Jump to content


 

Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firewall & Automatic Update Won't Turn On: Afraid I Have A Virus

Started by leo86iii , Aug 25 2012 06:13 PM

  • Please log in to reply
11 replies to this topic

#1 leo86iii

leo86iii

    Member

  • Members
  • PipPip
  • 27 posts

Posted 25 August 2012 - 06:13 PM

Hi all. I'm a new member here and repeated Google searches have led me to this forum so I decided to join and start a topic about my problem.

About two weeks ago I turned on my computer and a bubble in the bottom right corner popped up letting me know that my firewall was turned off. I clicked on the bubble which took me to the Windows Security Center and I tried to turn on the firewall manually but received the following error:

<a href="http://tinypic.com?ref=5anl9v" target="_blank"><img src="http://i49.tinypic.com/5anl9v.jpg" border="0" alt="Image and video hosting by TinyPic"></a>

I turned my computer off and about two days later the bubble popped back up telling me that both my firewall AND automatic updates were off. Again I tried to fix the issues manually but it didn't work. I ran my anti-virus (AVG 2012), but it came back with no infections. I next did a Google Search for my problem and tried several of the answers that I saw including downloading and running Malwaybytes AntiMalware in Safe Mode with Networking and doing a System Restore. I ran System Restore about 5 or 6 times and each time received this message: "Error: "SYSTEM RESTORE Restoration Incomplete Your Computer cannot be restored". (Sorry I didn't screenshot)

Now my computer is running slower than usual and freezing and I'm pretty much convinced that I have a virus that I wasn't able to locate. I'm kindly asking for any assistance with this issue. Thanks in advance to all.

 

  • BC Ads
  • BleepingComputer.com

#2 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 25 August 2012 - 06:14 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 leo86iii

leo86iii

    Member

  • Members
  • PipPip
  • 27 posts

Posted 26 August 2012 - 09:52 AM

Thanks for the fast reply narenxp. Here are the results:

