Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows - Delayed Write Failed


  • This topic is locked This topic is locked
25 replies to this topic

#1 GreyhoundGuy

GreyhoundGuy

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 21 March 2012 - 08:52 PM

Hi y'all. I hate to bother everyone with yet another virus, but my desktop PC was recently hit and I'm trying to figure out how to get it back and running. I did a Google search for "Windows - Delayed Write Failed" and "Failed to save all the components for the file \\System32" ... and BC was the first site that came up. I read through a couple threads and saw that there were some differences. I'm hoping that y'all can help me out as you did with the other folks. (Before I start, I should add that I'll be able to read replies on either my cell phone or on my laptop. Hopefully this'll go quick.)

Okay... here we go.

Machine Info
Compaq Presario desktop (older unit, probably 2003?)
Windows XP Home

What Happened
I was using my computer to work on some files for my classroom when Firefox closed by itself. I didn't think much of it, so I relaunched Firefox and it closed by itself again. Then I got an error window that said, "Windows - Delayed Write Failed: Failed to save all the components for the file \\System32\\00006bt7. The file is corrupted or unreadable. This error may be caused by a PC hardware problem." About 20 similar windows all popped up in succession, but had various "files" listed (e.g., System32\\xxxxxxxx).

A "System Check" popped up and started "scanning" my computer. The end results said that I had hard drive space less than technical limits, hard drive rotational speed exceeds system limits, disck drive c:\ is unreadable, etc. However, I'm sure this isn't a Microsoft scan. It definitely looks bogus!

Another popup appeared saying the "Files indexation process failed." Again, this looks bogus.

Last (I think?), was the various system alerts I received just above the toolbar. They show anything from "RAM memory reliability is extremely low" to something along the lines of RAM memory approaching critical temperatures. (I seem to remember seeing something about 83 degrees celcius.)

The network cable has been unplugged, so the computer is no longer online.

So there you have it... a short background. Prior to this popping up, everything on the computer had been running very well.

So far, I've followed the steps in "Preparation Guide for Use Before... Requesting Help":
* Step 1 - done (back up of data done fairly regularly)
* Step 2 - done (not a "slow computer" issue)
* Step 3 - done (account created)
* Step 4 - done (notification is set to immediate)
* Step 5 - done (according to Windows Firewall, the firewall is running)
* Step 6 - done (defogger_disable by jpshortstuff (23.02.10.1))... no reboot was necesary
* Step 7 - done and attached
* Step 8 - done and attached
* Step 9 - done
* Step 10 - in progress :)



- - - - -
DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Owner at 18:19:10 on 2012-03-20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.544 [GMT -5:00]
.
AV: avast! antivirus 4.7.1001 [VPS 120320-1] *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\All Users\Application Data\IkEJJmteVRTh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Skype\Phone\Skype.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Documents and Settings\All Users\Application Data\EoZwLZJTJabXmv.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://qus9.hpwis.com/
uDefault_Search_URL = hxxp://srch-qus9.hpwis.com/
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://srch-qus9.hpwis.com/
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
BHO: SMART Notebook Download Utility: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart technologies\education software\win32\NotebookPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [gStart] c:\program files\garmin\gStart.exe
uRun: [RocketDock] "c:\windows\bricopacks\crystal clear\rocketdock\RocketDock.exe"
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [iRiver Updater] c:\program files\iriver\iriver manager\updater\Updater.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slave
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IkEJJmteVRTh.exe] c:\documents and settings\all users\application data\IkEJJmteVRTh.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\motion~1.lnk - c:\program files\motionbased\agent\MBAgent.exe
uPolicies-explorer: NoDesktop = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {F8FC1530-0608-11DF-2008-0800200C9A66} - hxxps://vpn.laketravis.txed.net/CACHE/sdesktop/install/binaries/instweb.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1BED82BD-8D51-4F78-884F-6211287400B6} : DhcpNameServer = 192.168.1.254
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\lvc8ae98.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nplv85win32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmnqmp07030901.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint_03000F10.dll
.
============= SERVICES / DRIVERS ===============
.
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2006-7-4 132736]
R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2011-8-3 828944]
R2 WSWNA3100;WSWNA3100;c:\program files\netgear\wna3100\WifiSvc.exe [2012-1-20 285152]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2006-7-4 243328]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2006-7-4 345728]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2012-1-20 642432]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2012-1-21 30576]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2012-1-20 50704]
.
=============== Created Last 30 ================
.
2012-03-20 22:21:48 526168 ---ha-w- c:\windows\system32\PerfStringBackup.TMP
2012-03-19 03:09:20 356864 ---ha-w- c:\documents and settings\all users\application data\EoZwLZJTJabXmv.exe
2012-03-19 03:06:39 448512 ---ha-w- c:\documents and settings\all users\application data\IkEJJmteVRTh.exe
2012-03-18 16:14:32 592824 ---ha-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-18 16:14:32 44472 ---ha-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-17 15:11:24 -------- d--h--w- c:\program files\Garmin GPS Plugin
2012-03-17 00:24:51 -------- d--h--w- c:\program files\iTunes
2012-03-15 15:41:42 3072 -c-h--w- c:\windows\system32\dllcache\iacenc.dll
2012-03-15 15:41:42 3072 ---h--w- c:\windows\system32\iacenc.dll
2012-03-02 00:21:19 230808 ---ha-r- c:\windows\system32\cpnprt2.cid
2012-03-02 00:21:06 -------- d--h--w- c:\program files\Coupons
2012-02-22 22:10:22 -------- d--h--w- c:\program files\TightVNC
2012-02-22 22:06:20 -------- d--h--w- c:\documents and settings\owner\local settings\application data\Downloaded Installations
.
==================== Find3M ====================
.
2012-02-23 03:28:02 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22:18 1860096 ---ha-w- c:\windows\system32\win32k.sys
2012-01-09 16:20:25 139784 ---ha-w- c:\windows\system32\drivers\rdpwd.sys
2004-08-04 07:56:53 60416 --sha-w- c:\windows\bricopacks\sysfiles\84_MSIMN.EXE
.
============= FINISH: 18:19:33.78 ===============



- - - - -

Thanks for all your help... in advance.

-Joel (aka GreyhoundGuy)

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:24 AM

Posted 22 March 2012 - 12:12 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

<insert av's>

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 GreyhoundGuy

GreyhoundGuy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 22 March 2012 - 08:19 PM

Before I get to the log for ComboFix, can you tell me what software you'd recommend for anti-virus/anti-malware, etc? Thanks!

Looks like I need to get a new anti-virus program (instead of Avast). I just turned my desktop on, the one I'm having issues with and have been for a few days, and Avast JUST notified me that I have a virus: Win32:FakeAlert. If only that had come up a few days ago. :)

I wasn't able to figure out the multiple anti-virus programs that you mentioned were running, so I only disabled Avast. That's the only one I know of. (If you can point out the other, let me know and I'll remove it so I'm only running one.)

I ran ComboFix. After running the scan, the computer automatically restarted. I logged on as usual and things seem much better... although not quite fixed. I now see icons for my desktop files. This includes My Computer, Internet Explorer, my various folders, etc. It doesn't look like anything is missing. The toolbar is still missing my icons for common programs (e.g., Outlook, IE, Show Desktop, etc.). Also, my desktop background is gone ... still just a gray background. Oh, and I also have a bunch of temporary files on the desktop... like files that are saved while working on them. Not many, but a few.

The pop-ups are not longer coming up, though.


- - - - -
ComboFix log:


ComboFix 12-03-22.01 - Owner 03/22/2012 18:22:48.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.735 [GMT -5:00]
Running from: h:\combofix\ComboFix.exe
AV: avast! antivirus 4.7.1001 [VPS 120322-1] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\~EoZwLZJTJabXmv
c:\documents and settings\All Users\Application Data\~EoZwLZJTJabXmvr
c:\documents and settings\All Users\Application Data\EoZwLZJTJabXmv
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Guest\WINDOWS
c:\documents and settings\Leigh\WINDOWS
c:\documents and settings\Owner\Start Menu\Programs\System Check
c:\documents and settings\Owner\Start Menu\Programs\System Check\System Check.lnk
c:\documents and settings\Owner\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\documents and settings\Owner\WINDOWS
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\Packet.dll
c:\windows\system32\ps2.bat
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
E:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-02-22 to 2012-03-22 )))))))))))))))))))))))))))))))
.
.
2012-03-20 22:21 . 2012-03-22 23:11 526168 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-03-19 03:09 . 2012-03-19 03:09 356864 ---ha-w- c:\documents and settings\All Users\Application Data\EoZwLZJTJabXmv.exe
2012-03-19 03:06 . 2012-03-19 03:03 448512 ---ha-w- c:\documents and settings\All Users\Application Data\IkEJJmteVRTh.exe
2012-03-18 16:14 . 2012-03-18 16:14 592824 ---ha-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 16:14 . 2012-03-18 16:14 44472 ---ha-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-17 15:11 . 2012-03-17 15:11 -------- d--h--w- c:\program files\Garmin GPS Plugin
2012-03-17 00:24 . 2012-03-17 00:27 -------- d--h--w- c:\program files\iTunes
2012-03-15 15:41 . 2012-01-11 19:06 3072 -c-h--w- c:\windows\system32\dllcache\iacenc.dll
2012-03-15 15:41 . 2012-01-11 19:06 3072 ---h--w- c:\windows\system32\iacenc.dll
2012-03-02 00:21 . 2012-03-02 00:21 230808 ---ha-r- c:\windows\system32\cpnprt2.cid
2012-03-02 00:21 . 2012-03-02 00:21 -------- d--h--w- c:\program files\Coupons
2012-02-22 22:10 . 2012-02-22 22:10 -------- d--h--w- c:\documents and settings\LocalService\Application Data\TightVNC
2012-02-22 22:10 . 2012-02-22 22:10 -------- d--h--w- c:\program files\TightVNC
2012-02-22 22:06 . 2012-02-22 22:06 -------- d--h--w- c:\documents and settings\Owner\Local Settings\Application Data\Downloaded Installations
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 03:28 . 2011-11-06 18:20 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2003-08-08 17:32 1860096 ---ha-w- c:\windows\system32\win32k.sys
2012-01-09 16:20 . 2003-08-08 17:30 139784 ---ha-w- c:\windows\system32\drivers\rdpwd.sys
2007-07-25 00:03 . 2007-07-25 00:03 118784 ---ha-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
2012-03-18 16:14 . 2012-02-17 17:07 97208 ---ha-w- c:\program files\mozilla firefox\components\browsercomps.dll
2004-08-04 07:56 60416 --sha-w- c:\windows\BricoPacks\SysFiles\84_MSIMN.EXE
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-05-03 835654]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 19550344]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-03 4640768]
"nwiz"="nwiz.exe" [2003-05-03 323584]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"PS2"="c:\windows\system32\ps2.exe" [2002-08-01 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-11-21 35328]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 28160]
"iRiver Updater"="c:\program files\iRiver\iRiver Manager\Updater\Updater.exe" [2004-03-10 204800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2011-08-03 828944]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"IkEJJmteVRTh.exe"="c:\documents and settings\All Users\Application Data\IkEJJmteVRTh.exe" [2012-03-19 448512]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
MotionBased Agent.lnk - c:\program files\MotionBased\Agent\MBAgent.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\program files\PrintMaster Silver 17\Remind.exe [2006-2-22 344064]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\HOTSYNC.EXE [N/A]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-2-27 450560]
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2012-1-20 4577760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\wjview.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TightVNC\\tvnserver.exe"=
"c:\\Program Files\\TightVNC\\vncviewer.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [8/3/2011 8:23 AM 828944]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [1/20/2012 11:35 PM 642432]
S2 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [1/20/2012 11:35 PM 285152]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [1/21/2012 8:53 PM 30576]
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 23:57]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://srch-qus9.hpwis.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://srch-qus9.hpwis.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {F8FC1530-0608-11DF-2008-0800200C9A66} - hxxps://vpn.laketravis.txed.net/CACHE/sdesktop/install/binaries/instweb.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\lvc8ae98.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{72973778-1A5A-42B8-8F7F-4AACAABB9118} - c:\windows\System32\oleac32.dll
HKCU-Run-gStart - c:\program files\Garmin\gStart.exe
HKCU-Run-RocketDock - c:\windows\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
HKCU-Run-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
AddRemove-Mozilla Thunderbird (2.0.0.22) - h:\thunderbird\App\thunderbird\uninstall\helper.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-22 18:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(528)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
c:\windows\ALCXMNTR.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-03-22 19:04:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-23 00:04
.
Pre-Run: 2,875,645,952 bytes free
Post-Run: 4,791,607,296 bytes free
.
- - End Of File - - F7F68D5E7502FF9B093A39D690D6F9F0

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:24 AM

Posted 22 March 2012 - 08:27 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 GreyhoundGuy

GreyhoundGuy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 22 March 2012 - 09:02 PM

I ran both programs and had an issue with the second (aswMBR).

We connect our desktop PC to the Internet via a USB wireless device. The modem/router is in another room, and we can't run a cable from the modem/router to the PC. (We're renting. If we weren't, I'd put in some drops around the house.) I'm guessing I'll have to uninstall and reinstall the drivers for the USB device. Anyway, when aswMBR asked to download new virus definitions, I wasn't able to.


