performance here?

Edited by ElectroSpecter, 05 August 2012 - 08:24 PM.

#11 boopme

boopme

    To Insanity and Beyond

  • Global Moderator
  • PipPipPipPipPipPip
  • 55,329 posts
  • Gender:Male
  • Location:NJ USA

Posted 06 August 2012 - 09:55 PM

I am not certain if it's just spottiness after all the removals in the graphic/video areas and it may normalize after a few revisits.
You may have to reinstall Twitch.tv

Lets also do another Rootkit scan


Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#12 ElectroSpecter

ElectroSpecter

    New Member

  • Members
  • Pip
  • 12 posts

Posted 07 August 2012 - 06:40 AM

I have better information concerning my connection issues: Speedtest.net has shown me in the past that my download speeds ranged from 27-35 Mb/s. Now it's down to around 3.5 Mb/s, which is presumably why I can't stream videos quite as well.

And here's the log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-07 07:32:55
-----------------------------
07:32:55.986    OS Version: Windows 6.0.6002 Service Pack 2
07:32:55.986    Number of processors: 2 586 0xF0D
07:32:56.001    ComputerName: AIMEE-PC  UserName: Aimee
07:32:57.405    Initialize success
07:33:01.251    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-6
07:33:01.266    Disk 0 Vendor: WDC_WD3200AAKS-00B3A0 01.03A01 Size: 305245MB BusType: 3
07:33:01.266    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3
07:33:01.266    Disk 1 Vendor: Hitachi_HDP725050GLA360 GM4OA57A Size: 476940MB BusType: 3
07:33:01.298    Disk 1 MBR read successfully
07:33:01.298    Disk 1 MBR scan
07:33:01.313    Disk 1 unknown MBR code
07:33:01.313    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS       467155 MB offset 63
07:33:01.344    Disk 1 Partition 2 00     07    HPFS/NTFS NTFS         9781 MB offset 956735010
07:33:01.360    Disk 1 scanning sectors +976768065
07:33:01.422    Disk 1 scanning C:\Windows\system32\drivers
07:33:08.832    Service scanning
07:33:25.774    Modules scanning
07:34:17.114    Disk 1 trace - called modules:
07:34:17.129    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
07:34:17.145    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x85cab6c8]
07:34:17.145    3 CLASSPNP.SYS[883a08b3] -> nt!IofCallDriver -> [0x85415918]
07:34:17.160    5 acpi.sys[806966bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x84a7cb98]
07:34:17.176    Scan finished successfully
07:35:27.485    Disk 1 MBR has been saved successfully to "C:\Users\Aimee\Desktop\MBR.dat"
07:35:27.485    The log file has been saved successfully to "C:\Users\Aimee\Desktop\aswMBR.txt"

#13 boopme

boopme

    To Insanity and Beyond

  • Global Moderator
  • PipPipPipPipPipPip
  • 55,329 posts
  • Gender:Male
  • Location:NJ USA

Posted 07 August 2012 - 09:10 PM

Thats clean.. maybe you need to call your ISP and ask about the speed.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security
Back to Am I infected? What do I do?


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Am I infected? What do I do?
  4. Privacy Policy
  5. Rules ·