TDSSkiller

19:20:22.0823 4804 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
19:20:23.0182 4804 ============================================================
19:20:23.0182 4804 Current date / time: 2012/08/25 19:20:23.0182
19:20:23.0182 4804 SystemInfo:
19:20:23.0182 4804
19:20:23.0182 4804 OS Version: 5.1.2600 ServicePack: 3.0
19:20:23.0182 4804 Product type: Workstation
19:20:23.0182 4804 ComputerName: JOANN
19:20:23.0182 4804 UserName: Tiffany Stembridge
19:20:23.0182 4804 Windows directory: C:\WINDOWS
19:20:23.0182 4804 System windows directory: C:\WINDOWS
19:20:23.0182 4804 Processor architecture: Intel x86
19:20:23.0182 4804 Number of processors: 2
19:20:23.0182 4804 Page size: 0x1000
19:20:23.0182 4804 Boot type: Normal boot
19:20:23.0182 4804 ============================================================
19:20:26.0401 4804 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:20:26.0432 4804 ============================================================
19:20:26.0432 4804 \Device\Harddisk0\DR0:
19:20:26.0432 4804 MBR partitions:
19:20:26.0432 4804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x234C9, BlocksNum 0xD623759
19:20:26.0432 4804 ============================================================
19:20:26.0479 4804 C: <-> \Device\Harddisk0\DR0\Partition1
19:20:26.0479 4804 ============================================================
19:20:26.0479 4804 Initialize success
19:20:26.0479 4804 ============================================================
19:20:50.0120 4988 ============================================================
19:20:50.0120 4988 Scan started
19:20:50.0120 4988 Mode: Manual; TDLFS;
19:20:50.0120 4988 ============================================================
19:20:51.0760 4988 ================ Scan system memory ========================
19:20:51.0776 4988 System memory - ok
19:20:51.0776 4988 ================ Scan services =============================
19:20:51.0964 4988 Abiosdsk - ok
19:20:52.0010 4988 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
19:20:52.0010 4988 abp480n5 - ok
19:20:52.0089 4988 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:20:52.0089 4988 ACPI - ok
19:20:52.0104 4988 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:20:52.0120 4988 ACPIEC - ok
19:20:52.0167 4988 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:20:52.0167 4988 adpu160m - ok
19:20:52.0214 4988 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:20:52.0214 4988 aec - ok
19:20:52.0292 4988 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:20:52.0307 4988 AFD - ok
19:20:52.0339 4988 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
19:20:52.0339 4988 agp440 - ok
19:20:52.0354 4988 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
19:20:52.0354 4988 agpCPQ - ok
19:20:52.0370 4988 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
19:20:52.0385 4988 Aha154x - ok
19:20:52.0401 4988 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:20:52.0401 4988 aic78u2 - ok
19:20:52.0417 4988 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:20:52.0417 4988 aic78xx - ok
19:20:52.0448 4988 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:20:52.0448 4988 Alerter - ok
19:20:52.0495 4988 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:20:52.0495 4988 ALG - ok
19:20:52.0526 4988 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
19:20:52.0542 4988 AliIde - ok
19:20:52.0557 4988 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
19:20:52.0557 4988 alim1541 - ok
19:20:52.0573 4988 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
19:20:52.0573 4988 amdagp - ok
19:20:52.0635 4988 [ EFBB0956BAED786E137351B5CA272AEF ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
19:20:52.0651 4988 AmdK8 - ok
19:20:52.0698 4988 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
19:20:52.0698 4988 amsint - ok
19:20:52.0823 4988 [ 85180CF88C5EBAD73B452A43A004CA51 ] AOL ACS C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
19:20:52.0839 4988 AOL ACS - ok
19:20:52.0917 4988 [ 7FB54900AA9792AB6307C699EC1859D4 ] AOL TopSpeedMonitor C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
19:20:52.0964 4988 AOL TopSpeedMonitor - ok
19:20:53.0026 4988 [ EC94E05B76D033B74394E7B2175103CF ] APPDRV C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
19:20:53.0323 4988 APPDRV - ok
19:20:53.0385 4988 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
19:20:53.0417 4988 AppMgmt - ok
19:20:53.0479 4988 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
19:20:53.0479 4988 asc - ok
19:20:53.0495 4988 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
19:20:53.0495 4988 asc3350p - ok
19:20:53.0510 4988 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
19:20:53.0526 4988 asc3550 - ok
19:20:53.0682 4988 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:20:53.0714 4988 aspnet_state - ok
19:20:53.0776 4988 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:20:53.0776 4988 AsyncMac - ok
19:20:53.0807 4988 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:20:53.0807 4988 atapi - ok
19:20:53.0823 4988 Atdisk - ok
19:20:53.0901 4988 [ 3DE89D7A2BF4E1880DF6A7E5AB8F97E1 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
19:20:53.0917 4988 Ati HotKey Poller - ok
19:20:54.0073 4988 [ 9E050C4E49A26FF181B70BEC61AE048E ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:20:54.0135 4988 ati2mtag - ok
19:20:54.0198 4988 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:20:54.0198 4988 Atmarpc - ok
19:20:54.0276 4988 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:20:54.0276 4988 AudioSrv - ok
19:20:54.0307 4988 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:20:54.0307 4988 audstub - ok
19:20:54.0729 4988 [ D67719BCFDE5798F5C30D14EFED3BCAF ] AVGIDSAgent C:\Program Files\AVG\AVG2012\avgidsagent.exe
19:20:55.0042 4988 AVGIDSAgent - ok
19:20:55.0104 4988 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
19:20:55.0104 4988 AVGIDSDriver - ok
19:20:55.0120 4988 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
19:20:55.0120 4988 AVGIDSFilter - ok
19:20:55.0151 4988 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
19:20:55.0151 4988 AVGIDSHX - ok
19:20:55.0167 4988 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
19:20:55.0167 4988 AVGIDSShim - ok
19:20:55.0245 4988 [ DDA6A2A18841E4C9172BB85958B8D948 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
19:20:55.0245 4988 Avgldx86 - ok
19:20:55.0276 4988 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
19:20:55.0276 4988 Avgmfx86 - ok
19:20:55.0292 4988 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
19:20:55.0292 4988 Avgrkx86 - ok
19:20:55.0339 4988 [ 1263F2554ACE925C237A40B4C568D815 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
19:20:55.0339 4988 Avgtdix - ok
19:20:55.0401 4988 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
19:20:55.0401 4988 avgwd - ok
19:20:55.0495 4988 [ 30D20FC98BCFD52E1DA778CF19B223D4 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
19:20:55.0495 4988 BCM43XX - ok
19:20:55.0557 4988 [ 6489310D11971F6BA6C7F49BE0BAF6E0 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
19:20:55.0557 4988 bcm4sbxp - ok
19:20:55.0620 4988 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:20:55.0620 4988 Beep - ok
19:20:55.0667 4988 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
19:20:55.0682 4988 Browser - ok
19:20:55.0714 4988 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
19:20:55.0714 4988 cbidf - ok
19:20:55.0714 4988 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:20:55.0714 4988 cbidf2k - ok
19:20:55.0729 4988 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
19:20:55.0729 4988 cd20xrnt - ok
19:20:55.0729 4988 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:20:55.0729 4988 Cdaudio - ok
19:20:55.0792 4988 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:20:55.0792 4988 Cdfs - ok
19:20:55.0807 4988 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:20:55.0807 4988 Cdrom - ok
19:20:55.0823 4988 Changer - ok
19:20:55.0870 4988 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:20:55.0870 4988 CiSvc - ok
19:20:55.0901 4988 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:20:55.0901 4988 ClipSrv - ok
19:20:55.0932 4988 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:20:55.0948 4988 clr_optimization_v2.0.50727_32 - ok
19:20:56.0042 4988 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:20:56.0135 4988 clr_optimization_v4.0.30319_32 - ok
19:20:56.0198 4988 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:20:56.0198 4988 CmBatt - ok
19:20:56.0229 4988 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
19:20:56.0229 4988 CmdIde - ok
19:20:56.0260 4988 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:20:56.0260 4988 Compbatt - ok
19:20:56.0276 4988 COMSysApp - ok
19:20:56.0292 4988 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
19:20:56.0292 4988 Cpqarray - ok
19:20:56.0339 4988 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:20:56.0354 4988 CryptSvc - ok
19:20:56.0370 4988 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
19:20:56.0370 4988 dac2w2k - ok
19:20:56.0401 4988 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
19:20:56.0401 4988 dac960nt - ok
19:20:56.0479 4988 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:20:56.0495 4988 DcomLaunch - ok