- - - - -

TDSS Killer

20:44:27.0406 1252 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
20:44:27.0468 1252 ============================================================
20:44:27.0468 1252 Current date / time: 2012/03/22 20:44:27.0468
20:44:27.0468 1252 SystemInfo:
20:44:27.0468 1252
20:44:27.0468 1252 OS Version: 5.1.2600 ServicePack: 3.0
20:44:27.0468 1252 Product type: Workstation
20:44:27.0468 1252 ComputerName: COMPAQ
20:44:27.0468 1252 UserName: Owner
20:44:27.0468 1252 Windows directory: C:\WINDOWS
20:44:27.0468 1252 System windows directory: C:\WINDOWS
20:44:27.0468 1252 Processor architecture: Intel x86
20:44:27.0468 1252 Number of processors: 2
20:44:27.0468 1252 Page size: 0x1000
20:44:27.0468 1252 Boot type: Normal boot
20:44:27.0468 1252 ============================================================
20:44:29.0656 1252 Drive \Device\Harddisk0\DR0 - Size: 0x12A3F92000 (74.56 Gb), SectorSize: 0x200, Cylinders: 0x2865, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
20:44:29.0687 1252 Drive \Device\Harddisk1\DR1 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:44:29.0687 1252 Drive \Device\Harddisk2\DR5 - Size: 0xEF600000 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x1E8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:44:29.0687 1252 \Device\Harddisk0\DR0:
20:44:29.0687 1252 MBR used
20:44:29.0687 1252 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x9EF5D1
20:44:29.0687 1252 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9EF610, BlocksNum 0x8B29C30
20:44:29.0687 1252 \Device\Harddisk1\DR1:
20:44:29.0687 1252 MBR used
20:44:29.0687 1252 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x6FC7C41
20:44:29.0687 1252 \Device\Harddisk2\DR5:
20:44:29.0687 1252 MBR used
20:44:29.0687 1252 \Device\Harddisk2\DR5\Partition0: MBR, Type 0xB, StartLBA 0x1F80, BlocksNum 0x779080
20:44:29.0812 1252 Initialize success
20:44:29.0812 1252 ============================================================
20:44:33.0984 1496 ============================================================
20:44:33.0984 1496 Scan started
20:44:33.0984 1496 Mode: Manual;
20:44:33.0984 1496 ============================================================
20:44:36.0328 1496 Aavmker4 (aa8b7e0879293fa075695c83396bb305) C:\WINDOWS\system32\drivers\Aavmker4.sys
20:44:36.0328 1496 Aavmker4 - ok
20:44:36.0484 1496 Abiosdsk - ok
20:44:36.0640 1496 abp480n5 - ok
20:44:36.0750 1496 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:44:36.0765 1496 ACPI - ok
20:44:36.0937 1496 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:44:36.0937 1496 ACPIEC - ok
20:44:37.0093 1496 adpu160m - ok
20:44:37.0218 1496 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:44:37.0234 1496 aec - ok
20:44:37.0437 1496 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:44:37.0453 1496 AFD - ok
20:44:37.0656 1496 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
20:44:37.0656 1496 AFS2K - ok
20:44:37.0843 1496 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
20:44:37.0843 1496 agp440 - ok
20:44:38.0000 1496 Aha154x - ok
20:44:38.0156 1496 aic78u2 - ok
20:44:38.0328 1496 aic78xx - ok
20:44:38.0593 1496 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
20:44:38.0609 1496 ALCXWDM - ok
20:44:38.0765 1496 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:44:38.0781 1496 Alerter - ok
20:44:38.0859 1496 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:44:38.0875 1496 ALG - ok
20:44:38.0968 1496 AliIde - ok
20:44:39.0046 1496 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
20:44:39.0046 1496 AmdK7 - ok
20:44:39.0218 1496 amsint - ok
20:44:39.0390 1496 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:44:39.0406 1496 Apple Mobile Device - ok
20:44:39.0515 1496 AppMgmt - ok
20:44:39.0734 1496 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:44:39.0734 1496 Arp1394 - ok
20:44:39.0890 1496 asc - ok
20:44:40.0015 1496 asc3350p - ok
20:44:40.0125 1496 asc3550 - ok
20:44:40.0296 1496 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:44:40.0343 1496 aspnet_state - ok
20:44:40.0546 1496 aswMon2 (e2aca663e57105e68a914f54f3212f5a) C:\WINDOWS\system32\drivers\aswMon2.sys
20:44:40.0546 1496 aswMon2 - ok
20:44:40.0781 1496 aswRdr (4fc10bb2249e2c23cf879f4f9a8d0c6e) C:\WINDOWS\system32\drivers\aswRdr.sys
20:44:40.0781 1496 aswRdr - ok
20:44:40.0984 1496 aswTdi (ddfacb49e24f69e0ebd19b42ba5cc9cc) C:\WINDOWS\system32\drivers\aswTdi.sys
20:44:40.0984 1496 aswTdi - ok
20:44:41.0109 1496 aswUpdSv (0bab87db7dac336b52ada529cf472b74) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
20:44:41.0109 1496 aswUpdSv - ok
20:44:41.0281 1496 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:44:41.0281 1496 AsyncMac - ok
20:44:41.0468 1496 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:44:41.0468 1496 atapi - ok
20:44:41.0671 1496 Atdisk - ok
20:44:41.0828 1496 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:44:41.0828 1496 Atmarpc - ok
20:44:41.0984 1496 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:44:41.0984 1496 AudioSrv - ok
20:44:42.0140 1496 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:44:42.0140 1496 audstub - ok
20:44:42.0281 1496 avast! Antivirus (4c2d6f51f2a1943ef24e8c3e55267f04) C:\Program Files\Alwil Software\Avast4\ashServ.exe
20:44:42.0281 1496 avast! Antivirus - ok
20:44:42.0328 1496 avast! Mail Scanner (0005db55986f3b014fba24c2356476b7) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
20:44:42.0328 1496 avast! Mail Scanner - ok
20:44:42.0375 1496 avast! Web Scanner (d1c26f6b1aa7ba597f435cb136e998d4) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
20:44:42.0390 1496 avast! Web Scanner - ok
20:44:42.0625 1496 BCMH43XX (b770039886598aab7cf5eaeec2409e31) C:\WINDOWS\system32\DRIVERS\bcmwlhigh5.sys
20:44:42.0671 1496 BCMH43XX - ok
20:44:42.0859 1496 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:44:42.0875 1496 Beep - ok
20:44:43.0000 1496 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:44:43.0062 1496 BITS - ok
20:44:43.0187 1496 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
20:44:43.0203 1496 Bonjour Service - ok
20:44:43.0343 1496 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:44:43.0343 1496 Browser - ok
20:44:43.0359 1496 catchme - ok
20:44:43.0515 1496 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:44:43.0515 1496 cbidf2k - ok
20:44:43.0734 1496 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:44:43.0734 1496 CCDECODE - ok
20:44:43.0937 1496 cd20xrnt - ok
20:44:44.0078 1496 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:44:44.0093 1496 Cdaudio - ok
20:44:44.0234 1496 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:44:44.0234 1496 Cdfs - ok
20:44:44.0421 1496 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:44:44.0421 1496 Cdrom - ok
20:44:44.0562 1496 Changer - ok
20:44:44.0765 1496 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:44:44.0781 1496 CiSvc - ok
20:44:44.0906 1496 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:44:44.0921 1496 ClipSrv - ok
20:44:45.0062 1496 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:44:45.0187 1496 clr_optimization_v2.0.50727_32 - ok
20:44:45.0328 1496 CmdIde - ok
20:44:45.0437 1496 COMSysApp - ok
20:44:45.0562 1496 Cpqarray - ok
20:44:45.0703 1496 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:44:45.0703 1496 CryptSvc - ok
20:44:45.0859 1496 cvintdrv (dbd89bc0dbe00dcd245be8f61dbee291) C:\WINDOWS\system32\drivers\cvintdrv.sys
20:44:45.0859 1496 cvintdrv - ok
20:44:46.0015 1496 dac2w2k - ok
20:44:46.0109 1496 dac960nt - ok
20:44:46.0218 1496 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:44:46.0250 1496 DcomLaunch - ok
20:44:46.0359 1496 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:44:46.0359 1496 Dhcp - ok
20:44:46.0531 1496 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:44:46.0531 1496 Disk - ok
20:44:46.0671 1496 dmadmin - ok
20:44:46.0890 1496 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:44:46.0921 1496 dmboot - ok
20:44:47.0125 1496 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:44:47.0140 1496 dmio - ok
20:44:47.0312 1496 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:44:47.0312 1496 dmload - ok
20:44:47.0453 1496 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:44:47.0453 1496 dmserver - ok
20:44:47.0640 1496 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:44:47.0640 1496 DMusic - ok
20:44:47.0796 1496 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:44:47.0796 1496 Dnscache - ok
20:44:47.0937 1496 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:44:47.0937 1496 Dot3svc - ok
20:44:48.0031 1496 dpti2o - ok
20:44:48.0125 1496 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:44:48.0125 1496 drmkaud - ok
20:44:48.0296 1496 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:44:48.0296 1496 EapHost - ok
20:44:48.0453 1496 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:44:48.0453 1496 ERSvc - ok
20:44:48.0546 1496 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:44:48.0593 1496 Eventlog - ok
20:44:48.0734 1496 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
20:44:48.0734 1496 EventSystem - ok
20:44:48.0921 1496 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:44:48.0937 1496 Fastfat - ok
20:44:49.0093 1496 fasttx2k (6339aaf63240df0634902b98c0f56049) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
20:44:49.0140 1496 fasttx2k - ok
20:44:49.0281 1496 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:44:49.0281 1496 FastUserSwitchingCompatibility - ok
20:44:49.0421 1496 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:44:49.0421 1496 Fdc - ok
20:44:49.0640 1496 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:44:49.0640 1496 Fips - ok
20:44:49.0859 1496 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:44:49.0859 1496 Flpydisk - ok
20:44:50.0062 1496 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:44:50.0078 1496 FltMgr - ok
20:44:50.0343 1496 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:44:50.0343 1496 FontCache3.0.0.0 - ok
20:44:50.0515 1496 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:44:50.0515 1496 Fs_Rec - ok
20:44:50.0671 1496 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:44:50.0671 1496 Ftdisk - ok
20:44:50.0843 1496 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:44:50.0859 1496 GEARAspiWDM - ok
20:44:51.0046 1496 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:44:51.0046 1496 Gpc - ok
20:44:51.0234 1496 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
20:44:51.0234 1496 grmnusb - ok
20:44:51.0343 1496 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:44:51.0343 1496 helpsvc - ok
20:44:51.0468 1496 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
20:44:51.0468 1496 HidServ - ok
20:44:51.0656 1496 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:44:51.0671 1496 HidUsb - ok
20:44:51.0843 1496 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:44:51.0843 1496 hkmsvc - ok
20:44:51.0984 1496 hpn - ok
20:44:52.0140 1496 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:44:52.0140 1496 HTTP - ok
20:44:52.0296 1496 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:44:52.0296 1496 HTTPFilter - ok
20:44:52.0406 1496 i2omgmt - ok
20:44:52.0453 1496 i2omp - ok
20:44:52.0546 1496 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:44:52.0546 1496 i8042prt - ok
20:44:52.0765 1496 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:44:52.0796 1496 ialm - ok
20:44:52.0953 1496 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:44:52.0953 1496 IDriverT - ok
20:44:53.0156 1496 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:44:53.0234 1496 idsvc - ok
20:44:53.0421 1496 ifp800 (7d19431e613a70262e5586fa76bb29f0) C:\WINDOWS\system32\Drivers\ifp800.sys
20:44:53.0421 1496 ifp800 - ok
20:44:53.0640 1496 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:44:53.0640 1496 Imapi - ok
20:44:53.0843 1496 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:44:53.0843 1496 ImapiService - ok
20:44:53.0984 1496 ini910u - ok
20:44:54.0093 1496 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
20:44:54.0093 1496 IntelIde - ok
20:44:54.0281 1496 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:44:54.0281 1496 intelppm - ok
20:44:54.0406 1496 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:44:54.0406 1496 ip6fw - ok
20:44:54.0593 1496 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:44:54.0593 1496 IpFilterDriver - ok
20:44:54.0781 1496 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:44:54.0796 1496 IpInIp - ok
20:44:55.0062 1496 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:44:55.0062 1496 IpNat - ok
20:44:55.0234 1496 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
20:44:55.0250 1496 iPod Service - ok
20:44:55.0421 1496 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:44:55.0437 1496 IPSec - ok
20:44:55.0656 1496 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:44:55.0656 1496 IRENUM - ok
20:44:55.0828 1496 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:44:55.0828 1496 isapnp - ok
20:44:55.0984 1496 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
20:44:55.0984 1496 JavaQuickStarterService - ok
20:44:56.0234 1496 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:44:56.0234 1496 Kbdclass - ok
20:44:56.0406 1496 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:44:56.0406 1496 kbdhid - ok
20:44:56.0546 1496 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:44:56.0562 1496 kmixer - ok
20:44:56.0796 1496 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:44:56.0796 1496 KSecDD - ok
20:44:56.0984 1496 L8042Kbd (5a11400ea1f0a106fe7edb28c270f7b8) C:\WINDOWS\system32\Drivers\L8042Kbd.sys
20:44:56.0984 1496 L8042Kbd - ok
20:44:57.0171 1496 L8042mou (20c919b52897b72ebcb2ad2fc29d8ef0) C:\WINDOWS\system32\Drivers\L8042mou.sys
20:44:57.0171 1496 L8042mou - ok
20:44:57.0312 1496 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:44:57.0312 1496 lanmanserver - ok
20:44:57.0453 1496 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:44:57.0468 1496 lanmanworkstation - ok
20:44:57.0562 1496 lbrtfdc - ok
20:44:57.0718 1496 LHidKe (31b582394da3290dff300f10952e9a4d) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
20:44:57.0718 1496 LHidKe - ok
20:44:57.0953 1496 LkCitadelServer (20cdb07017497c94a0bad253c4bafcbc) C:\WINDOWS\system32\lkcitdl.exe
20:44:57.0968 1496 LkCitadelServer - ok
20:44:58.0062 1496 lkClassAds (16a17d015c4576486ff39ee350035712) C:\WINDOWS\system32\lkads.exe
20:44:58.0062 1496 lkClassAds - ok
20:44:58.0140 1496 lkTimeSync (372099ecc46225acdc4b4e4010d70329) C:\WINDOWS\system32\lktsrv.exe
20:44:58.0140 1496 lkTimeSync - ok
20:44:58.0218 1496 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:44:58.0218 1496 LmHosts - ok
20:44:58.0328 1496 LMouKE (90a794d0a0bf3531c4ba1c0510449629) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
20:44:58.0343 1496 LMouKE - ok
20:44:58.0531 1496 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
20:44:58.0609 1496 ltmodem5 - ok
20:44:58.0843 1496 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
20:44:58.0859 1496 MDM - ok
20:44:59.0015 1496 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:44:59.0015 1496 Messenger - ok
20:44:59.0140 1496 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:44:59.0156 1496 mnmdd - ok
20:44:59.0281 1496 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
20:44:59.0296 1496 mnmsrvc - ok
20:44:59.0453 1496 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:44:59.0453 1496 Modem - ok
20:44:59.0671 1496 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:44:59.0687 1496 MODEMCSA - ok
20:44:59.0859 1496 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:44:59.0859 1496 Mouclass - ok
20:45:00.0046 1496 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:45:00.0046 1496 mouhid - ok
20:45:00.0234 1496 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:45:00.0234 1496 MountMgr - ok
20:45:00.0375 1496 mraid35x - ok
20:45:00.0515 1496 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:45:00.0531 1496 MRxDAV - ok
20:45:00.0781 1496 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:45:00.0843 1496 MRxSmb - ok
20:45:00.0984 1496 MSCamSvc (b03e3f64b70f8031e65eb26da23de91a) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
20:45:00.0984 1496 MSCamSvc - ok
20:45:01.0109 1496 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
20:45:01.0109 1496 MSDTC - ok
20:45:01.0281 1496 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:45:01.0296 1496 Msfs - ok
20:45:01.0468 1496 MSHUSBVideo (7a0f9cbdbdb135113b9a3c138e20c85d) C:\WINDOWS\system32\Drivers\nx6000.sys
20:45:01.0468 1496 MSHUSBVideo - ok
20:45:01.0625 1496 MSIServer - ok
20:45:01.0796 1496 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:45:01.0796 1496 MSKSSRV - ok
20:45:02.0015 1496 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:45:02.0031 1496 MSPCLOCK - ok
20:45:02.0218 1496 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:45:02.0218 1496 MSPQM - ok
20:45:02.0390 1496 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:45:02.0390 1496 mssmbios - ok
20:45:02.0578 1496 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:45:02.0578 1496 MSTEE - ok
20:45:02.0765 1496 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:45:02.0765 1496 Mup - ok
20:45:02.0968 1496 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:45:02.0968 1496 NABTSFEC - ok
20:45:03.0203 1496 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:45:03.0234 1496 napagent - ok
20:45:03.0390 1496 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:45:03.0421 1496 NDIS - ok
20:45:03.0640 1496 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:45:03.0640 1496 NdisIP - ok
20:45:03.0750 1496 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:45:03.0765 1496 NdisTapi - ok
20:45:03.0843 1496 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:45:03.0843 1496 Ndisuio - ok
20:45:04.0031 1496 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:45:04.0031 1496 NdisWan - ok
20:45:04.0218 1496 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:45:04.0218 1496 NDProxy - ok
20:45:04.0406 1496 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:45:04.0406 1496 NetBIOS - ok
20:45:04.0640 1496 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:45:04.0703 1496 NetBT - ok
20:45:04.0843 1496 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:45:04.0859 1496 NetDDE - ok
20:45:04.0859 1496 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:45:04.0875 1496 NetDDEdsdm - ok
20:45:04.0984 1496 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:45:04.0984 1496 Netlogon - ok
20:45:05.0062 1496 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:45:05.0062 1496 Netman - ok
20:45:05.0203 1496 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:45:05.0218 1496 NetTcpPortSharing - ok
20:45:05.0406 1496 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:45:05.0406 1496 NIC1394 - ok
20:45:05.0609 1496 NIDomainService (3b1439a956f872f36f0e8190f64ec9f9) C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
20:45:05.0609 1496 NIDomainService - ok
20:45:05.0750 1496 niSvcLoc - ok
20:45:05.0890 1496 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:45:05.0906 1496 Nla - ok
20:45:06.0046 1496 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:45:06.0062 1496 Npfs - ok
20:45:06.0281 1496 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:45:06.0312 1496 Ntfs - ok
20:45:06.0468 1496 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
20:45:06.0468 1496 NtLmSsp - ok
20:45:06.0703 1496 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:45:06.0718 1496 NtmsSvc - ok
20:45:06.0859 1496 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:45:06.0859 1496 Null - ok
20:45:07.0031 1496 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:45:07.0125 1496 nv - ok
20:45:07.0265 1496 NVSvc (26712cf8be48bc767854927435c0b6a9) C:\WINDOWS\System32\nvsvc32.exe
20:45:07.0265 1496 NVSvc - ok
20:45:07.0453 1496 nv_agp (29291c3a7256337327051cc37e4fc09a) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
20:45:07.0453 1496 nv_agp - ok
20:45:07.0625 1496 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:45:07.0625 1496 NwlnkFlt - ok
20:45:07.0859 1496 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:45:07.0875 1496 NwlnkFwd - ok
20:45:08.0046 1496 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:45:08.0046 1496 ohci1394 - ok
20:45:08.0203 1496 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:45:08.0203 1496 ose - ok
20:45:08.0359 1496 PalmUSBD - ok
20:45:08.0500 1496 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:45:08.0500 1496 Parport - ok
20:45:08.0843 1496 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:45:08.0859 1496 PartMgr - ok
20:45:09.0203 1496 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:45:09.0203 1496 ParVdm - ok
20:45:09.0546 1496 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:45:09.0562 1496 PCI - ok
20:45:09.0937 1496 PCIDump - ok
20:45:10.0390 1496 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:45:10.0406 1496 PCIIde - ok
20:45:10.0843 1496 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:45:10.0859 1496 Pcmcia - ok
20:45:11.0187 1496 PDCOMP - ok
20:45:11.0515 1496 PDFRAME - ok
20:45:11.0875 1496 PDRELI - ok
20:45:12.0140 1496 PDRFRAME - ok
20:45:12.0359 1496 perc2 - ok
20:45:12.0671 1496 perc2hib - ok
20:45:12.0953 1496 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:45:12.0953 1496 PlugPlay - ok
20:45:13.0093 1496 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:45:13.0109 1496 PolicyAgent - ok
20:45:13.0390 1496 ppa3 (c740d0cb238670629af1b740414a8f3c) C:\WINDOWS\system32\DRIVERS\ppa3.sys
20:45:13.0406 1496 ppa3 - ok
20:45:13.0921 1496 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:45:13.0921 1496 PptpMiniport - ok
20:45:14.0218 1496 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
20:45:14.0218 1496 Processor - ok
20:45:14.0359 1496 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:45:14.0359 1496 ProtectedStorage - ok
20:45:14.0531 1496 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys
20:45:14.0531 1496 Ps2 - ok
20:45:14.0781 1496 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:45:14.0781 1496 PSched - ok
20:45:14.0984 1496 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:45:14.0984 1496 Ptilink - ok
20:45:15.0171 1496 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:45:15.0171 1496 PxHelp20 - ok
20:45:15.0312 1496 ql1080 - ok
20:45:15.0421 1496 Ql10wnt - ok
20:45:15.0500 1496 ql12160 - ok
20:45:15.0593 1496 ql1240 - ok
20:45:15.0734 1496 ql1280 - ok
20:45:15.0937 1496 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:45:15.0937 1496 RasAcd - ok
20:45:16.0125 1496 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:45:16.0125 1496 RasAuto - ok
20:45:16.0312 1496 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:45:16.0312 1496 Rasl2tp - ok
20:45:16.0468 1496 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:45:16.0468 1496 RasMan - ok
20:45:16.0687 1496 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:45:16.0687 1496 RasPppoe - ok
20:45:16.0890 1496 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:45:16.0890 1496 Raspti - ok
20:45:17.0281 1496 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:45:17.0296 1496 Rdbss - ok
20:45:17.0546 1496 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:45:17.0546 1496 RDPCDD - ok
20:45:17.0906 1496 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
20:45:18.0000 1496 RDPWD - ok
20:45:18.0203 1496 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:45:18.0312 1496 RDSessMgr - ok
20:45:18.0484 1496 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:45:18.0484 1496 redbook - ok
20:45:18.0703 1496 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:45:18.0703 1496 RemoteAccess - ok
20:45:18.0859 1496 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
20:45:18.0859 1496 RpcLocator - ok
20:45:18.0984 1496 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
20:45:19.0000 1496 RpcSs - ok
20:45:19.0109 1496 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
20:45:19.0109 1496 RSVP - ok
20:45:19.0218 1496 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
20:45:19.0218 1496 rtl8139 - ok
20:45:19.0390 1496 S3Psddr (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
20:45:19.0406 1496 S3Psddr - ok
20:45:19.0531 1496 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:45:19.0531 1496 SamSs - ok
20:45:19.0734 1496 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:45:19.0734 1496 SCardSvr - ok
20:45:19.0875 1496 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:45:19.0875 1496 Schedule - ok
20:45:19.0937 1496 SDDMI2 - ok
20:45:20.0078 1496 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:45:20.0078 1496 Secdrv - ok
20:45:20.0203 1496 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:45:20.0218 1496 seclogon - ok
20:45:20.0312 1496 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:45:20.0312 1496 SENS - ok
20:45:20.0421 1496 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:45:20.0421 1496 Serenum - ok
20:45:20.0515 1496 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:45:20.0515 1496 Serial - ok
20:45:20.0718 1496 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:45:20.0734 1496 Sfloppy - ok
20:45:20.0937 1496 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:45:20.0937 1496 SharedAccess - ok
20:45:21.0062 1496 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:45:21.0062 1496 ShellHWDetection - ok
20:45:21.0171 1496 Simbad - ok
20:45:21.0312 1496 SiS315 (bdfef5c5d41ba377852389e8f07104ea) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
20:45:21.0328 1496 SiS315 - ok
20:45:21.0484 1496 SISAGP (923d23638c616eecb0d811461161d0b8) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
20:45:21.0484 1496 SISAGP - ok
20:45:21.0671 1496 SiSkp (7e9e5823afbb5af2851abb1659ff627d) C:\WINDOWS\system32\DRIVERS\srvkp.sys
20:45:21.0687 1496 SiSkp - ok
20:45:21.0875 1496 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:45:21.0890 1496 SLIP - ok
20:45:22.0031 1496 Sparrow - ok
20:45:22.0171 1496 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:45:22.0171 1496 splitter - ok
20:45:22.0312 1496 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:45:22.0312 1496 Spooler - ok
20:45:22.0484 1496 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:45:22.0484 1496 sr - ok
20:45:22.0656 1496 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:45:22.0656 1496 srservice - ok
20:45:22.0921 1496 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:45:22.0921 1496 Srv - ok
20:45:23.0156 1496 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:45:23.0156 1496 SSDPSRV - ok
20:45:23.0421 1496 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:45:23.0437 1496 stisvc - ok
20:45:23.0984 1496 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:45:24.0000 1496 streamip - ok
20:45:24.0343 1496 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:45:24.0343 1496 swenum - ok
20:45:24.0437 1496 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:45:24.0437 1496 swmidi - ok
20:45:24.0546 1496 SwPrv - ok
20:45:24.0718 1496 symc810 - ok
20:45:24.0812 1496 symc8xx - ok
20:45:24.0906 1496 sym_hi - ok
20:45:25.0000 1496 sym_u3 - ok
20:45:25.0156 1496 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:45:25.0156 1496 sysaudio - ok
20:45:25.0328 1496 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:45:25.0328 1496 SysmonLog - ok
20:45:25.0484 1496 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:45:25.0484 1496 TapiSrv - ok
20:45:25.0671 1496 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:45:25.0703 1496 Tcpip - ok
20:45:25.0859 1496 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:45:25.0875 1496 TDPIPE - ok
20:45:26.0015 1496 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:45:26.0015 1496 TDTCP - ok
20:45:26.0125 1496 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:45:26.0140 1496 TermDD - ok
20:45:26.0265 1496 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:45:26.0281 1496 TermService - ok
20:45:26.0406 1496 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:45:26.0421 1496 Themes - ok
20:45:26.0515 1496 TosIde - ok
20:45:26.0671 1496 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:45:26.0671 1496 TrkWks - ok
20:45:26.0859 1496 tvnserver (aaf458cc200326bef602b5339400bf86) C:\Program Files\TightVNC\tvnserver.exe
20:45:26.0921 1496 tvnserver - ok
20:45:27.0109 1496 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:45:27.0109 1496 Udfs - ok
20:45:27.0265 1496 ultra - ok
20:45:27.0421 1496 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:45:27.0468 1496 Update - ok
20:45:27.0656 1496 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:45:27.0703 1496 upnphost - ok
20:45:27.0890 1496 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:45:27.0890 1496 UPS - ok
20:45:28.0078 1496 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:45:28.0078 1496 USBAAPL - ok
20:45:28.0265 1496 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:45:28.0265 1496 usbaudio - ok
20:45:28.0453 1496 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:45:28.0453 1496 usbccgp - ok
20:45:28.0656 1496 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:45:28.0656 1496 usbehci - ok
20:45:28.0843 1496 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:45:28.0843 1496 usbhub - ok
20:45:29.0031 1496 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:45:29.0031 1496 usbohci - ok
20:45:29.0234 1496 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:45:29.0234 1496 usbprint - ok
20:45:29.0453 1496 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:45:29.0453 1496 usbscan - ok
20:45:29.0703 1496 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:45:29.0703 1496 USBSTOR - ok
20:45:29.0875 1496 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:45:29.0875 1496 usbuhci - ok
20:45:30.0015 1496 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
20:45:30.0031 1496 usbvideo - ok
20:45:30.0203 1496 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:45:30.0203 1496 VgaSave - ok
20:45:30.0406 1496 viaagp1 (0e3e3fae3a0a58b8d936a8e841a17d16) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
20:45:30.0406 1496 viaagp1 - ok
20:45:30.0500 1496 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
20:45:30.0500 1496 ViaIde - ok
20:45:30.0703 1496 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:45:30.0703 1496 VolSnap - ok
20:45:30.0890 1496 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:45:30.0906 1496 VSS - ok
20:45:31.0046 1496 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:45:31.0062 1496 W32Time - ok
20:45:31.0250 1496 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:45:31.0250 1496 Wanarp - ok
20:45:31.0390 1496 WDICA - ok
20:45:31.0593 1496 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:45:31.0593 1496 wdmaud - ok
20:45:31.0734 1496 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:45:31.0750 1496 WebClient - ok
20:45:31.0984 1496 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:45:32.0000 1496 winmgmt - ok
20:45:32.0171 1496 WmdmPmSN (f4db1f1417ff329e8ff217d5c474d5d7) C:\WINDOWS\system32\MsPMSNSv.dll
20:45:32.0187 1496 WmdmPmSN - ok
20:45:32.0359 1496 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
20:45:32.0359 1496 WmiApSrv - ok
20:45:32.0515 1496 WMPNetworkSvc (4f51f2688c51520211c3810c8548e639) C:\Program Files\Windows Media Player\WMPNetwk.exe
20:45:32.0609 1496 WMPNetworkSvc - ok
20:45:32.0796 1496 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:45:32.0796 1496 WS2IFSL - ok
20:45:32.0984 1496 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:45:33.0000 1496 wscsvc - ok
20:45:33.0171 1496 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:45:33.0171 1496 WSTCODEC - ok
20:45:33.0281 1496 WSWNA3100 (d0697918519a4cf059c2c7e3b9e93a53) C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
20:45:33.0281 1496 WSWNA3100 - ok
20:45:33.0421 1496 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:45:33.0453 1496 wuauserv - ok
20:45:33.0656 1496 WudfPf (443f0a35cb3be5d176053da39157a898) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:45:33.0656 1496 WudfPf - ok
20:45:33.0843 1496 WudfRd (e12d4c486d7eb4e0961c27558dc25af7) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:45:33.0843 1496 WudfRd - ok
20:45:34.0000 1496 WudfSvc (8a92b1f02571b634f50db35a934989f6) C:\WINDOWS\System32\WUDFSvc.dll
20:45:34.0015 1496 WudfSvc - ok
20:45:34.0156 1496 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:45:34.0171 1496 WZCSVC - ok
20:45:34.0281 1496 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:45:34.0281 1496 xmlprov - ok
20:45:34.0343 1496 ZipToA - ok
20:45:34.0515 1496 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
20:45:34.0531 1496 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
20:45:34.0703 1496 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
20:45:34.0703 1496 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
20:45:34.0734 1496 MBR (0x1B8) (b716b775fcbdabf0e2ddff76f15c6790) \Device\Harddisk0\DR0
20:45:34.0765 1496 \Device\Harddisk0\DR0 - ok
20:45:34.0781 1496 MBR (0x1B8) (5e4f239959023602860d5896126e5c6f) \Device\Harddisk1\DR1
20:45:34.0828 1496 \Device\Harddisk1\DR1 - ok
20:45:34.0843 1496 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk2\DR5
20:45:35.0875 1496 \Device\Harddisk2\DR5 - ok
20:45:35.0890 1496 Boot (0x1200) (42fc0e38d0d17a6f7a777227095154aa) \Device\Harddisk0\DR0\Partition0
20:45:35.0890 1496 \Device\Harddisk0\DR0\Partition0 - ok
20:45:35.0937 1496 Boot (0x1200) (fa0019f6a43d553b1fb48e32b4eee518) \Device\Harddisk0\DR0\Partition1
20:45:35.0937 1496 \Device\Harddisk0\DR0\Partition1 - ok
20:45:35.0953 1496 Boot (0x1200) (32198fd1274927cb60c9ddcdc36d4429) \Device\Harddisk1\DR1\Partition0
20:45:35.0953 1496 \Device\Harddisk1\DR1\Partition0 - ok
20:45:35.0984 1496 Boot (0x1200) (ddc62e70562b800be832ac26db9eb44f) \Device\Harddisk2\DR5\Partition0
20:45:35.0984 1496 \Device\Harddisk2\DR5\Partition0 - ok
20:45:35.0984 1496 ============================================================
20:45:35.0984 1496 Scan finished
20:45:35.0984 1496 ============================================================
20:45:36.0000 1488 Detected object count: 0
20:45:36.0000 1488 Actual detected object count: 0






- - - - -
aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-22 20:47:05
-----------------------------
20:47:05.765 OS Version: Windows 5.1.2600 Service Pack 3
20:47:05.765 Number of processors: 2 586 0x209
20:47:05.765 ComputerName: COMPAQ UserName: Owner
20:47:06.156 Initialize success
20:56:34.875 AVAST engine download error: 0
20:56:49.906 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
20:56:49.906 Disk 0 Vendor: SAMSUNG_SV0802N TP100-23 Size: 76351MB BusType: 3
20:56:49.906 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
20:56:49.906 Disk 1 Vendor: WDC_WD600BB-00CAA1 17.07W17 Size: 57241MB BusType: 3
20:56:49.937 Disk 0 MBR read successfully
20:56:49.937 Disk 0 MBR scan
20:56:49.937 Disk 0 unknown MBR code
20:56:49.937 Disk 0 Partition 1 00 0B FAT32 RECOVERY 5086 MB offset 63
20:56:49.953 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 71251 MB offset 10417680
20:56:49.953 Disk 0 scanning sectors +156340800
20:56:50.062 Disk 0 scanning C:\WINDOWS\system32\drivers
20:57:02.234 Service scanning
20:57:41.015 Modules scanning
20:58:06.359 Disk 0 trace - called modules:
20:58:06.390 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:58:06.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a2ceab8]
20:58:06.390 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000005e[0x8a29e3b8]
20:58:06.390 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a2b3d98]
20:58:06.406 Scan finished successfully
20:59:07.953 Disk 0 MBR has been saved successfully to "H:\aswMBR\MBR.dat"
20:59:10.125 The log file has been saved successfully to "H:\aswMBR\aswMBR.txt"


-Joel

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:24 AM

Posted 22 March 2012 - 09:12 PM

Hello


you cannot connect to the internet at this time?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 GreyhoundGuy

GreyhoundGuy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 22 March 2012 - 09:47 PM

you cannot connect to the internet at this time?