19:20:56.0557 4988 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:20:56.0573 4988 Dhcp - ok
19:20:56.0589 4988 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:20:56.0589 4988 Disk - ok
19:20:56.0667 4988 [ E2D0DE31442390C35E3163C87CB6A9EB ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
19:20:56.0932 4988 DLABOIOM - ok
19:20:56.0995 4988 [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
19:20:56.0995 4988 DLACDBHM - ok
19:20:57.0026 4988 [ 83545593E297F50A8E2524B4C071A153 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
19:20:57.0307 4988 DLADResN - ok
19:20:57.0354 4988 [ 96E01D901CDC98C7817155CC057001BF ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
19:20:57.0698 4988 DLAIFS_M - ok
19:20:57.0729 4988 [ 0A60A39CC5E767980A31CA5D7238DFA9 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
19:20:58.0026 4988 DLAOPIOM - ok
19:20:58.0057 4988 [ 9FE2B72558FC808357F427FD83314375 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
19:20:58.0370 4988 DLAPoolM - ok
19:20:58.0401 4988 [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
19:20:58.0401 4988 DLARTL_N - ok
19:20:58.0479 4988 [ F08E1DAFAC457893399E03430A6A1397 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
19:20:58.0823 4988 DLAUDFAM - ok
19:20:58.0839 4988 [ E7D105ED1E694449D444A9933DF8E060 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
19:20:59.0104 4988 DLAUDF_M - ok
19:20:59.0120 4988 dlcx_device - ok
19:20:59.0135 4988 dmadmin - ok
19:20:59.0229 4988 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:20:59.0245 4988 dmboot - ok
19:20:59.0292 4988 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:20:59.0292 4988 dmio - ok
19:20:59.0354 4988 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:20:59.0354 4988 dmload - ok
19:20:59.0386 4988 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:20:59.0386 4988 dmserver - ok
19:20:59.0448 4988 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:20:59.0448 4988 DMusic - ok
19:20:59.0511 4988 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:20:59.0511 4988 Dnscache - ok
19:20:59.0604 4988 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:20:59.0620 4988 Dot3svc - ok
19:20:59.0667 4988 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
19:20:59.0667 4988 dpti2o - ok
19:20:59.0714 4988 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:20:59.0714 4988 drmkaud - ok
19:20:59.0729 4988 [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
19:20:59.0745 4988 DRVMCDB - ok
19:20:59.0761 4988 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
19:20:59.0761 4988 DRVNDDM - ok
19:20:59.0870 4988 [ 2AC2372FFAD9ADC85672CC8E8AE14BE9 ] DSproct C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
19:20:59.0901 4988 DSproct - ok
19:20:59.0932 4988 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:20:59.0948 4988 E100B - ok
19:20:59.0979 4988 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:20:59.0979 4988 EapHost - ok
19:21:00.0073 4988 [ D039A0C347632622934906BD59A4E1EA ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
19:21:00.0120 4988 ehRecvr - ok
19:21:00.0167 4988 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
19:21:00.0182 4988 ehSched - ok
19:21:00.0229 4988 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:21:00.0229 4988 ERSvc - ok
19:21:00.0292 4988 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:21:00.0307 4988 Eventlog - ok
19:21:00.0386 4988 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
19:21:00.0401 4988 EventSystem - ok
19:21:00.0464 4988 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:21:00.0495 4988 Fastfat - ok
19:21:00.0557 4988 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:21:00.0573 4988 FastUserSwitchingCompatibility - ok
19:21:00.0651 4988 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
19:21:00.0651 4988 Fax - ok
19:21:00.0698 4988 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:21:00.0698 4988 Fdc - ok
19:21:00.0745 4988 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:21:00.0745 4988 Fips - ok
19:21:00.0792 4988 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:21:00.0792 4988 Flpydisk - ok
19:21:00.0854 4988 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:21:00.0870 4988 FltMgr - ok
19:21:00.0948 4988 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:21:00.0948 4988 FontCache3.0.0.0 - ok
19:21:00.0995 4988 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:21:00.0995 4988 Fs_Rec - ok
19:21:01.0011 4988 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:21:01.0026 4988 Ftdisk - ok
19:21:01.0089 4988 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:21:01.0089 4988 Gpc - ok
19:21:01.0120 4988 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:21:01.0120 4988 HDAudBus - ok
19:21:01.0229 4988 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:21:01.0245 4988 helpsvc - ok
19:21:01.0245 4988 HidServ - ok
19:21:01.0292 4988 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:21:01.0292 4988 HidUsb - ok
19:21:01.0386 4988 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:21:01.0386 4988 hkmsvc - ok
19:21:01.0417 4988 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
19:21:01.0432 4988 hpn - ok
19:21:01.0526 4988 [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
19:21:01.0573 4988 HSF_DPV - ok
19:21:01.0620 4988 [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
19:21:01.0636 4988 HSXHWAZL - ok
19:21:01.0698 4988 [ CBD09ED9CF6822177EE85AEA4D8816A2 ] HTCAND32 C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
19:21:01.0698 4988 HTCAND32 - ok
19:21:01.0745 4988 [ 04E3B3554076B8192A668EFE88A682A1 ] htcnprot C:\WINDOWS\system32\DRIVERS\htcnprot.sys
19:21:01.0761 4988 htcnprot - ok
19:21:01.0839 4988 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:21:01.0854 4988 HTTP - ok
19:21:01.0917 4988 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:21:01.0932 4988 HTTPFilter - ok
19:21:01.0979 4988 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
19:21:01.0979 4988 i2omgmt - ok
19:21:02.0011 4988 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
19:21:02.0026 4988 i2omp - ok
19:21:02.0073 4988 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:21:02.0073 4988 i8042prt - ok
19:21:02.0229 4988 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:21:02.0261 4988 idsvc - ok
19:21:02.0386 4988 [ 5CAB9D1AB5C9384D28DFF89DBE7A72BB ] IHA_MessageCenter C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
19:21:02.0448 4988 IHA_MessageCenter - ok
19:21:02.0495 4988 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:21:02.0495 4988 Imapi - ok
19:21:02.0557 4988 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:21:02.0557 4988 ImapiService - ok
19:21:02.0620 4988 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
19:21:02.0620 4988 ini910u - ok
19:21:02.0651 4988 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
19:21:02.0651 4988 IntelIde - ok
19:21:02.0698 4988 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:21:02.0714 4988 intelppm - ok
19:21:02.0761 4988 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:21:02.0761 4988 Ip6Fw - ok
19:21:02.0807 4988 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:21:02.0807 4988 IpFilterDriver - ok
19:21:02.0839 4988 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:21:02.0839 4988 IpInIp - ok
19:21:02.0901 4988 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:21:02.0901 4988 IpNat - ok
19:21:02.0979 4988 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:21:02.0995 4988 IPSec - ok
19:21:03.0026 4988 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:21:03.0026 4988 IRENUM - ok
19:21:03.0057 4988 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:21:03.0073 4988 isapnp - ok
19:21:03.0276 4988 [ 9A337AE3DB478034A7839E753BBFF1AB ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
19:21:03.0276 4988 JavaQuickStarterService - ok
19:21:03.0292 4988 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:21:03.0292 4988 Kbdclass - ok
19:21:03.0323 4988 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:21:03.0339 4988 kmixer - ok
19:21:03.0370 4988 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:21:03.0370 4988 KSecDD - ok
19:21:03.0417 4988 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:21:03.0448 4988 lanmanserver - ok
19:21:03.0495 4988 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:21:03.0526 4988 lanmanworkstation - ok
19:21:03.0542 4988 lbrtfdc - ok
19:21:03.0604 4988 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:21:03.0620 4988 LmHosts - ok
19:21:03.0682 4988 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
19:21:03.0682 4988 McrdSvc - ok
19:21:03.0776 4988 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
19:21:03.0792 4988 MDM - ok
19:21:03.0807 4988 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:21:03.0807 4988 mdmxsdk - ok
19:21:03.0839 4988 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:21:03.0854 4988 Messenger - ok
19:21:03.0901 4988 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
19:21:03.0932 4988 MHN - ok
19:21:03.0964 4988 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
19:21:03.0964 4988 MHNDRV - ok
19:21:03.0995 4988 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:21:04.0011 4988 mnmdd - ok
19:21:04.0057 4988 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:21:04.0057 4988 mnmsrvc - ok