No. The USB is plugged in like usual, but the blue power/connectivity light isn't coming on. I tried to fire up the NetGear Smart Wizard from my start menu, and that's not firing up. Would you suggest uninstalling and reinstalling the software for the USB device?


ETA: I should add that the wireless Internet is still working in the house. I'm on a laptop, and I have wireless. My wife is on her laptop, and she's got wireless. Our phones are accessing the wireless, too. The signal is there, but the desktop is not accessing it.


-Joel

Edited by GreyhoundGuy, 22 March 2012 - 09:48 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:24 AM

Posted 22 March 2012 - 09:58 PM

Greetings

First try moving it to another usb port if it still does not work uninstall the software and reinstall it and if it still does not work then run this for me


Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure all the boxes are checked
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 GreyhoundGuy

GreyhoundGuy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 22 March 2012 - 10:10 PM

I'll do those things, but it'll have to wait until tomorrow night. I have to finish my lesson plans tonight.

Thanks for all your help so far. I'll post again tomorrow afternoon/night.

-Joel

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:24 AM

Posted 22 March 2012 - 10:13 PM

I will be here -


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 GreyhoundGuy

GreyhoundGuy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 23 March 2012 - 08:17 PM

I was able to get the wireless Internet adapter (USB) running again. I went into Control Panels, Add/Remove, and clicked on the Netgear removal tool. It gave me the option to reinstall it from the CD without having to remove it from the hard drive. That seems to have done the trick.

Update on my computer:
The background is still black.
No quick links next to the start menu button

Other than that, it seems like the computer is running pretty smoothly again.

Since I've got Internet again, I thought I better run TDSSKiller and aswMBR. Also, I ran FSS just in case you needed it. Here are those new, updated logs:


- - - - -
TDSSKiller

19:07:30.0703 0996 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
19:07:31.0187 0996 ============================================================
19:07:31.0187 0996 Current date / time: 2012/03/23 19:07:31.0187
19:07:31.0187 0996 SystemInfo:
19:07:31.0187 0996
19:07:31.0187 0996 OS Version: 5.1.2600 ServicePack: 3.0
19:07:31.0187 0996 Product type: Workstation
19:07:31.0187 0996 ComputerName: COMPAQ
19:07:31.0187 0996 UserName: Owner
19:07:31.0187 0996 Windows directory: C:\WINDOWS
19:07:31.0187 0996 System windows directory: C:\WINDOWS
19:07:31.0187 0996 Processor architecture: Intel x86
19:07:31.0187 0996 Number of processors: 2
19:07:31.0187 0996 Page size: 0x1000
19:07:31.0187 0996 Boot type: Normal boot
19:07:31.0187 0996 ============================================================
19:07:33.0000 0996 Drive \Device\Harddisk0\DR0 - Size: 0x12A3F92000 (74.56 Gb), SectorSize: 0x200, Cylinders: 0x2865, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
19:07:33.0000 0996 Drive \Device\Harddisk1\DR1 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:07:33.0000 0996 Drive \Device\Harddisk2\DR7 - Size: 0xEF600000 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x1E8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:07:33.0000 0996 \Device\Harddisk0\DR0:
19:07:33.0000 0996 MBR used
19:07:33.0000 0996 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x9EF5D1
19:07:33.0000 0996 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9EF610, BlocksNum 0x8B29C30
19:07:33.0000 0996 \Device\Harddisk1\DR1:
19:07:33.0000 0996 MBR used
19:07:33.0000 0996 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x6FC7C41
19:07:33.0000 0996 \Device\Harddisk2\DR7:
19:07:33.0000 0996 MBR used
19:07:33.0000 0996 \Device\Harddisk2\DR7\Partition0: MBR, Type 0xB, StartLBA 0x1F80, BlocksNum 0x779080
19:07:33.0031 0996 Initialize success
19:07:33.0031 0996 ============================================================
19:07:35.0546 3232 ============================================================
19:07:35.0546 3232 Scan started
19:07:35.0546 3232 Mode: Manual;
19:07:35.0546 3232 ============================================================
19:07:36.0687 3232 Aavmker4 (aa8b7e0879293fa075695c83396bb305) C:\WINDOWS\system32\drivers\Aavmker4.sys
19:07:36.0687 3232 Aavmker4 - ok
19:07:36.0843 3232 Abiosdsk - ok
19:07:36.0953 3232 abp480n5 - ok
19:07:37.0046 3232 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:07:37.0062 3232 ACPI - ok
19:07:37.0234 3232 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:07:37.0250 3232 ACPIEC - ok
19:07:37.0390 3232 adpu160m - ok
19:07:37.0531 3232 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:07:37.0531 3232 aec - ok
19:07:37.0968 3232 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:07:38.0062 3232 AFD - ok
19:07:38.0453 3232 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
19:07:38.0453 3232 AFS2K - ok
19:07:38.0640 3232 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
19:07:38.0640 3232 agp440 - ok
19:07:38.0796 3232 Aha154x - ok
19:07:38.0906 3232 aic78u2 - ok
19:07:38.0953 3232 aic78xx - ok
19:07:39.0156 3232 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
19:07:39.0265 3232 ALCXWDM - ok
19:07:39.0406 3232 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
19:07:39.0406 3232 Alerter - ok
19:07:39.0500 3232 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
19:07:39.0500 3232 ALG - ok
19:07:39.0593 3232 AliIde - ok
19:07:39.0687 3232 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
19:07:39.0687 3232 AmdK7 - ok
19:07:39.0828 3232 amsint - ok
19:07:40.0000 3232 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:07:40.0000 3232 Apple Mobile Device - ok
19:07:40.0093 3232 AppMgmt - ok
19:07:40.0265 3232 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:07:40.0281 3232 Arp1394 - ok
19:07:40.0437 3232 asc - ok
19:07:40.0531 3232 asc3350p - ok
19:07:40.0656 3232 asc3550 - ok
19:07:40.0859 3232 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:07:40.0906 3232 aspnet_state - ok
19:07:41.0093 3232 aswMon2 (e2aca663e57105e68a914f54f3212f5a) C:\WINDOWS\system32\drivers\aswMon2.sys
19:07:41.0093 3232 aswMon2 - ok
19:07:41.0281 3232 aswRdr (4fc10bb2249e2c23cf879f4f9a8d0c6e) C:\WINDOWS\system32\drivers\aswRdr.sys
19:07:41.0281 3232 aswRdr - ok
19:07:41.0468 3232 aswTdi (ddfacb49e24f69e0ebd19b42ba5cc9cc) C:\WINDOWS\system32\drivers\aswTdi.sys
19:07:41.0468 3232 aswTdi - ok
19:07:41.0593 3232 aswUpdSv (0bab87db7dac336b52ada529cf472b74) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
19:07:41.0593 3232 aswUpdSv - ok
19:07:41.0765 3232 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:07:41.0765 3232 AsyncMac - ok
19:07:41.0953 3232 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:07:41.0953 3232 atapi - ok
19:07:42.0109 3232 Atdisk - ok
19:07:42.0250 3232 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:07:42.0250 3232 Atmarpc - ok
19:07:42.0390 3232 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
19:07:42.0390 3232 AudioSrv - ok
19:07:42.0562 3232 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:07:42.0562 3232 audstub - ok
19:07:42.0718 3232 avast! Antivirus (4c2d6f51f2a1943ef24e8c3e55267f04) C:\Program Files\Alwil Software\Avast4\ashServ.exe
19:07:42.0734 3232 avast! Antivirus - ok
19:07:42.0765 3232 avast! Mail Scanner (0005db55986f3b014fba24c2356476b7) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
19:07:42.0812 3232 avast! Mail Scanner - ok
19:07:42.0875 3232 avast! Web Scanner (d1c26f6b1aa7ba597f435cb136e998d4) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
19:07:42.0968 3232 avast! Web Scanner - ok
19:07:43.0187 3232 BCMH43XX (b770039886598aab7cf5eaeec2409e31) C:\WINDOWS\system32\DRIVERS\bcmwlhigh5.sys
19:07:43.0265 3232 BCMH43XX - ok
19:07:43.0421 3232 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:07:43.0437 3232 Beep - ok
19:07:43.0531 3232 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
19:07:43.0593 3232 BITS - ok
19:07:43.0718 3232 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
19:07:43.0750 3232 Bonjour Service - ok
19:07:43.0890 3232 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
19:07:43.0890 3232 Browser - ok
19:07:43.0921 3232 catchme - ok
19:07:44.0062 3232 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:07:44.0062 3232 cbidf2k - ok
19:07:44.0250 3232 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:07:44.0250 3232 CCDECODE - ok
19:07:44.0406 3232 cd20xrnt - ok
19:07:44.0546 3232 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:07:44.0546 3232 Cdaudio - ok
19:07:44.0687 3232 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:07:44.0687 3232 Cdfs - ok
19:07:44.0875 3232 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:07:44.0875 3232 Cdrom - ok
19:07:45.0015 3232 Changer - ok
19:07:45.0187 3232 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
19:07:45.0187 3232 CiSvc - ok
19:07:45.0250 3232 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
19:07:45.0265 3232 ClipSrv - ok
19:07:45.0359 3232 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:07:45.0484 3232 clr_optimization_v2.0.50727_32 - ok
19:07:45.0640 3232 CmdIde - ok
19:07:45.0750 3232 COMSysApp - ok
19:07:45.0859 3232 Cpqarray - ok
19:07:45.0968 3232 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
19:07:45.0984 3232 CryptSvc - ok
19:07:46.0125 3232 cvintdrv (dbd89bc0dbe00dcd245be8f61dbee291) C:\WINDOWS\system32\drivers\cvintdrv.sys
19:07:46.0125 3232 cvintdrv - ok
19:07:46.0281 3232 dac2w2k - ok
19:07:46.0375 3232 dac960nt - ok
19:07:46.0484 3232 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:07:46.0500 3232 DcomLaunch - ok
19:07:46.0578 3232 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
19:07:46.0578 3232 Dhcp - ok
19:07:46.0703 3232 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:07:46.0703 3232 Disk - ok
19:07:46.0812 3232 dmadmin - ok
19:07:47.0031 3232 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:07:47.0062 3232 dmboot - ok
19:07:47.0250 3232 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:07:47.0265 3232 dmio - ok
19:07:47.0421 3232 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:07:47.0421 3232 dmload - ok
19:07:47.0562 3232 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
19:07:47.0562 3232 dmserver - ok
19:07:47.0734 3232 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:07:47.0734 3232 DMusic - ok
19:07:47.0875 3232 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
19:07:47.0875 3232 Dnscache - ok
19:07:48.0015 3232 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
19:07:48.0015 3232 Dot3svc - ok
19:07:48.0109 3232 dpti2o - ok
19:07:48.0203 3232 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:07:48.0203 3232 drmkaud - ok
19:07:48.0359 3232 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
19:07:48.0359 3232 EapHost - ok
19:07:48.0484 3232 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
19:07:48.0500 3232 ERSvc - ok
19:07:48.0593 3232 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:07:48.0625 3232 Eventlog - ok
19:07:48.0781 3232 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
19:07:48.0781 3232 EventSystem - ok
19:07:48.0937 3232 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:07:48.0937 3232 Fastfat - ok
19:07:49.0109 3232 fasttx2k (6339aaf63240df0634902b98c0f56049) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
19:07:49.0140 3232 fasttx2k - ok
19:07:49.0296 3232 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:07:49.0296 3232 FastUserSwitchingCompatibility - ok
19:07:49.0453 3232 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:07:49.0453 3232 Fdc - ok
19:07:49.0625 3232 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:07:49.0625 3232 Fips - ok
19:07:49.0812 3232 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:07:49.0812 3232 Flpydisk - ok
19:07:50.0015 3232 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:07:50.0015 3232 FltMgr - ok
19:07:50.0265 3232 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:07:50.0265 3232 FontCache3.0.0.0 - ok
19:07:50.0468 3232 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:07:50.0468 3232 Fs_Rec - ok
19:07:50.0656 3232 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:07:50.0656 3232 Ftdisk - ok
19:07:50.0859 3232 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
19:07:50.0859 3232 GEARAspiWDM - ok
19:07:51.0046 3232 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:07:51.0046 3232 Gpc - ok
19:07:51.0234 3232 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
19:07:51.0234 3232 grmnusb - ok
19:07:51.0343 3232 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:07:51.0343 3232 helpsvc - ok
19:07:51.0484 3232 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
19:07:51.0484 3232 HidServ - ok
19:07:51.0656 3232 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:07:51.0656 3232 HidUsb - ok
19:07:51.0796 3232 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
19:07:51.0796 3232 hkmsvc - ok
19:07:51.0953 3232 hpn - ok
19:07:52.0078 3232 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:07:52.0078 3232 HTTP - ok
19:07:52.0218 3232 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
19:07:52.0234 3232 HTTPFilter - ok
19:07:52.0328 3232 i2omgmt - ok
19:07:52.0390 3232 i2omp - ok
19:07:52.0468 3232 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:07:52.0468 3232 i8042prt - ok
19:07:52.0687 3232 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:07:52.0718 3232 ialm - ok
19:07:52.0875 3232 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:07:52.0875 3232 IDriverT - ok
19:07:53.0078 3232 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:07:53.0156 3232 idsvc - ok
19:07:53.0343 3232 ifp800 (7d19431e613a70262e5586fa76bb29f0) C:\WINDOWS\system32\Drivers\ifp800.sys
19:07:53.0343 3232 ifp800 - ok
19:07:53.0531 3232 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:07:53.0531 3232 Imapi - ok
19:07:53.0687 3232 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
19:07:53.0687 3232 ImapiService - ok
19:07:53.0828 3232 ini910u - ok
19:07:53.0968 3232 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
19:07:53.0968 3232 IntelIde - ok
19:07:54.0171 3232 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:07:54.0171 3232 intelppm - ok
19:07:54.0296 3232 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:07:54.0296 3232 ip6fw - ok
19:07:54.0484 3232 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:07:54.0484 3232 IpFilterDriver - ok
19:07:54.0703 3232 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:07:54.0703 3232 IpInIp - ok
19:07:54.0890 3232 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:07:54.0906 3232 IpNat - ok
19:07:55.0062 3232 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
19:07:55.0093 3232 iPod Service - ok
19:07:55.0281 3232 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:07:55.0281 3232 IPSec - ok
19:07:55.0484 3232 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:07:55.0484 3232 IRENUM - ok
19:07:55.0671 3232 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:07:55.0671 3232 isapnp - ok
19:07:55.0843 3232 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
19:07:55.0843 3232 JavaQuickStarterService - ok
19:07:56.0046 3232 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:07:56.0046 3232 Kbdclass - ok
19:07:56.0218 3232 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:07:56.0234 3232 kbdhid - ok
19:07:56.0375 3232 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:07:56.0390 3232 kmixer - ok
19:07:56.0578 3232 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:07:56.0578 3232 KSecDD - ok
19:07:56.0765 3232 L8042Kbd (5a11400ea1f0a106fe7edb28c270f7b8) C:\WINDOWS\system32\Drivers\L8042Kbd.sys
19:07:56.0765 3232 L8042Kbd - ok
19:07:56.0953 3232 L8042mou (20c919b52897b72ebcb2ad2fc29d8ef0) C:\WINDOWS\system32\Drivers\L8042mou.sys
19:07:56.0953 3232 L8042mou - ok
19:07:57.0109 3232 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
19:07:57.0109 3232 lanmanserver - ok
19:07:57.0250 3232 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
19:07:57.0250 3232 lanmanworkstation - ok
19:07:57.0328 3232 lbrtfdc - ok
19:07:57.0421 3232 LHidKe (31b582394da3290dff300f10952e9a4d) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
19:07:57.0437 3232 LHidKe - ok
19:07:57.0640 3232 LkCitadelServer (20cdb07017497c94a0bad253c4bafcbc) C:\WINDOWS\system32\lkcitdl.exe
19:07:57.0687 3232 LkCitadelServer - ok
19:07:57.0828 3232 lkClassAds (16a17d015c4576486ff39ee350035712) C:\WINDOWS\system32\lkads.exe
19:07:57.0828 3232 lkClassAds - ok
19:07:57.0953 3232 lkTimeSync (372099ecc46225acdc4b4e4010d70329) C:\WINDOWS\system32\lktsrv.exe
19:07:57.0953 3232 lkTimeSync - ok
19:07:58.0031 3232 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
19:07:58.0031 3232 LmHosts - ok
19:07:58.0171 3232 LMouKE (90a794d0a0bf3531c4ba1c0510449629) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
19:07:58.0171 3232 LMouKE - ok
19:07:58.0375 3232 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
19:07:58.0421 3232 ltmodem5 - ok
19:07:58.0609 3232 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
19:07:58.0640 3232 MDM - ok
19:07:58.0781 3232 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
19:07:58.0781 3232 Messenger - ok
19:07:58.0921 3232 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:07:58.0921 3232 mnmdd - ok
19:07:59.0046 3232 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
19:07:59.0062 3232 mnmsrvc - ok
19:07:59.0218 3232 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:07:59.0218 3232 Modem - ok
19:07:59.0406 3232 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:07:59.0406 3232 MODEMCSA - ok
19:07:59.0593 3232 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:07:59.0593 3232 Mouclass - ok
19:07:59.0796 3232 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:07:59.0796 3232 mouhid - ok
19:08:00.0015 3232 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:08:00.0015 3232 MountMgr - ok
19:08:00.0203 3232 mraid35x - ok
19:08:00.0343 3232 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:08:00.0390 3232 MRxDAV - ok
19:08:00.0625 3232 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:08:00.0671 3232 MRxSmb - ok
19:08:00.0843 3232 MSCamSvc (b03e3f64b70f8031e65eb26da23de91a) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
19:08:00.0890 3232 MSCamSvc - ok
19:08:01.0015 3232 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
19:08:01.0031 3232 MSDTC - ok
19:08:01.0171 3232 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:08:01.0171 3232 Msfs - ok
19:08:01.0359 3232 MSHUSBVideo (7a0f9cbdbdb135113b9a3c138e20c85d) C:\WINDOWS\system32\Drivers\nx6000.sys
19:08:01.0359 3232 MSHUSBVideo - ok
19:08:01.0468 3232 MSIServer - ok
19:08:01.0656 3232 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:08:01.0656 3232 MSKSSRV - ok
19:08:01.0890 3232 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:08:01.0890 3232 MSPCLOCK - ok
19:08:02.0078 3232 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:08:02.0078 3232 MSPQM - ok
19:08:02.0250 3232 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:08:02.0265 3232 mssmbios - ok
19:08:02.0421 3232 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:08:02.0437 3232 MSTEE - ok
19:08:02.0609 3232 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:08:02.0625 3232 Mup - ok
19:08:02.0812 3232 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:08:02.0812 3232 NABTSFEC - ok
19:08:03.0015 3232 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
19:08:03.0031 3232 napagent - ok
19:08:03.0187 3232 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:08:03.0218 3232 NDIS - ok
19:08:03.0421 3232 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:08:03.0421 3232 NdisIP - ok
19:08:03.0609 3232 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:08:03.0625 3232 NdisTapi - ok
19:08:03.0703 3232 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:08:03.0703 3232 Ndisuio - ok
19:08:03.0890 3232 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:08:03.0890 3232 NdisWan - ok
19:08:04.0093 3232 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:08:04.0093 3232 NDProxy - ok
19:08:04.0296 3232 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:08:04.0328 3232 NetBIOS - ok
19:08:04.0593 3232 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:08:04.0593 3232 NetBT - ok
19:08:04.0750 3232 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:08:04.0750 3232 NetDDE - ok
19:08:04.0765 3232 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:08:04.0765 3232 NetDDEdsdm - ok
19:08:04.0937 3232 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:08:04.0968 3232 Netlogon - ok
19:08:05.0578 3232 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
19:08:05.0640 3232 Netman - ok
19:08:05.0859 3232 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:08:05.0859 3232 NetTcpPortSharing - ok
19:08:06.0046 3232 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:08:06.0046 3232 NIC1394 - ok
19:08:06.0218 3232 NIDomainService (3b1439a956f872f36f0e8190f64ec9f9) C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
19:08:06.0218 3232 NIDomainService - ok
19:08:06.0328 3232 niSvcLoc - ok
19:08:06.0468 3232 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
19:08:06.0484 3232 Nla - ok
19:08:06.0625 3232 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\DRIVERS\npf.sys
19:08:06.0625 3232 NPF - ok
19:08:06.0812 3232 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:08:06.0812 3232 Npfs - ok
19:08:07.0031 3232 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:08:07.0046 3232 Ntfs - ok
19:08:07.0203 3232 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
19:08:07.0203 3232 NtLmSsp - ok
19:08:07.0328 3232 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
19:08:07.0359 3232 NtmsSvc - ok
19:08:07.0484 3232 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:08:07.0500 3232 Null - ok
19:08:07.0687 3232 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:08:07.0781 3232 nv - ok
19:08:07.0921 3232 NVSvc (26712cf8be48bc767854927435c0b6a9) C:\WINDOWS\System32\nvsvc32.exe
19:08:07.0921 3232 NVSvc - ok
19:08:08.0109 3232 nv_agp (29291c3a7256337327051cc37e4fc09a) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
19:08:08.0109 3232 nv_agp - ok
19:08:08.0234 3232 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:08:08.0250 3232 NwlnkFlt - ok
19:08:08.0406 3232 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:08:08.0406 3232 NwlnkFwd - ok
19:08:08.0593 3232 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:08:08.0593 3232 ohci1394 - ok
19:08:08.0750 3232 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:08:08.0750 3232 ose - ok
19:08:08.0921 3232 PalmUSBD - ok
19:08:09.0078 3232 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:08:09.0078 3232 Parport - ok
19:08:09.0265 3232 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:08:09.0265 3232 PartMgr - ok
19:08:09.0468 3232 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:08:09.0468 3232 ParVdm - ok
19:08:09.0656 3232 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:08:09.0671 3232 PCI - ok
19:08:09.0812 3232 PCIDump - ok
19:08:09.0953 3232 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:08:09.0953 3232 PCIIde - ok
19:08:10.0171 3232 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:08:10.0171 3232 Pcmcia - ok
19:08:10.0328 3232 PDCOMP - ok
19:08:10.0421 3232 PDFRAME - ok
19:08:10.0500 3232 PDRELI - ok
19:08:10.0640 3232 PDRFRAME - ok
19:08:10.0687 3232 perc2 - ok
19:08:10.0765 3232 perc2hib - ok
19:08:10.0890 3232 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:08:10.0890 3232 PlugPlay - ok
19:08:10.0984 3232 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:08:10.0984 3232 PolicyAgent - ok
19:08:11.0109 3232 ppa3 (c740d0cb238670629af1b740414a8f3c) C:\WINDOWS\system32\DRIVERS\ppa3.sys
19:08:11.0109 3232 ppa3 - ok
19:08:11.0281 3232 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:08:11.0281 3232 PptpMiniport - ok
19:08:11.0468 3232 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
19:08:11.0468 3232 Processor - ok
19:08:11.0609 3232 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:08:11.0609 3232 ProtectedStorage - ok
19:08:11.0750 3232 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys
19:08:11.0750 3232 Ps2 - ok
19:08:11.0937 3232 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:08:11.0937 3232 PSched - ok