19:21:04.0136 4988 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:21:04.0136 4988 Modem - ok
19:21:04.0151 4988 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:21:04.0151 4988 Mouclass - ok
19:21:04.0198 4988 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:21:04.0198 4988 mouhid - ok
19:21:04.0229 4988 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:21:04.0245 4988 MountMgr - ok
19:21:04.0307 4988 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:21:04.0307 4988 MozillaMaintenance - ok
19:21:04.0339 4988 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
19:21:04.0339 4988 mraid35x - ok
19:21:04.0386 4988 MREMP50 - ok
19:21:04.0386 4988 MREMPR5 - ok
19:21:04.0401 4988 MRENDIS5 - ok
19:21:04.0417 4988 MRESP50 - ok
19:21:04.0448 4988 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:21:04.0448 4988 MRxDAV - ok
19:21:04.0526 4988 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:21:04.0542 4988 MRxSmb - ok
19:21:04.0604 4988 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:21:04.0620 4988 MSDTC - ok
19:21:04.0636 4988 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:21:04.0636 4988 Msfs - ok
19:21:04.0651 4988 MSIServer - ok
19:21:04.0682 4988 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:21:04.0698 4988 MSKSSRV - ok
19:21:04.0714 4988 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:21:04.0729 4988 MSPCLOCK - ok
19:21:04.0745 4988 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:21:04.0745 4988 MSPQM - ok
19:21:04.0792 4988 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:21:04.0792 4988 mssmbios - ok
19:21:05.0417 4988 [ 751961E128DBCC7A32304339C4BDEFF0 ] MSSQL$MICROSOFTSMLBIZ C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
19:21:05.0870 4988 MSSQL$MICROSOFTSMLBIZ - ok
19:21:05.0979 4988 [ 1D1B22613EAB9287AF902398867BC93C ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
19:21:05.0979 4988 MSSQLServerADHelper - ok
19:21:06.0042 4988 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:21:06.0042 4988 Mup - ok
19:21:06.0120 4988 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:21:06.0136 4988 napagent - ok
19:21:06.0182 4988 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:21:06.0182 4988 NDIS - ok
19:21:06.0276 4988 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:21:06.0307 4988 NdisTapi - ok
19:21:06.0339 4988 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:21:06.0354 4988 Ndisuio - ok
19:21:06.0370 4988 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:21:06.0386 4988 NdisWan - ok
19:21:06.0432 4988 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:21:06.0448 4988 NDProxy - ok
19:21:06.0464 4988 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:21:06.0464 4988 NetBIOS - ok
19:21:06.0495 4988 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:21:06.0511 4988 NetBT - ok
19:21:06.0573 4988 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:21:06.0589 4988 NetDDE - ok
19:21:06.0589 4988 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:21:06.0604 4988 NetDDEdsdm - ok
19:21:06.0636 4988 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:21:06.0651 4988 Netlogon - ok
19:21:06.0682 4988 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:21:06.0682 4988 Netman - ok
19:21:06.0761 4988 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:21:06.0761 4988 NetTcpPortSharing - ok
19:21:06.0886 4988 [ 9B38622DF6506AC70D4C509ACB0E7365 ] NICCONFIGSVC C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
19:21:07.0464 4988 NICCONFIGSVC - ok
19:21:07.0511 4988 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
19:21:07.0526 4988 Nla - ok
19:21:07.0573 4988 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:21:07.0573 4988 Npfs - ok
19:21:07.0604 4988 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:21:07.0620 4988 Ntfs - ok
19:21:07.0651 4988 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:21:07.0651 4988 NtLmSsp - ok
19:21:07.0761 4988 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:21:07.0776 4988 NtmsSvc - ok
19:21:07.0839 4988 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:21:07.0839 4988 Null - ok
19:21:07.0979 4988 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:21:08.0026 4988 nv - ok
19:21:08.0057 4988 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:21:08.0057 4988 NwlnkFlt - ok
19:21:08.0089 4988 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:21:08.0104 4988 NwlnkFwd - ok
19:21:08.0151 4988 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:21:08.0167 4988 ose - ok
19:21:08.0214 4988 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:21:08.0229 4988 Parport - ok
19:21:08.0261 4988 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:21:08.0261 4988 PartMgr - ok
19:21:08.0292 4988 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:21:08.0292 4988 ParVdm - ok
19:21:08.0339 4988 [ A1E779A0CF7A21B42E8FD3E8856D8481 ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
19:21:08.0917 4988 PassThru Service - ok
19:21:08.0979 4988 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:21:08.0979 4988 PCI - ok
19:21:08.0995 4988 PCIDump - ok
19:21:09.0042 4988 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:21:09.0042 4988 PCIIde - ok
19:21:09.0136 4988 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:21:09.0136 4988 Pcmcia - ok
19:21:09.0151 4988 PDCOMP - ok
19:21:09.0167 4988 PDFRAME - ok
19:21:09.0183 4988 PDRELI - ok
19:21:09.0183 4988 PDRFRAME - ok
19:21:09.0229 4988 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
19:21:09.0229 4988 perc2 - ok
19:21:09.0245 4988 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
19:21:09.0245 4988 perc2hib - ok
19:21:09.0323 4988 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
19:21:09.0323 4988 PlugPlay - ok
19:21:09.0323 4988 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:21:09.0323 4988 PolicyAgent - ok
19:21:09.0339 4988 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:21:09.0354 4988 PptpMiniport - ok
19:21:09.0370 4988 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
19:21:09.0370 4988 Processor - ok
19:21:09.0370 4988 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:21:09.0370 4988 ProtectedStorage - ok
19:21:09.0386 4988 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:21:09.0386 4988 PSched - ok
19:21:09.0386 4988 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:21:09.0401 4988 Ptilink - ok
19:21:09.0448 4988 [ 86724469CD077901706854974CD13C3E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:21:09.0479 4988 PxHelp20 - ok
19:21:09.0526 4988 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
19:21:09.0526 4988 ql1080 - ok
19:21:09.0542 4988 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
19:21:09.0542 4988 Ql10wnt - ok
19:21:09.0573 4988 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
19:21:09.0573 4988 ql12160 - ok
19:21:09.0589 4988 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
19:21:09.0589 4988 ql1240 - ok
19:21:09.0589 4988 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
19:21:09.0589 4988 ql1280 - ok
19:21:09.0620 4988 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:21:09.0620 4988 RasAcd - ok
19:21:09.0683 4988 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:21:09.0698 4988 RasAuto - ok
19:21:09.0729 4988 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:21:09.0729 4988 Rasl2tp - ok
19:21:09.0823 4988 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:21:09.0823 4988 RasMan - ok
19:21:09.0823 4988 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:21:09.0839 4988 RasPppoe - ok
19:21:09.0854 4988 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:21:09.0854 4988 Raspti - ok
19:21:09.0886 4988 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:21:09.0886 4988 Rdbss - ok
19:21:09.0886 4988 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:21:09.0886 4988 RDPCDD - ok
19:21:09.0901 4988 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:21:09.0917 4988 rdpdr - ok
19:21:09.0948 4988 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:21:09.0964 4988 RDPWD - ok
19:21:09.0995 4988 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:21:09.0995 4988 RDSessMgr - ok
19:21:10.0026 4988 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:21:10.0026 4988 redbook - ok
19:21:10.0073 4988 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:21:10.0089 4988 RemoteAccess - ok
19:21:10.0104 4988 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
19:21:10.0120 4988 RemoteRegistry - ok
19:21:10.0167 4988 [ 24ED7AF20651F9FA1F249482E7C1F165 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
19:21:10.0167 4988 rimmptsk - ok
19:21:10.0229 4988 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
19:21:10.0229 4988 RpcLocator - ok
19:21:10.0308 4988 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
19:21:10.0323 4988 RpcSs - ok
19:21:10.0323 4988 RPSKT - ok
19:21:10.0370 4988 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:21:10.0370 4988 RSVP - ok
19:21:10.0433 4988 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
19:21:10.0433 4988 SamSs - ok
19:21:10.0448 4988 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:21:10.0464 4988 SCardSvr - ok
19:21:10.0495 4988 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:21:10.0511 4988 Schedule - ok
19:21:10.0526 4988 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