19:08:12.0125 3232 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:08:12.0125 3232 Ptilink - ok
19:08:12.0312 3232 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:08:12.0312 3232 PxHelp20 - ok
19:08:12.0468 3232 ql1080 - ok
19:08:12.0578 3232 Ql10wnt - ok
19:08:12.0640 3232 ql12160 - ok
19:08:12.0718 3232 ql1240 - ok
19:08:12.0750 3232 ql1280 - ok
19:08:12.0828 3232 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:08:12.0828 3232 RasAcd - ok
19:08:12.0953 3232 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
19:08:12.0968 3232 RasAuto - ok
19:08:13.0093 3232 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:08:13.0093 3232 Rasl2tp - ok
19:08:13.0250 3232 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
19:08:13.0265 3232 RasMan - ok
19:08:13.0421 3232 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:08:13.0421 3232 RasPppoe - ok
19:08:13.0625 3232 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:08:13.0625 3232 Raspti - ok
19:08:13.0843 3232 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:08:13.0843 3232 Rdbss - ok
19:08:14.0015 3232 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:08:14.0015 3232 RDPCDD - ok
19:08:14.0156 3232 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
19:08:14.0156 3232 RDPWD - ok
19:08:14.0328 3232 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
19:08:14.0328 3232 RDSessMgr - ok
19:08:14.0468 3232 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:08:14.0468 3232 redbook - ok
19:08:14.0625 3232 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
19:08:14.0640 3232 RemoteAccess - ok
19:08:14.0734 3232 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
19:08:14.0750 3232 RpcLocator - ok
19:08:14.0859 3232 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
19:08:14.0875 3232 RpcSs - ok
19:08:14.0968 3232 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
19:08:14.0968 3232 RSVP - ok
19:08:15.0062 3232 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
19:08:15.0078 3232 rtl8139 - ok
19:08:15.0187 3232 S3Psddr (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
19:08:15.0187 3232 S3Psddr - ok
19:08:15.0312 3232 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:08:15.0328 3232 SamSs - ok
19:08:15.0468 3232 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
19:08:15.0468 3232 SCardSvr - ok
19:08:15.0562 3232 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
19:08:15.0578 3232 Schedule - ok
19:08:15.0656 3232 SDDMI2 - ok
19:08:15.0843 3232 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:08:15.0843 3232 Secdrv - ok
19:08:15.0968 3232 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
19:08:15.0968 3232 seclogon - ok
19:08:16.0046 3232 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
19:08:16.0046 3232 SENS - ok
19:08:16.0171 3232 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:08:16.0171 3232 Serenum - ok
19:08:16.0265 3232 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:08:16.0265 3232 Serial - ok
19:08:16.0453 3232 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:08:16.0453 3232 Sfloppy - ok
19:08:16.0578 3232 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
19:08:16.0609 3232 SharedAccess - ok
19:08:16.0718 3232 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:08:16.0718 3232 ShellHWDetection - ok
19:08:16.0843 3232 Simbad - ok
19:08:17.0031 3232 SiS315 (bdfef5c5d41ba377852389e8f07104ea) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
19:08:17.0062 3232 SiS315 - ok
19:08:17.0187 3232 SISAGP (923d23638c616eecb0d811461161d0b8) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
19:08:17.0187 3232 SISAGP - ok
19:08:17.0250 3232 SiSkp (7e9e5823afbb5af2851abb1659ff627d) C:\WINDOWS\system32\DRIVERS\srvkp.sys
19:08:17.0250 3232 SiSkp - ok
19:08:17.0390 3232 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:08:17.0390 3232 SLIP - ok
19:08:17.0546 3232 Sparrow - ok
19:08:17.0687 3232 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:08:17.0687 3232 splitter - ok
19:08:17.0859 3232 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:08:17.0875 3232 Spooler - ok
19:08:18.0031 3232 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:08:18.0031 3232 sr - ok
19:08:18.0234 3232 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
19:08:18.0265 3232 srservice - ok
19:08:18.0468 3232 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:08:18.0515 3232 Srv - ok
19:08:18.0812 3232 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
19:08:18.0828 3232 SSDPSRV - ok
19:08:19.0015 3232 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
19:08:19.0078 3232 stisvc - ok
19:08:19.0265 3232 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:08:19.0281 3232 streamip - ok
19:08:19.0421 3232 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:08:19.0437 3232 swenum - ok
19:08:19.0531 3232 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:08:19.0531 3232 swmidi - ok
19:08:19.0656 3232 SwPrv - ok
19:08:19.0812 3232 symc810 - ok
19:08:19.0890 3232 symc8xx - ok
19:08:19.0968 3232 sym_hi - ok
19:08:20.0046 3232 sym_u3 - ok
19:08:20.0171 3232 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:08:20.0171 3232 sysaudio - ok
19:08:20.0328 3232 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
19:08:20.0328 3232 SysmonLog - ok
19:08:20.0453 3232 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
19:08:20.0468 3232 TapiSrv - ok
19:08:20.0656 3232 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:08:20.0671 3232 Tcpip - ok
19:08:20.0875 3232 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:08:20.0875 3232 TDPIPE - ok
19:08:21.0046 3232 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:08:21.0046 3232 TDTCP - ok
19:08:21.0218 3232 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:08:21.0234 3232 TermDD - ok
19:08:21.0406 3232 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
19:08:21.0421 3232 TermService - ok
19:08:21.0515 3232 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:08:21.0531 3232 Themes - ok
19:08:21.0671 3232 TosIde - ok
19:08:21.0781 3232 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
19:08:21.0796 3232 TrkWks - ok
19:08:21.0953 3232 tvnserver (aaf458cc200326bef602b5339400bf86) C:\Program Files\TightVNC\tvnserver.exe
19:08:21.0968 3232 tvnserver - ok
19:08:22.0140 3232 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:08:22.0156 3232 Udfs - ok
19:08:22.0250 3232 ultra - ok
19:08:22.0406 3232 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:08:22.0437 3232 Update - ok
19:08:22.0578 3232 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
19:08:22.0593 3232 upnphost - ok
19:08:22.0671 3232 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
19:08:22.0687 3232 UPS - ok
19:08:22.0843 3232 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:08:22.0859 3232 USBAAPL - ok
19:08:23.0046 3232 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:08:23.0046 3232 usbaudio - ok
19:08:23.0218 3232 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:08:23.0218 3232 usbccgp - ok
19:08:23.0406 3232 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:08:23.0406 3232 usbehci - ok
19:08:23.0578 3232 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:08:23.0578 3232 usbhub - ok
19:08:23.0781 3232 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:08:23.0781 3232 usbohci - ok
19:08:23.0921 3232 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:08:23.0921 3232 usbprint - ok
19:08:24.0093 3232 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:08:24.0093 3232 usbscan - ok
19:08:24.0281 3232 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:08:24.0281 3232 USBSTOR - ok
19:08:24.0453 3232 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:08:24.0453 3232 usbuhci - ok
19:08:24.0609 3232 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
19:08:24.0609 3232 usbvideo - ok
19:08:24.0812 3232 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:08:24.0812 3232 VgaSave - ok
19:08:25.0000 3232 viaagp1 (0e3e3fae3a0a58b8d936a8e841a17d16) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
19:08:25.0000 3232 viaagp1 - ok
19:08:25.0109 3232 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
19:08:25.0109 3232 ViaIde - ok
19:08:25.0296 3232 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:08:25.0296 3232 VolSnap - ok
19:08:25.0453 3232 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
19:08:25.0468 3232 VSS - ok
19:08:25.0562 3232 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
19:08:25.0578 3232 W32Time - ok
19:08:25.0734 3232 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:08:25.0734 3232 Wanarp - ok
19:08:25.0890 3232 WDICA - ok
19:08:26.0015 3232 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:08:26.0031 3232 wdmaud - ok
19:08:26.0156 3232 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
19:08:26.0156 3232 WebClient - ok
19:08:26.0359 3232 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:08:26.0375 3232 winmgmt - ok
19:08:26.0546 3232 WmdmPmSN (f4db1f1417ff329e8ff217d5c474d5d7) C:\WINDOWS\system32\MsPMSNSv.dll
19:08:26.0562 3232 WmdmPmSN - ok
19:08:26.0750 3232 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
19:08:26.0750 3232 WmiApSrv - ok
19:08:26.0906 3232 WMPNetworkSvc (4f51f2688c51520211c3810c8548e639) C:\Program Files\Windows Media Player\WMPNetwk.exe
19:08:26.0937 3232 WMPNetworkSvc - ok
19:08:27.0109 3232 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:08:27.0125 3232 WS2IFSL - ok
19:08:27.0265 3232 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
19:08:27.0265 3232 wscsvc - ok
19:08:27.0406 3232 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:08:27.0406 3232 WSTCODEC - ok
19:08:27.0500 3232 WSWNA3100 (d0697918519a4cf059c2c7e3b9e93a53) C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
19:08:27.0515 3232 WSWNA3100 - ok
19:08:27.0671 3232 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
19:08:27.0703 3232 wuauserv - ok
19:08:27.0953 3232 WudfPf (443f0a35cb3be5d176053da39157a898) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:08:27.0953 3232 WudfPf - ok
19:08:28.0140 3232 WudfRd (e12d4c486d7eb4e0961c27558dc25af7) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:08:28.0140 3232 WudfRd - ok
19:08:28.0265 3232 WudfSvc (8a92b1f02571b634f50db35a934989f6) C:\WINDOWS\System32\WUDFSvc.dll
19:08:28.0281 3232 WudfSvc - ok
19:08:28.0406 3232 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
19:08:28.0437 3232 WZCSVC - ok
19:08:28.0562 3232 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
19:08:28.0578 3232 xmlprov - ok
19:08:28.0671 3232 ZipToA - ok
19:08:28.0843 3232 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
19:08:28.0843 3232 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
19:08:28.0968 3232 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
19:08:28.0984 3232 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
19:08:29.0000 3232 MBR (0x1B8) (b716b775fcbdabf0e2ddff76f15c6790) \Device\Harddisk0\DR0
19:08:29.0031 3232 \Device\Harddisk0\DR0 - ok
19:08:29.0046 3232 MBR (0x1B8) (5e4f239959023602860d5896126e5c6f) \Device\Harddisk1\DR1
19:08:29.0078 3232 \Device\Harddisk1\DR1 - ok
19:08:29.0093 3232 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk2\DR7
19:08:30.0156 3232 \Device\Harddisk2\DR7 - ok
19:08:30.0171 3232 Boot (0x1200) (355054ca48ff4b101132681e5afaab2b) \Device\Harddisk0\DR0\Partition0
19:08:30.0171 3232 \Device\Harddisk0\DR0\Partition0 - ok
19:08:30.0187 3232 Boot (0x1200) (fa0019f6a43d553b1fb48e32b4eee518) \Device\Harddisk0\DR0\Partition1
19:08:30.0187 3232 \Device\Harddisk0\DR0\Partition1 - ok
19:08:30.0203 3232 Boot (0x1200) (d6655b44db37664fffd3c91cc5036e91) \Device\Harddisk1\DR1\Partition0
19:08:30.0203 3232 \Device\Harddisk1\DR1\Partition0 - ok
19:08:30.0218 3232 Boot (0x1200) (ddc62e70562b800be832ac26db9eb44f) \Device\Harddisk2\DR7\Partition0
19:08:30.0218 3232 \Device\Harddisk2\DR7\Partition0 - ok
19:08:30.0218 3232 ============================================================
19:08:30.0218 3232 Scan finished
19:08:30.0218 3232 ============================================================
19:08:30.0250 3068 Detected object count: 0
19:08:30.0250 3068 Actual detected object count: 0
19:11:28.0765 3364 ============================================================
19:11:28.0765 3364 Scan started
19:11:28.0765 3364 Mode: Manual;
19:11:28.0765 3364 ============================================================
19:11:29.0109 3364 Aavmker4 (aa8b7e0879293fa075695c83396bb305) C:\WINDOWS\system32\drivers\Aavmker4.sys
19:11:29.0109 3364 Aavmker4 - ok
19:11:29.0265 3364 Abiosdsk - ok
19:11:29.0359 3364 abp480n5 - ok
19:11:29.0468 3364 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:11:29.0468 3364 ACPI - ok
19:11:29.0656 3364 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:11:29.0656 3364 ACPIEC - ok
19:11:29.0796 3364 adpu160m - ok
19:11:29.0937 3364 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:11:29.0937 3364 aec - ok
19:11:30.0140 3364 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:11:30.0140 3364 AFD - ok
19:11:30.0328 3364 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
19:11:30.0328 3364 AFS2K - ok
19:11:30.0515 3364 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
19:11:30.0515 3364 agp440 - ok
19:11:30.0671 3364 Aha154x - ok
19:11:30.0765 3364 aic78u2 - ok
19:11:30.0828 3364 aic78xx - ok
19:11:31.0046 3364 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
19:11:31.0078 3364 ALCXWDM - ok
19:11:31.0234 3364 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
19:11:31.0234 3364 Alerter - ok
19:11:31.0328 3364 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
19:11:31.0328 3364 ALG - ok
19:11:31.0421 3364 AliIde - ok
19:11:31.0500 3364 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
19:11:31.0515 3364 AmdK7 - ok
19:11:31.0656 3364 amsint - ok
19:11:31.0812 3364 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:11:31.0828 3364 Apple Mobile Device - ok
19:11:31.0921 3364 AppMgmt - ok
19:11:32.0093 3364 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:11:32.0093 3364 Arp1394 - ok
19:11:32.0250 3364 asc - ok
19:11:32.0359 3364 asc3350p - ok
19:11:32.0406 3364 asc3550 - ok
19:11:32.0562 3364 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:11:32.0578 3364 aspnet_state - ok
19:11:32.0750 3364 aswMon2 (e2aca663e57105e68a914f54f3212f5a) C:\WINDOWS\system32\drivers\aswMon2.sys
19:11:32.0765 3364 aswMon2 - ok
19:11:32.0953 3364 aswRdr (4fc10bb2249e2c23cf879f4f9a8d0c6e) C:\WINDOWS\system32\drivers\aswRdr.sys
19:11:32.0953 3364 aswRdr - ok
19:11:33.0140 3364 aswTdi (ddfacb49e24f69e0ebd19b42ba5cc9cc) C:\WINDOWS\system32\drivers\aswTdi.sys
19:11:33.0140 3364 aswTdi - ok
19:11:33.0265 3364 aswUpdSv (0bab87db7dac336b52ada529cf472b74) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
19:11:33.0265 3364 aswUpdSv - ok
19:11:33.0437 3364 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:11:33.0437 3364 AsyncMac - ok
19:11:33.0625 3364 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:11:33.0625 3364 atapi - ok
19:11:33.0781 3364 Atdisk - ok
19:11:33.0921 3364 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:11:33.0921 3364 Atmarpc - ok
19:11:34.0062 3364 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
19:11:34.0062 3364 AudioSrv - ok
19:11:34.0218 3364 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:11:34.0218 3364 audstub - ok
19:11:34.0343 3364 avast! Antivirus (4c2d6f51f2a1943ef24e8c3e55267f04) C:\Program Files\Alwil Software\Avast4\ashServ.exe
19:11:34.0343 3364 avast! Antivirus - ok
19:11:34.0390 3364 avast! Mail Scanner (0005db55986f3b014fba24c2356476b7) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
19:11:34.0390 3364 avast! Mail Scanner - ok
19:11:34.0437 3364 avast! Web Scanner (d1c26f6b1aa7ba597f435cb136e998d4) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
19:11:34.0437 3364 avast! Web Scanner - ok
19:11:34.0671 3364 BCMH43XX (b770039886598aab7cf5eaeec2409e31) C:\WINDOWS\system32\DRIVERS\bcmwlhigh5.sys
19:11:34.0671 3364 BCMH43XX - ok
19:11:34.0843 3364 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:11:34.0843 3364 Beep - ok
19:11:34.0953 3364 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
19:11:34.0968 3364 BITS - ok
19:11:35.0093 3364 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
19:11:35.0109 3364 Bonjour Service - ok
19:11:35.0250 3364 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
19:11:35.0250 3364 Browser - ok
19:11:35.0250 3364 catchme - ok
19:11:35.0421 3364 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:11:35.0421 3364 cbidf2k - ok
19:11:35.0609 3364 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:11:35.0609 3364 CCDECODE - ok
19:11:35.0750 3364 cd20xrnt - ok
19:11:35.0890 3364 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:11:35.0890 3364 Cdaudio - ok
19:11:36.0031 3364 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:11:36.0031 3364 Cdfs - ok
19:11:36.0203 3364 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:11:36.0203 3364 Cdrom - ok
19:11:36.0359 3364 Changer - ok
19:11:36.0484 3364 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
19:11:36.0484 3364 CiSvc - ok
19:11:36.0562 3364 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
19:11:36.0562 3364 ClipSrv - ok
19:11:36.0656 3364 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:11:36.0671 3364 clr_optimization_v2.0.50727_32 - ok
19:11:36.0812 3364 CmdIde - ok
19:11:36.0921 3364 COMSysApp - ok
19:11:37.0031 3364 Cpqarray - ok
19:11:37.0156 3364 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
19:11:37.0156 3364 CryptSvc - ok
19:11:37.0296 3364 cvintdrv (dbd89bc0dbe00dcd245be8f61dbee291) C:\WINDOWS\system32\drivers\cvintdrv.sys
19:11:37.0296 3364 cvintdrv - ok
19:11:37.0453 3364 dac2w2k - ok
19:11:37.0546 3364 dac960nt - ok
19:11:37.0671 3364 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:11:37.0671 3364 DcomLaunch - ok
19:11:37.0765 3364 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
19:11:37.0765 3364 Dhcp - ok
19:11:37.0890 3364 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:11:37.0890 3364 Disk - ok
19:11:38.0000 3364 dmadmin - ok
19:11:38.0203 3364 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:11:38.0218 3364 dmboot - ok
19:11:38.0406 3364 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:11:38.0421 3364 dmio - ok
19:11:38.0593 3364 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:11:38.0593 3364 dmload - ok
19:11:38.0734 3364 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
19:11:38.0734 3364 dmserver - ok
19:11:38.0890 3364 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:11:38.0890 3364 DMusic - ok
19:11:39.0031 3364 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
19:11:39.0031 3364 Dnscache - ok
19:11:39.0171 3364 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
19:11:39.0171 3364 Dot3svc - ok
19:11:39.0265 3364 dpti2o - ok
19:11:39.0359 3364 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:11:39.0359 3364 drmkaud - ok
19:11:39.0515 3364 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
19:11:39.0515 3364 EapHost - ok
19:11:39.0625 3364 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
19:11:39.0625 3364 ERSvc - ok
19:11:39.0718 3364 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:11:39.0734 3364 Eventlog - ok
19:11:39.0828 3364 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
19:11:39.0843 3364 EventSystem - ok
19:11:39.0968 3364 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:11:39.0968 3364 Fastfat - ok
19:11:40.0125 3364 fasttx2k (6339aaf63240df0634902b98c0f56049) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
19:11:40.0140 3364 fasttx2k - ok
19:11:40.0234 3364 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:11:40.0250 3364 FastUserSwitchingCompatibility - ok
19:11:40.0406 3364 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:11:40.0406 3364 Fdc - ok
19:11:40.0593 3364 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:11:40.0593 3364 Fips - ok
19:11:40.0765 3364 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:11:40.0765 3364 Flpydisk - ok
19:11:40.0968 3364 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:11:40.0968 3364 FltMgr - ok
19:11:41.0218 3364 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:11:41.0218 3364 FontCache3.0.0.0 - ok
19:11:41.0375 3364 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:11:41.0375 3364 Fs_Rec - ok
19:11:41.0453 3364 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:11:41.0453 3364 Ftdisk - ok
19:11:41.0625 3364 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
19:11:41.0640 3364 GEARAspiWDM - ok
19:11:41.0828 3364 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:11:41.0828 3364 Gpc - ok
19:11:42.0031 3364 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
19:11:42.0031 3364 grmnusb - ok
19:11:42.0140 3364 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:11:42.0140 3364 helpsvc - ok
19:11:42.0265 3364 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
19:11:42.0265 3364 HidServ - ok
19:11:42.0437 3364 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:11:42.0437 3364 HidUsb - ok
19:11:42.0578 3364 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
19:11:42.0578 3364 hkmsvc - ok
19:11:42.0703 3364 hpn - ok
19:11:42.0812 3364 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:11:42.0828 3364 HTTP - ok
19:11:42.0968 3364 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
19:11:42.0968 3364 HTTPFilter - ok
19:11:43.0109 3364 i2omgmt - ok
19:11:43.0171 3364 i2omp - ok
19:11:43.0265 3364 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:11:43.0265 3364 i8042prt - ok
19:11:43.0500 3364 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:11:43.0500 3364 ialm - ok
19:11:43.0671 3364 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:11:43.0671 3364 IDriverT - ok
19:11:43.0859 3364 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:11:43.0875 3364 idsvc - ok
19:11:44.0062 3364 ifp800 (7d19431e613a70262e5586fa76bb29f0) C:\WINDOWS\system32\Drivers\ifp800.sys
19:11:44.0062 3364 ifp800 - ok
19:11:44.0250 3364 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:11:44.0250 3364 Imapi - ok
19:11:44.0406 3364 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
19:11:44.0406 3364 ImapiService - ok
19:11:44.0546 3364 ini910u - ok
19:11:44.0656 3364 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
19:11:44.0656 3364 IntelIde - ok
19:11:44.0843 3364 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:11:44.0843 3364 intelppm - ok
19:11:44.0968 3364 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:11:44.0968 3364 ip6fw - ok
19:11:45.0140 3364 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:11:45.0140 3364 IpFilterDriver - ok
19:11:45.0343 3364 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:11:45.0343 3364 IpInIp - ok
19:11:45.0515 3364 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:11:45.0515 3364 IpNat - ok
19:11:45.0703 3364 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
19:11:45.0703 3364 iPod Service - ok
19:11:45.0890 3364 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:11:45.0890 3364 IPSec - ok
19:11:46.0078 3364 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:11:46.0078 3364 IRENUM - ok
19:11:46.0265 3364 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:11:46.0265 3364 isapnp - ok
19:11:46.0421 3364 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
19:11:46.0421 3364 JavaQuickStarterService - ok
19:11:46.0609 3364 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:11:46.0625 3364 Kbdclass - ok
19:11:46.0796 3364 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:11:46.0796 3364 kbdhid - ok
19:11:46.0937 3364 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:11:46.0937 3364 kmixer - ok
19:11:47.0140 3364 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:11:47.0140 3364 KSecDD - ok
19:11:47.0328 3364 L8042Kbd (5a11400ea1f0a106fe7edb28c270f7b8) C:\WINDOWS\system32\Drivers\L8042Kbd.sys
19:11:47.0328 3364 L8042Kbd - ok
19:11:47.0515 3364 L8042mou (20c919b52897b72ebcb2ad2fc29d8ef0) C:\WINDOWS\system32\Drivers\L8042mou.sys
19:11:47.0515 3364 L8042mou - ok
19:11:47.0656 3364 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
19:11:47.0671 3364 lanmanserver - ok
19:11:47.0796 3364 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
19:11:47.0796 3364 lanmanworkstation - ok
19:11:47.0906 3364 lbrtfdc - ok
19:11:48.0000 3364 LHidKe (31b582394da3290dff300f10952e9a4d) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
19:11:48.0000 3364 LHidKe - ok
19:11:48.0171 3364 LkCitadelServer (20cdb07017497c94a0bad253c4bafcbc) C:\WINDOWS\system32\lkcitdl.exe
19:11:48.0187 3364 LkCitadelServer - ok
19:11:48.0296 3364 lkClassAds (16a17d015c4576486ff39ee350035712) C:\WINDOWS\system32\lkads.exe
19:11:48.0296 3364 lkClassAds - ok
19:11:48.0359 3364 lkTimeSync (372099ecc46225acdc4b4e4010d70329) C:\WINDOWS\system32\lktsrv.exe
19:11:48.0359 3364 lkTimeSync - ok
19:11:48.0453 3364 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
19:11:48.0453 3364 LmHosts - ok
19:11:48.0609 3364 LMouKE (90a794d0a0bf3531c4ba1c0510449629) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
19:11:48.0609 3364 LMouKE - ok
19:11:48.0828 3364 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
19:11:48.0828 3364 ltmodem5 - ok
19:11:49.0046 3364 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
19:11:49.0046 3364 MDM - ok
19:11:49.0203 3364 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
19:11:49.0203 3364 Messenger - ok
19:11:49.0343 3364 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:11:49.0359 3364 mnmdd - ok
19:11:49.0484 3364 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
19:11:49.0484 3364 mnmsrvc - ok
19:11:49.0640 3364 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:11:49.0640 3364 Modem - ok
19:11:49.0828 3364 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:11:49.0828 3364 MODEMCSA - ok
19:11:50.0000 3364 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:11:50.0000 3364 Mouclass - ok
19:11:50.0203 3364 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:11:50.0203 3364 mouhid - ok
19:11:50.0390 3364 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:11:50.0390 3364 MountMgr - ok
19:11:50.0546 3364 mraid35x - ok
19:11:50.0671 3364 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:11:50.0671 3364 MRxDAV - ok
19:11:50.0890 3364 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:11:50.0906 3364 MRxSmb - ok
19:11:51.0031 3364 MSCamSvc (b03e3f64b70f8031e65eb26da23de91a) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
19:11:51.0031 3364 MSCamSvc - ok
19:11:51.0171 3364 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
19:11:51.0171 3364 MSDTC - ok
19:11:51.0343 3364 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:11:51.0343 3364 Msfs - ok
19:11:51.0531 3364 MSHUSBVideo (7a0f9cbdbdb135113b9a3c138e20c85d) C:\WINDOWS\system32\Drivers\nx6000.sys
19:11:51.0531 3364 MSHUSBVideo - ok
19:11:51.0640 3364 MSIServer - ok
19:11:51.0828 3364 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:11:51.0828 3364 MSKSSRV - ok
19:11:52.0000 3364 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:11:52.0000 3364 MSPCLOCK - ok
19:11:52.0187 3364 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:11:52.0187 3364 MSPQM - ok
19:11:52.0375 3364 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:11:52.0375 3364 mssmbios - ok
19:11:52.0562 3364 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:11:52.0562 3364 MSTEE - ok
19:11:52.0734 3364 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:11:52.0734 3364 Mup - ok
19:11:52.0937 3364 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:11:52.0937 3364 NABTSFEC - ok
19:11:53.0093 3364 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
19:11:53.0093 3364 napagent - ok
19:11:53.0250 3364 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:11:53.0250 3364 NDIS - ok
19:11:53.0453 3364 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:11:53.0453 3364 NdisIP - ok
19:11:53.0625 3364 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:11:53.0625 3364 NdisTapi - ok
19:11:53.0703 3364 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:11:53.0703 3364 Ndisuio - ok
19:11:53.0906 3364 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:11:53.0906 3364 NdisWan - ok
19:11:54.0078 3364 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:11:54.0078 3364 NDProxy - ok
19:11:54.0265 3364 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:11:54.0265 3364 NetBIOS - ok
19:11:54.0453 3364 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:11:54.0453 3364 NetBT - ok
19:11:54.0609 3364 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:11:54.0609 3364 NetDDE - ok
19:11:54.0625 3364 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:11:54.0640 3364 NetDDEdsdm - ok
19:11:54.0750 3364 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:11:54.0750 3364 Netlogon - ok
19:11:54.0859 3364 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
19:11:54.0859 3364 Netman - ok
19:11:55.0000 3364 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:11:55.0000 3364 NetTcpPortSharing - ok
19:11:55.0171 3364 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:11:55.0187 3364 NIC1394 - ok
19:11:55.0343 3364 NIDomainService (3b1439a956f872f36f0e8190f64ec9f9) C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
19:11:55.0343 3364 NIDomainService - ok
19:11:55.0453 3364 niSvcLoc - ok
19:11:55.0593 3364 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
19:11:55.0609 3364 Nla - ok
19:11:55.0750 3364 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\DRIVERS\npf.sys
19:11:55.0750 3364 NPF - ok
19:11:55.0937 3364 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:11:55.0937 3364 Npfs - ok
19:11:56.0156 3364 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:11:56.0171 3364 Ntfs - ok
19:11:56.0312 3364 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
19:11:56.0312 3364 NtLmSsp - ok
19:11:56.0453 3364 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
19:11:56.0453 3364 NtmsSvc - ok
19:11:56.0562 3364 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:11:56.0562 3364 Null - ok
19:11:56.0765 3364 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:11:56.0781 3364 nv - ok
19:11:56.0937 3364 NVSvc (26712cf8be48bc767854927435c0b6a9) C:\WINDOWS\System32\nvsvc32.exe
19:11:56.0937 3364 NVSvc - ok
19:11:57.0125 3364 nv_agp (29291c3a7256337327051cc37e4fc09a) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
19:11:57.0125 3364 nv_agp - ok
19:11:57.0250 3364 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:11:57.0250 3364 NwlnkFlt - ok
19:11:57.0468 3364 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:11:57.0468 3364 NwlnkFwd - ok
19:11:57.0750 3364 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:11:57.0750 3364 ohci1394 - ok
19:11:57.0968 3364 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:11:57.0968 3364 ose - ok
19:11:58.0218 3364 PalmUSBD - ok
19:11:58.0625 3364 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:11:58.0640 3364 Parport - ok
19:11:59.0250 3364 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:11:59.0250 3364 PartMgr - ok
19:11:59.0437 3364 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:11:59.0437 3364 ParVdm - ok
19:11:59.0625 3364 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:11:59.0625 3364 PCI - ok
19:11:59.0781 3364 PCIDump - ok
19:11:59.0921 3364 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:11:59.0921 3364 PCIIde - ok
19:12:00.0125 3364 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:12:00.0140 3364 Pcmcia - ok
19:12:00.0312 3364 PDCOMP - ok
19:12:00.0406 3364 PDFRAME - ok
19:12:00.0468 3364 PDRELI - ok
19:12:00.0546 3364 PDRFRAME - ok
19:12:00.0609 3364 perc2 - ok
19:12:00.0671 3364 perc2hib - ok
19:12:00.0796 3364 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:12:00.0796 3364 PlugPlay - ok
19:12:00.0890 3364 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:12:00.0890 3364 PolicyAgent - ok
19:12:01.0015 3364 ppa3 (c740d0cb238670629af1b740414a8f3c) C:\WINDOWS\system32\DRIVERS\ppa3.sys
19:12:01.0031 3364 ppa3 - ok
19:12:01.0203 3364 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:12:01.0203 3364 PptpMiniport - ok
19:12:01.0390 3364 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
19:12:01.0390 3364 Processor - ok
19:12:01.0531 3364 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:12:01.0531 3364 ProtectedStorage - ok
19:12:01.0703 3364 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys
19:12:01.0703 3364 Ps2 - ok
19:12:01.0890 3364 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:12:01.0890 3364 PSched - ok
19:12:02.0078 3364 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:12:02.0078 3364 Ptilink - ok
19:12:02.0250 3364 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:12:02.0250 3364 PxHelp20 - ok
19:12:02.0406 3364 ql1080 - ok
19:12:02.0500 3364 Ql10wnt - ok
19:12:02.0562 3364 ql12160 - ok
19:12:02.0625 3364 ql1240 - ok
19:12:02.0671 3364 ql1280 - ok
19:12:02.0750 3364 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:12:02.0765 3364 RasAcd - ok
19:12:02.0890 3364 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
19:12:02.0890 3364 RasAuto - ok
19:12:03.0015 3364 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:12:03.0015 3364 Rasl2tp - ok
19:12:03.0171 3364 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
19:12:03.0187 3364 RasMan - ok
19:12:03.0343 3364 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:12:03.0343 3364 RasPppoe - ok
19:12:03.0531 3364 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:12:03.0531 3364 Raspti - ok
19:12:03.0734 3364 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:12:03.0734 3364 Rdbss - ok
19:12:03.0890 3364 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:12:03.0906 3364 RDPCDD - ok
19:12:04.0031 3364 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
19:12:04.0031 3364 RDPWD - ok
19:12:04.0203 3364 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
19:12:04.0203 3364 RDSessMgr - ok
19:12:04.0484 3364 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:12:04.0484 3364 redbook - ok
19:12:04.0828 3364 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
19:12:04.0828 3364 RemoteAccess - ok
19:12:05.0171 3364 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
19:12:05.0171 3364 RpcLocator - ok
19:12:05.0312 3364 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
19:12:05.0312 3364 RpcSs - ok
19:12:05.0406 3364 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
19:12:05.0406 3364 RSVP - ok
19:12:05.0500 3364 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
19:12:05.0515 3364 rtl8139 - ok
19:12:05.0640 3364 S3Psddr (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
19:12:05.0640 3364 S3Psddr - ok
19:12:05.0765 3364 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:12:05.0765 3364 SamSs - ok
19:12:05.0906 3364 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
19:12:05.0921 3364 SCardSvr - ok
19:12:06.0015 3364 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
19:12:06.0015 3364 Schedule - ok
19:12:06.0078 3364 SDDMI2 - ok
19:12:06.0218 3364 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:12:06.0218 3364 Secdrv - ok
19:12:06.0359 3364 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
19:12:06.0375 3364 seclogon - ok
19:12:06.0437 3364 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
19:12:06.0453 3364 SENS - ok
19:12:06.0562 3364 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:12:06.0578 3364 Serenum - ok
19:12:06.0656 3364 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:12:06.0671 3364 Serial - ok
19:12:06.0843 3364 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:12:06.0843 3364 Sfloppy - ok
19:12:06.0984 3364 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
19:12:07.0000 3364 SharedAccess - ok
19:12:07.0140 3364 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:12:07.0140 3364 ShellHWDetection - ok
19:12:07.0250 3364 Simbad - ok
19:12:07.0359 3364 SiS315 (bdfef5c5d41ba377852389e8f07104ea) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
19:12:07.0359 3364 SiS315 - ok
19:12:07.0468 3364 SISAGP (923d23638c616eecb0d811461161d0b8) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
19:12:07.0468 3364 SISAGP - ok
19:12:07.0546 3364 SiSkp (7e9e5823afbb5af2851abb1659ff627d) C:\WINDOWS\system32\DRIVERS\srvkp.sys
19:12:07.0546 3364 SiSkp - ok
19:12:07.0687 3364 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:12:07.0703 3364 SLIP - ok
19:12:07.0843 3364 Sparrow - ok
19:12:07.0984 3364 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:12:07.0984 3364 splitter - ok
19:12:08.0125 3364 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:12:08.0140 3364 Spooler - ok
19:12:08.0312 3364 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:12:08.0312 3364 sr - ok
19:12:08.0453 3364 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
19:12:08.0468 3364 srservice - ok
19:12:08.0640 3364 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:12:08.0656 3364 Srv - ok
19:12:08.0781 3364 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
19:12:08.0796 3364 SSDPSRV - ok
19:12:08.0937 3364 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
19:12:08.0953 3364 stisvc - ok
19:12:09.0078 3364 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:12:09.0078 3364 streamip - ok
19:12:09.0250 3364 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:12:09.0250 3364 swenum - ok
19:12:09.0343 3364 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:12:09.0343 3364 swmidi - ok
19:12:09.0468 3364 SwPrv - ok
19:12:09.0578 3364 symc810 - ok
19:12:09.0671 3364 symc8xx - ok
19:12:09.0750 3364 sym_hi - ok
19:12:09.0812 3364 sym_u3 - ok
19:12:09.0937 3364 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:12:09.0937 3364 sysaudio - ok
19:12:10.0093 3364 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
19:12:10.0093 3364 SysmonLog - ok
19:12:10.0203 3364 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
19:12:10.0203 3364 TapiSrv - ok
19:12:10.0359 3364 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:12:10.0375 3364 Tcpip - ok
19:12:10.0562 3364 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:12:10.0562 3364 TDPIPE - ok
19:12:10.0750 3364 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:12:10.0750 3364 TDTCP - ok
19:12:10.0906 3364 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:12:10.0906 3364 TermDD - ok
19:12:11.0062 3364 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
19:12:11.0062 3364 TermService - ok
19:12:11.0203 3364 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:12:11.0203 3364 Themes - ok
19:12:11.0312 3364 TosIde - ok
19:12:11.0406 3364 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
19:12:11.0421 3364 TrkWks - ok
19:12:11.0578 3364 tvnserver (aaf458cc200326bef602b5339400bf86) C:\Program Files\TightVNC\tvnserver.exe
19:12:11.0578 3364 tvnserver - ok
19:12:11.0781 3364 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:12:11.0781 3364 Udfs - ok
19:12:11.0921 3364 ultra - ok
19:12:12.0078 3364 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:12:12.0078 3364 Update - ok
19:12:12.0218 3364 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
19:12:12.0218 3364 upnphost - ok
19:12:12.0343 3364 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
19:12:12.0343 3364 UPS - ok
19:12:12.0468 3364 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:12:12.0468 3364 USBAAPL - ok
19:12:12.0656 3364 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:12:12.0656 3364 usbaudio - ok
19:12:12.0828 3364 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:12:12.0828 3364 usbccgp - ok
19:12:13.0015 3364 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:12:13.0015 3364 usbehci - ok
19:12:13.0203 3364 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:12:13.0203 3364 usbhub - ok
19:12:13.0375 3364 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:12:13.0375 3364 usbohci - ok
19:12:13.0531 3364 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:12:13.0531 3364 usbprint - ok
19:12:13.0703 3364 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:12:13.0703 3364 usbscan - ok
19:12:13.0875 3364 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:12:13.0875 3364 USBSTOR - ok
19:12:14.0031 3364 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:12:14.0046 3364 usbuhci - ok
19:12:14.0187 3364 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
19:12:14.0187 3364 usbvideo - ok
19:12:14.0375 3364 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:12:14.0375 3364 VgaSave - ok
19:12:14.0546 3364 viaagp1 (0e3e3fae3a0a58b8d936a8e841a17d16) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
19:12:14.0562 3364 viaagp1 - ok
19:12:14.0671 3364 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
19:12:14.0671 3364 ViaIde - ok
19:12:14.0843 3364 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:12:14.0843 3364 VolSnap - ok
19:12:15.0000 3364 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
19:12:15.0015 3364 VSS - ok
19:12:15.0109 3364 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
19:12:15.0125 3364 W32Time - ok
19:12:15.0250 3364 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:12:15.0265 3364 Wanarp - ok
19:12:15.0406 3364 WDICA - ok
19:12:15.0546 3364 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:12:15.0546 3364 wdmaud - ok
19:12:15.0687 3364 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
19:12:15.0687 3364 WebClient - ok
19:12:15.0890 3364 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:12:15.0890 3364 winmgmt - ok
19:12:16.0062 3364 WmdmPmSN (f4db1f1417ff329e8ff217d5c474d5d7) C:\WINDOWS\system32\MsPMSNSv.dll
19:12:16.0078 3364 WmdmPmSN - ok
19:12:16.0265 3364 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
19:12:16.0265 3364 WmiApSrv - ok
19:12:16.0437 3364 WMPNetworkSvc (4f51f2688c51520211c3810c8548e639) C:\Program Files\Windows Media Player\WMPNetwk.exe
19:12:16.0437 3364 WMPNetworkSvc - ok
19:12:16.0640 3364 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:12:16.0640 3364 WS2IFSL - ok
19:12:16.0781 3364 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
19:12:16.0781 3364 wscsvc - ok
19:12:16.0953 3364 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:12:16.0953 3364 WSTCODEC - ok
19:12:17.0062 3364 WSWNA3100 (d0697918519a4cf059c2c7e3b9e93a53) C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
19:12:17.0062 3364 WSWNA3100 - ok
19:12:17.0203 3364 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
19:12:17.0203 3364 wuauserv - ok
19:12:17.0390 3364 WudfPf (443f0a35cb3be5d176053da39157a898) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:12:17.0390 3364 WudfPf - ok
19:12:17.0578 3364 WudfRd (e12d4c486d7eb4e0961c27558dc25af7) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:12:17.0578 3364 WudfRd - ok
19:12:17.0703 3364 WudfSvc (8a92b1f02571b634f50db35a934989f6) C:\WINDOWS\System32\WUDFSvc.dll
19:12:17.0703 3364 WudfSvc - ok
19:12:17.0875 3364 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
19:12:17.0890 3364 WZCSVC - ok
19:12:18.0000 3364 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
19:12:18.0000 3364 xmlprov - ok
19:12:18.0046 3364 ZipToA - ok
19:12:18.0218 3364 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
19:12:18.0218 3364 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
19:12:18.0343 3364 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
19:12:18.0343 3364 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
19:12:18.0359 3364 MBR (0x1B8) (b716b775fcbdabf0e2ddff76f15c6790) \Device\Harddisk0\DR0
19:12:18.0406 3364 \Device\Harddisk0\DR0 - ok
19:12:18.0406 3364 MBR (0x1B8) (5e4f239959023602860d5896126e5c6f) \Device\Harddisk1\DR1
19:12:18.0421 3364 \Device\Harddisk1\DR1 - ok
19:12:18.0437 3364 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk2\DR7
19:12:19.0484 3364 \Device\Harddisk2\DR7 - ok
19:12:19.0484 3364 Boot (0x1200) (355054ca48ff4b101132681e5afaab2b) \Device\Harddisk0\DR0\Partition0
19:12:19.0484 3364 \Device\Harddisk0\DR0\Partition0 - ok
19:12:19.0515 3364 Boot (0x1200) (fa0019f6a43d553b1fb48e32b4eee518) \Device\Harddisk0\DR0\Partition1
19:12:19.0515 3364 \Device\Harddisk0\DR0\Partition1 - ok
19:12:19.0531 3364 Boot (0x1200) (d6655b44db37664fffd3c91cc5036e91) \Device\Harddisk1\DR1\Partition0
19:12:19.0531 3364 \Device\Harddisk1\DR1\Partition0 - ok
19:12:19.0546 3364 Boot (0x1200) (ddc62e70562b800be832ac26db9eb44f) \Device\Harddisk2\DR7\Partition0
19:12:19.0546 3364 \Device\Harddisk2\DR7\Partition0 - ok
19:12:19.0546 3364 ============================================================
19:12:19.0546 3364 Scan finished
19:12:19.0546 3364 ============================================================
19:12:19.0578 3900 Detected object count: 0
19:12:19.0578 3900 Actual detected object count: 0