19:21:10.0542 4988 sdbus - ok
19:21:10.0573 4988 [ 8EDD7B9E4A4B4C16E2DAB9188CAA861B ] SDDMI2 C:\WINDOWS\system32\DDMI2.sys
19:21:10.0573 4988 SDDMI2 - ok
19:21:10.0604 4988 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:21:10.0620 4988 Secdrv - ok
19:21:10.0651 4988 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:21:10.0651 4988 seclogon - ok
19:21:10.0667 4988 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:21:10.0667 4988 SENS - ok
19:21:10.0698 4988 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:21:10.0698 4988 serenum - ok
19:21:10.0745 4988 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:21:10.0745 4988 Serial - ok
19:21:10.0792 4988 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:21:10.0792 4988 Sfloppy - ok
19:21:10.0823 4988 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:21:10.0823 4988 ShellHWDetection - ok
19:21:10.0823 4988 Simbad - ok
19:21:10.0886 4988 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:21:10.0886 4988 sisagp - ok
19:21:10.0933 4988 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
19:21:10.0933 4988 Sparrow - ok
19:21:10.0964 4988 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:21:10.0964 4988 splitter - ok
19:21:10.0995 4988 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:21:11.0011 4988 Spooler - ok
19:21:11.0058 4988 [ 352E375AB298C23B0F9BC307652C7F50 ] SQLAgent$MICROSOFTSMLBIZ C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE
19:21:11.0058 4988 SQLAgent$MICROSOFTSMLBIZ - ok
19:21:11.0104 4988 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:21:11.0104 4988 sr - ok
19:21:11.0167 4988 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
19:21:11.0167 4988 srservice - ok
19:21:11.0245 4988 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:21:11.0245 4988 Srv - ok
19:21:11.0261 4988 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:21:11.0261 4988 SSDPSRV - ok
19:21:11.0386 4988 [ 8990440E4B2A7CA5A56A1833B03741FD ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
19:21:11.0417 4988 STHDA - ok
19:21:11.0495 4988 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:21:11.0511 4988 stisvc - ok
19:21:11.0558 4988 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:21:11.0573 4988 swenum - ok
19:21:11.0589 4988 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:21:11.0604 4988 swmidi - ok
19:21:11.0604 4988 SwPrv - ok
19:21:11.0651 4988 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
19:21:11.0667 4988 symc810 - ok
19:21:11.0698 4988 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
19:21:11.0698 4988 symc8xx - ok
19:21:11.0729 4988 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
19:21:11.0729 4988 sym_hi - ok
19:21:11.0776 4988 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
19:21:11.0776 4988 sym_u3 - ok
19:21:11.0854 4988 [ FA2DAA32BED908023272A0F77D625DAE ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
19:21:11.0854 4988 SynTP - ok
19:21:11.0917 4988 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:21:11.0917 4988 sysaudio - ok
19:21:11.0995 4988 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:21:11.0995 4988 SysmonLog - ok
19:21:12.0058 4988 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:21:12.0073 4988 TapiSrv - ok
19:21:12.0151 4988 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:21:12.0167 4988 Tcpip - ok
19:21:12.0229 4988 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:21:12.0229 4988 TDPIPE - ok
19:21:12.0261 4988 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:21:12.0261 4988 TDTCP - ok
19:21:12.0308 4988 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:21:12.0308 4988 TermDD - ok
19:21:12.0417 4988 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
19:21:12.0433 4988 TermService - ok
19:21:12.0464 4988 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
19:21:12.0464 4988 Themes - ok
19:21:12.0526 4988 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
19:21:12.0542 4988 TlntSvr - ok
19:21:12.0589 4988 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
19:21:12.0589 4988 TosIde - ok
19:21:12.0636 4988 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:21:12.0651 4988 TrkWks - ok
19:21:12.0714 4988 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:21:12.0714 4988 Udfs - ok
19:21:12.0745 4988 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
19:21:12.0745 4988 ultra - ok
19:21:12.0792 4988 [ 9651E5D850B6F6BD7C77C70AA06F02BF ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
19:21:12.0808 4988 UMWdf - ok
19:21:12.0870 4988 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:21:12.0886 4988 Update - ok
19:21:12.0948 4988 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:21:12.0964 4988 upnphost - ok
19:21:12.0979 4988 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:21:12.0979 4988 UPS - ok
19:21:13.0026 4988 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:21:13.0026 4988 usbccgp - ok
19:21:13.0058 4988 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:21:13.0073 4988 usbehci - ok
19:21:13.0073 4988 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:21:13.0089 4988 usbhub - ok
19:21:13.0104 4988 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:21:13.0120 4988 usbohci - ok
19:21:13.0151 4988 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:21:13.0151 4988 usbprint - ok
19:21:13.0183 4988 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:21:13.0183 4988 usbscan - ok
19:21:13.0198 4988 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:21:13.0198 4988 USBSTOR - ok
19:21:13.0229 4988 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:21:13.0229 4988 usbuhci - ok
19:21:13.0261 4988 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:21:13.0276 4988 VgaSave - ok
19:21:13.0308 4988 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:21:13.0323 4988 viaagp - ok
19:21:13.0339 4988 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
19:21:13.0339 4988 ViaIde - ok
19:21:13.0401 4988 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:21:13.0401 4988 VolSnap - ok
19:21:13.0495 4988 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
19:21:13.0511 4988 VSS - ok
19:21:13.0636 4988 [ 8ED347BAD8D1FB7C40B593BFB01786D2 ] vToolbarUpdater11.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
19:21:13.0667 4988 vToolbarUpdater11.2.0 - ok
19:21:13.0729 4988 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
19:21:13.0729 4988 w32time - ok
19:21:13.0792 4988 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:21:13.0792 4988 Wanarp - ok
19:21:13.0854 4988 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
19:21:13.0854 4988 wanatw - ok
19:21:13.0933 4988 [ 4769596D7CC0F5FA447D2BABC239672A ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
19:21:13.0948 4988 Wdf01000 - ok
19:21:13.0948 4988 WDICA - ok
19:21:13.0995 4988 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:21:13.0995 4988 wdmaud - ok
19:21:14.0058 4988 [ EFB3074BDBABE0A137D89D8E58F02392 ] Web Assistant Updater C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
19:21:14.0073 4988 Web Assistant Updater - ok
19:21:14.0136 4988 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:21:14.0151 4988 WebClient - ok
19:21:14.0245 4988 [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
19:21:14.0276 4988 winachsf - ok
19:21:14.0386 4988 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:21:14.0401 4988 winmgmt - ok
19:21:14.0433 4988 wltrysvc - ok
19:21:14.0479 4988 [ B9715B9C18BC6C8F4B66733D208CC9F7 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:21:14.0495 4988 WmdmPmSN - ok
19:21:14.0573 4988 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
19:21:14.0589 4988 Wmi - ok
19:21:14.0667 4988 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:21:14.0667 4988 WmiApSrv - ok
19:21:14.0870 4988 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:21:14.0917 4988 WPFFontCache_v0400 - ok
19:21:14.0979 4988 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:21:14.0979 4988 wscsvc - ok
19:21:15.0089 4988 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:21:15.0104 4988 WZCSVC - ok
19:21:15.0136 4988 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:21:15.0151 4988 xmlprov - ok
19:21:15.0167 4988 ================ Scan global ===============================
19:21:15.0229 4988 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:21:15.0276 4988 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:21:15.0683 4988 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:21:15.0714 4988 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:21:15.0729 4988 [Global] - ok
19:21:15.0729 4988 ================ Scan MBR ==================================
19:21:15.0761 4988 [ 5CB90281D1A59B251F6603134774EEC3 ] \Device\Harddisk0\DR0
19:21:16.0151 4988 \Device\Harddisk0\DR0 - ok
19:21:16.0151 4988 ================ Scan VBR ==================================
19:21:16.0167 4988 [ 4C7C695CECD29C2C9AB1BFBF6724A6CB ] \Device\Harddisk0\DR0\Partition1
19:21:16.0167 4988 \Device\Harddisk0\DR0\Partition1 - ok
19:21:16.0167 4988 ============================================================
19:21:16.0167 4988 Scan finished
19:21:16.0167 4988 ============================================================
19:21:16.0198 0924 Detected object count: 0
19:21:16.0198 0924 Actual detected object count: 0


aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-25 19:23:27
-----------------------------
19:23:27.637 OS Version: Windows 5.1.2600 Service Pack 3
19:23:27.637 Number of processors: 2 586 0x4802
19:23:27.637 ComputerName: JOANN UserName:
19:23:29.231 Initialize success
19:26:34.999 AVAST engine defs: 12082501
19:29:36.876 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:29:36.892 Disk 0 Vendor: Hitachi_HTS541612J9SA00 SBDOC74P Size: 114473MB BusType: 3
19:29:36.908 Disk 0 MBR read successfully
19:29:36.923 Disk 0 MBR scan
19:29:37.080 Disk 0 unknown MBR code
19:29:37.080 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 70 MB offset 63
19:29:37.127 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 109638 MB offset 144585
19:29:37.189 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4753 MB offset 224701155
19:29:37.205 Disk 0 scanning sectors +234436545
19:29:37.377 Disk 0 scanning C:\WINDOWS\system32\drivers
19:30:09.377 Service scanning
19:30:44.502 Modules scanning
19:31:03.846 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
19:31:06.175 Disk 0 trace - called modules:
19:31:06.221 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
19:31:06.221 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8531fab8]
19:31:06.237 3 CLASSPNP.SYS[f7552fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x853d0d98]
19:31:07.940 AVAST engine scan C:\WINDOWS
19:31:38.378 AVAST engine scan C:\WINDOWS\system32
19:39:21.384 AVAST engine scan C:\WINDOWS\system32\drivers
19:39:47.337 AVAST engine scan C:\Documents and Settings\Tiffany Stembridge
20:05:29.462 AVAST engine scan C:\Documents and Settings\All Users
20:08:50.572 Scan finished successfully
00:25:42.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tiffany Stembridge\Desktop\MBR.dat"
00:25:42.218 The log file has been saved successfully to "C:\Documents and Settings\Tiffany Stembridge\Desktop\aswMBR.txt"