- - - - -
aswMBRac

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-22 20:47:05
-----------------------------
20:47:05.765 OS Version: Windows 5.1.2600 Service Pack 3
20:47:05.765 Number of processors: 2 586 0x209
20:47:05.765 ComputerName: COMPAQ UserName: Owner
20:47:06.156 Initialize success
20:56:34.875 AVAST engine download error: 0
20:56:49.906 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
20:56:49.906 Disk 0 Vendor: SAMSUNG_SV0802N TP100-23 Size: 76351MB BusType: 3
20:56:49.906 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
20:56:49.906 Disk 1 Vendor: WDC_WD600BB-00CAA1 17.07W17 Size: 57241MB BusType: 3
20:56:49.937 Disk 0 MBR read successfully
20:56:49.937 Disk 0 MBR scan
20:56:49.937 Disk 0 unknown MBR code
20:56:49.937 Disk 0 Partition 1 00 0B FAT32 RECOVERY 5086 MB offset 63
20:56:49.953 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 71251 MB offset 10417680
20:56:49.953 Disk 0 scanning sectors +156340800
20:56:50.062 Disk 0 scanning C:\WINDOWS\system32\drivers
20:57:02.234 Service scanning
20:57:41.015 Modules scanning
20:58:06.359 Disk 0 trace - called modules:
20:58:06.390 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:58:06.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a2ceab8]
20:58:06.390 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000005e[0x8a29e3b8]
20:58:06.390 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a2b3d98]
20:58:06.406 Scan finished successfully
20:59:07.953 Disk 0 MBR has been saved successfully to "H:\aswMBR\MBR.dat"
20:59:10.125 The log file has been saved successfully to "H:\aswMBR\aswMBR.txt"






- - - - -
FSS

Farbar Service Scanner Version: 01-03-2012
Ran by Owner (administrator) on 23-03-2012 at 19:39:06
Running from "C:\Documents and Settings\Owner\Desktop\Farbar Service Scanner"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(268435456) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000000000010050000000600000007000000
IpSec Tag value is correct.

**** End of log ****


Let me know what else I need to do. Thanks, Gringo!

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:24 AM

Posted 23 March 2012 - 08:37 PM

Greetings

quick launch - http://www.xp-tips.com/enable-quick-launch.html

background - Have you tried to change it?

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
File::
c:\documents and settings\All Users\Application Data\EoZwLZJTJabXmv.exe
c:\documents and settings\All Users\Application Data\IkEJJmteVRTh.exe

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 GreyhoundGuy

GreyhoundGuy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 23 March 2012 - 10:17 PM

quick launch - http://www.xp-tips.com/enable-quick-launch.html

That worked. Thanks.

background - Have you tried to change it?

Nope. I thought it would revert back to normal. I tried to change it and... voila! That's a big DUH to me!

NOTE: I had to disable Avast 4.8 in order to run ComboFix. Is this normal?

NOTE2: After running ComboFix, my system automatically restarted. I'm assuming this is normal.


- - - - -
CFScript

ComboFix 12-03-22.01 - Owner 03/23/2012 21:43:14.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.637 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\ComboFix\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 120323-2] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\All Users\Application Data\EoZwLZJTJabXmv.exe"
"c:\documents and settings\All Users\Application Data\IkEJJmteVRTh.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-02-24 to 2012-03-24 )))))))))))))))))))))))))))))))
.
.
2012-03-24 02:27 . 2009-11-24 22:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-24 02:27 . 2009-11-24 22:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-23 23:54 . 2010-02-03 16:21 499712 ----a-w- c:\windows\system32\msvc9e49.rra
2012-03-23 23:54 . 2010-02-03 16:21 348160 ----a-w- c:\windows\system32\msvc9f52.rra
2012-03-23 23:54 . 2010-02-03 16:21 89088 ----a-w- c:\windows\system32\ATL79a32.rra
2012-03-23 23:54 . 2010-02-03 16:21 1060864 ----a-w- c:\windows\system32\MFC79d20.rra
2012-03-19 03:09 . 2012-03-19 03:09 356864 ----a-w- c:\documents and settings\All Users\Application Data\EoZwLZJTJabXmv.exe
2012-03-18 16:14 . 2012-03-18 16:14 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 16:14 . 2012-03-18 16:14 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-17 15:11 . 2012-03-17 15:11 -------- d-----w- c:\program files\Garmin GPS Plugin
2012-03-17 00:24 . 2012-03-17 00:27 -------- d-----w- c:\program files\iTunes
2012-03-15 15:41 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-03-15 15:41 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-03-02 00:21 . 2012-03-02 00:21 230808 ----a-r- c:\windows\system32\cpnprt2.cid
2012-03-02 00:21 . 2012-03-02 00:21 -------- d-----w- c:\program files\Coupons
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 03:28 . 2011-11-06 18:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2003-08-08 17:32 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 16:20 . 2003-08-08 17:30 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2007-07-25 00:03 . 2007-07-25 00:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
2012-03-18 16:14 . 2012-02-17 17:07 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2004-08-04 07:56 60416 --sha-w- c:\windows\BricoPacks\SysFiles\84_MSIMN.EXE
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-05-03 835654]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 19550344]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-03 4640768]
"nwiz"="nwiz.exe" [2003-05-03 323584]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"PS2"="c:\windows\system32\ps2.exe" [2002-08-01 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-11-21 35328]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 28160]
"iRiver Updater"="c:\program files\iRiver\iRiver Manager\Updater\Updater.exe" [2004-03-10 204800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2011-08-03 828944]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-07 421736]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
MotionBased Agent.lnk - c:\program files\MotionBased\Agent\MBAgent.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\program files\PrintMaster Silver 17\Remind.exe [2006-2-22 344064]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\HOTSYNC.EXE [N/A]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-2-27 450560]
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2012-1-20 4577760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\wjview.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TightVNC\\tvnserver.exe"=
"c:\\Program Files\\TightVNC\\vncviewer.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3/23/2012 9:27 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/23/2012 9:27 PM 20560]
R2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [8/3/2011 8:23 AM 828944]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [1/20/2012 11:35 PM 642432]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [1/21/2012 8:53 PM 30576]
S2 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [1/20/2012 11:35 PM 285152]
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 23:57]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://srch-qus9.hpwis.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://srch-qus9.hpwis.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {F8FC1530-0608-11DF-2008-0800200C9A66} - hxxps://vpn.laketravis.txed.net/CACHE/sdesktop/install/binaries/instweb.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\lvc8ae98.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-23 22:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1824)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
c:\windows\ALCXMNTR.EXE
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Alwil Software\Avast4\asw6Noti.exe
.
**************************************************************************
.
Completion time: 2012-03-23 22:13:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-24 03:13
ComboFix2.txt 2012-03-23 00:04
.
Pre-Run: 4,556,689,408 bytes free
Post-Run: 4,645,752,832 bytes free
.
- - End Of File - - 9E5B7847CA51FB1B5F3378A8D5AC206D

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:24 AM

Posted 23 March 2012 - 10:37 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9.1
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.1_02
Java Web Start
Java™ 6 Update 2
Java™ 6 Update 29
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 GreyhoundGuy

GreyhoundGuy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 25 March 2012 - 06:24 PM

I had to uninstall and reinstall the NetGear software for the wireless Internet adapter. That went fine.

I uninstalled all the programs you listed and everything went smoothly. I haven't yet installed Adobe Reader or Java. I figured I'd do that after I post here.

In looking over the logs, it looks like I picked up some search bar junk for IE (http://srch-qus9.hpwis.com). Not sure what it is, but I did a search on BC and saw it referenced in a couple spots.


- - - - -
HiJackThis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:13:31 PM, on 3/25/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Education Software\Win32\NotebookPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: MotionBased Agent.lnk = C:\Program Files\MotionBased\Agent\MBAgent.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster Silver 17\Remind.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NETGEAR WNA3100 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {F8FC1530-0608-11DF-2008-0800200C9A66} (CSD ActiveX Installer) - https://vpn.laketravis.txed.net/CACHE/sdesktop/install/binaries/instweb.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Program Files\TightVNC\tvnserver.exe
O23 - Service: WSWNA3100 - Unknown owner - C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\system32\ZipToA.exe

--
End of file - 8882 bytes



- - - - -
MBAM

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.25.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: COMPAQ [administrator]

3/25/2012 5:29:37 PM
mbam-log-2012-03-25 (17-29-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240735
Time elapsed: 16 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\All Users\Application Data\EoZwLZJTJabXmv.exe (Trojan.FakeAlert) -> Delete on reboot.

(end)



How Is The Computer?
Everything seems to be working well again. I can't see anything that is causing problems, and the computer seems to be acting normal again.

Like I said, though, I seem to have picked up some search bar junk for IE (http://srch-qus9.hpwis.com/).

-Joel




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users