ESET online scanner

C:\AOL Instant Messenger\AIM.exe Win32/Adware.WBug.A application
C:\Documents and Settings\All Users\Application Data\TheBflixUpdater\runtime.dll Win32/GenUpdater application
C:\Documents and Settings\Tiffany Stembridge\My Documents\Downloads\openofficewriter-setup.exe Win32/DownloadAdmin.A.Gen application




*Also, I'm not sure if I was supposed to, but I did not select for ESET to remove the found threats.*

#4 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 26 August 2012 - 09:53 AM

C:\Documents and Settings\All Users\Application Data\TheBflixUpdater\runtime.dll Win32/GenUpdater application


Remove this alone

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#5 leo86iii

leo86iii

    Member

  • Members
  • PipPip
  • 27 posts

Posted 26 August 2012 - 01:10 PM

1. I removed: "C:\Documents and Settings\All Users\Application Data\TheBflixUpdater\runtime.dll Win32/GenUpdater application" manually.

2. I ran MBAM only once in regular mode since I got a clean log the first time and didn't get any malicious results. Here are the logs:

MBAM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.26.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Tiffany Stembridge :: JOANN [administrator]

8/26/2012 10:21:46 AM
mbam-log-2012-08-26 (10-21-46).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 341286
Time elapsed: 2 hour(s), 2 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

minitoolbox

MiniToolBox by Farbar Version: 23-07-2012
Ran by Tiffany Stembridge (administrator) on 26-08-2012 at 12:32:33
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Connected)
Dell Wireless 1490 Dual Band WLAN Mini-Card = Wireless Network Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Joann

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.va.comcast.net.



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : hsd1.va.comcast.net.

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-19-B9-4C-4F-73

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 71.57.204.153

Subnet Mask . . . . . . . . . . . : 255.255.252.0

Default Gateway . . . . . . . . . : 71.57.204.1

DHCP Server . . . . . . . . . . . : 69.252.67.4

DNS Servers . . . . . . . . . . . : 75.75.75.75

75.75.76.76

Lease Obtained. . . . . . . . . . : Sunday, August 26, 2012 1:50:29 AM

Lease Expires . . . . . . . . . . : Tuesday, August 28, 2012 12:07:08 PM



Ethernet adapter Wireless Network Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Dell Wireless 1490 Dual Band WLAN Mini-Card

Physical Address. . . . . . . . . : 00-19-7D-41-FB-32

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 74.125.228.6, 74.125.228.9, 74.125.228.0, 74.125.228.4
74.125.228.14, 74.125.228.2, 74.125.228.5, 74.125.228.3, 74.125.228.1
74.125.228.8, 74.125.228.7



Pinging google.com [74.125.228.72] with 32 bytes of data:



Reply from 74.125.228.72: bytes=32 time=22ms TTL=54

Reply from 74.125.228.72: bytes=32 time=21ms TTL=54



Ping statistics for 74.125.228.72:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 21ms, Maximum = 22ms, Average = 21ms

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: yahoo.com
Addresses: 98.138.253.109, 98.139.183.24, 72.30.38.140



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=890ms TTL=47

Reply from 72.30.38.140: bytes=32 time=596ms TTL=47



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 596ms, Maximum = 890ms, Average = 743ms

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 19 b9 4c 4f 73 ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
0x3 ...00 19 7d 41 fb 32 ...... Dell Wireless 1490 Dual Band WLAN Mini-Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 71.57.204.1 71.57.204.153 20
71.57.204.0 255.255.252.0 71.57.204.153 71.57.204.153 20
71.57.204.153 255.255.255.255 127.0.0.1 127.0.0.1 20
71.255.255.255 255.255.255.255 71.57.204.153 71.57.204.153 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 71.57.204.153 71.57.204.153 20
255.255.255.255 255.255.255.255 71.57.204.153 71.57.204.153 1
255.255.255.255 255.255.255.255 71.57.204.153 3 1
Default Gateway: 71.57.204.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================

System errors:
=============
Error: (08/26/2012 01:52:44 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.

Error: (08/26/2012 01:51:10 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/26/2012 01:51:10 AM) (Source: Service Control Manager) (User: )
Description: The Security Services Driver (x86) service failed to start due to the following error:
%%2

Error: (08/26/2012 01:51:09 AM) (Source: Service Control Manager) (User: )
Description: The Dell Wireless WLAN Tray Service service failed to start due to the following error:
%%2

Error: (08/25/2012 03:53:22 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/25/2012 03:53:22 PM) (Source: Service Control Manager) (User: )
Description: The Security Services Driver (x86) service failed to start due to the following error:
%%2

Error: (08/25/2012 03:53:22 PM) (Source: Service Control Manager) (User: )
Description: The Dell Wireless WLAN Tray Service service failed to start due to the following error:
%%2

Error: (08/25/2012 03:37:57 PM) (Source: 0) (User: )
Description: C:

Error: (08/25/2012 03:36:34 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/25/2012 03:36:34 PM) (Source: Service Control Manager) (User: )
Description: The Security Services Driver (x86) service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

7-Zip 9.20
ABBYY FineReader 6.0 Sprint (Version: 6.00.1735.41615)
Adobe Flash Player 10 ActiveX (Version: 10.0.22.87)
Adobe Flash Player 11 Plugin (Version: 11.2.202.235)
Adobe Flash Player 9 ActiveX (Version: 9)
Adobe Reader 9.3 (Version: 9.3.0)
Adobe Shockwave Player 11.5 (Version: 11.5.6.606)
AMD Processor Driver (Version: 1.3.2.)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
AOLIcon (Version: 1.00.0000)
ATI Catalyst Control Center (Version: 1.2.2460.36742)
ATI Display Driver (Version: 8.282.2.1-060922a-036833C-Dell)
AVG 2012 (Version: 12.0.2197)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2197)
Broadcom Management Programs (Version: 9.07.01)
Celtx (2.9.6) (Version: 2.9.6 (en-US))
Conexant HDA D110 MDC V.92 Modem
Consumer Complete Care Services Agreement (Version: 1.10.0000)
Dell PC Fax
Dell Photo AIO Printer 926
Dell Support 3.2.1 (Version: 5.5.2087)
Dell System Restore (Version: 2.00.0000)
Dell Wireless WLAN Card (Version: 4.10.47.3)
Digital Content Portal (Version: 1.00.0000)
Digital Line Detect (Version: 1.15)
Documentation & Support Launcher (Version: 1.00.0000)
EA SPORTS Game Face Browser Plugin 1.5.3.0 (Version: 1.5.3.0)
ESET Online Scanner v3
Games, Music, & Photos Launcher (Version: 1.00.0000)
GemMaster Mystic
Google Toolbar for Internet Explorer (Version: 4.0.0.002)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HTC Driver Installer (Version: 3.0.0.007)
IHA_MessageCenter (Version: 1.8.17)
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
Java 7 Update 6 (Version: 7.0.60)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 29 (Version: 6.0.290)
Learn2 Player (Uninstall Only)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Outlook 2003 with Business Contact Manager Update (Version: 2.0.4013.0)
Microsoft Office Small Business Edition 2003 (Version: 11.0.7969.0)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ) (Version: 8.00.2039)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Works (Version: 08.05.0818)
Modem Helper (Version: 3.01)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSN
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NetWaiting (Version: 2.5.23)
OpenOffice.org 3.2 (Version: 3.2.9483)
PowerDVD 5.7
Pure Networks Port Magic (Version: 1.2.1393.0)
Qualxserve Service Agreement (Version: 1.11.0000)
QuickSet (Version: 7.1.13)
QuickTime
RealPlayer Basic
Recuva (Version: 1.42)
Roxio DLA (Version: 5.2.0)
Roxio MyDVD LE (Version: 6.1.6)
Roxio RecordNow Audio (Version: 2.0.4)
Roxio RecordNow Copy (Version: 2.0.4)
Roxio RecordNow Data (Version: 2.0.4)
RPS AntiVirus (Version: 7.0.25)
RPS CRT (Version: 7.0.25)
Screenshot It Enabler (Version: 1.02.0000)
SearchAssist
Sonic Encoders (Version: 1.00)
Synaptics Pointing Device Driver (Version: 8.2.4.6)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB978207) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Verizon Broadband Toolbar
Verizon High Speed Internet
Verizon Servicepoint 1.5.22 (Version: 1.5.22)
Viewpoint Media Player
VIPdesk Scan Utility (Version: 1.0.0)
Vz In Home Agent (Version: 7.02.12)
Web Assistant 2.0.0.439
WebFldrs XP (Version: 9.50.7523)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Media Format Runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 47%
Total physical RAM: 894.04 MB
Available physical RAM: 471.84 MB
Total Pagefile: 2166.89 MB
Available Pagefile: 1457.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.5 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:107.07 GB) (Free:63.65 GB) NTFS
3 Drive e: () (Removable) (Total:7.39 GB) (Free:0.18 GB) FAT32

========================= Users: ========================================

User accounts for \\JOANN

Administrator ASPNET Guest
HelpAssistant Joann Stembridge SUPPORT_388945a0
Tiffany Stembridge


**** End of log ****

FSS

Farbar Service Scanner Version: 06-08-2012
Ran by Tiffany Stembridge (administrator) on 26-08-2012 at 12:35:02
Running from "C:\Documents and Settings\Tiffany Stembridge\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(11) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0C000000040000000100000002000000030000000C0000000B00000005000000060000000700000008000000090000000A000000
IpSec Tag value is correct.

**** End of log ****

adware cleaner

# AdwCleaner v1.801 - Logfile created 08/26/2012 at 12:59:44
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Tiffany Stembridge - JOANN
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Tiffany Stembridge\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.5730.13

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Joann Stembridge\Application Data\Mozilla\Firefox\Profiles\1as68zwz.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Tiffany Stembridge\Application Data\Mozilla\Firefox\Profiles\dsmn7660.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Tiffany Stembridge\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [13104 octets] - [26/08/2012 12:35:49]
AdwCleaner[S2].txt - [1466 octets] - [26/08/2012 12:57:18]
AdwCleaner[S3].txt - [1301 octets] - [26/08/2012 12:59:44]

########## EOF - C:\AdwCleaner[S3].txt - [1429 octets] ##########

#6 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 26 August 2012 - 01:14 PM

Download

BITS
Wuauserv
Shared access

Launch them,click YES

Restart the PC and post the new FSS log

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#7 leo86iii

leo86iii

    Member

  • Members
  • PipPip
  • 27 posts

Posted 26 August 2012 - 02:01 PM

1. Downloaded and launched BITS, Wuauserv, Shared access.

2. Restarted PC. Ran FSS. Here is the new log:

FSS

Farbar Service Scanner Version: 06-08-2012
Ran by Tiffany Stembridge (administrator) on 26-08-2012 at 13:56:17
Running from "C:\Documents and Settings\Tiffany Stembridge\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(11) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0C000000040000000100000002000000030000000C0000000B00000005000000060000000700000008000000090000000A000000
IpSec Tag value is correct.

**** End of log ****

Rkill

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/26/2012 01:57:42 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\WINDOWS\system32\WLTRAY.exe (PID: 3812) [WD-HEUR]
* C:\WINDOWS\stsystra.exe (PID: 3828) [WD-HEUR]
* C:\WINDOWS\System32\DLA\DLACTRLW.EXE (PID: 3876) [WD-HEUR]
* C:\Documents and Settings\Tiffany Stembridge\My Documents\Downloads\FSS.exe (PID: 2380) [UP-HEUR]

4 proccesses terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.
* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/26/2012 01:58:49 PM
Execution time: 0 hours(s), 1 minute(s), and 6 seconds(s)

#8 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 26 August 2012 - 02:04 PM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your flash player

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#9 leo86iii

leo86iii

    Member

  • Members
  • PipPip
  • 27 posts

Posted 26 August 2012 - 02:19 PM

Thanks so much for your assistance, and fast responses. I will finish up with the final steps. One last question on the topic if I may...Besides running the AVG 2012, are there any other antivirus/malware programs that you would suggest I use? Or should I just look around the forums?

#10 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 26 August 2012 - 02:22 PM

AVG+malwarebytes should be fine.Mutiple antiviruses are not recommended.

safe surfing :)

#11 leo86iii

leo86iii

    Member

  • Members
  • PipPip
  • 27 posts

Posted 26 August 2012 - 04:08 PM

AVG+malwarebytes should be fine.Mutiple antiviruses are not recommended.


Ok no problem.

And just to provide an update on my situation. I did the final steps and my issues are successfully RESOLVED. Firewall and Automatic Updates are back on.

#12 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 26 August 2012 - 08:27 PM

:thumbup2:
Back to Am I infected? What do I do?


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Am I infected? What do I do?
  4. Privacy Policy
  5. Rules ·