Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus or Hacker?


  • Please log in to reply
16 replies to this topic

#1 xRileyx

xRileyx

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 29 March 2012 - 01:08 AM

My computer has been moving really slow. I've only installed updates and haven't downloaded any large files, so I can't understand why it's working so slowly. Also, in windows media player music will start to play on its own. The last time something like that happened on a different computer, it was because I got hacked. I'm afraid it might've happened again.

Need help determining if my computer has been hacked, as I don't know how to find out that information.

Thanks in advance.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:47 AM

Posted 29 March 2012 - 10:01 AM

Hello and welcome.. This may be malware. please run a few tools.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 xRileyx

xRileyx
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 29 March 2012 - 06:57 PM

Okay here are all the reports. Oddly everything seems fine, but I'll let you be the judge.

MiniToolBox by Farbar Version: 18-01-2012
Ran by KSand (administrator) on 29-03-2012 at 18:13:23
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Dell Wireless 1395 WLAN Mini-Card = Wireless Network Connection (Connected)
Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : KSand-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dell Wireless 1395 WLAN Mini-Card
Physical Address. . . . . . . . . : 00-23-4E-4B-2F-7F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2602:306:c842:2889:cc94:31b3:a293:b0c9(Preferred)
Temporary IPv6 Address. . . . . . : 2602:306:c842:2889:e8cd:cf61:409e:ff1c(Preferred)
Link-local IPv6 Address . . . . . : fe80::cc94:31b3:a293:b0c9%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.250(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, March 29, 2012 6:05:28 PM
Lease Expires . . . . . . . . . . : Friday, March 30, 2012 6:05:28 PM
Default Gateway . . . . . . . . . : fe80::7644:1ff:fe0e:1458%12
192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 201335630
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-AF-8E-9B-00-23-AE-01-68-0A
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Physical Address. . . . . . . . . : 00-23-AE-01-68-0A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{2FBE7FC8-D48B-41E3-8499-CE53EE0918C2}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3ccb:928:3f57:fe05(Preferred)
Link-local IPv6 Address . . . . . : fe80::3ccb:928:3f57:fe05%10(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{BCAA673A-E380-4FB3-A235-495A6E84E1C1}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dslrouter
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.227.100
74.125.227.101
74.125.227.102
74.125.227.103
74.125.227.104
74.125.227.105
74.125.227.110
74.125.227.96
74.125.227.97
74.125.227.98
74.125.227.99



Pinging google.com [74.125.227.99] with 32 bytes of data:

Reply from 74.125.227.99: bytes=32 time=47ms TTL=47

Reply from 74.125.227.99: bytes=32 time=48ms TTL=47



Ping statistics for 74.125.227.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 47ms, Maximum = 48ms, Average = 47ms

Server: dslrouter
Address: 192.168.1.254

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=47ms TTL=46

Reply from 209.191.122.70: bytes=32 time=47ms TTL=46



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 47ms, Maximum = 47ms, Average = 47ms

Server: dslrouter
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
12 ...00 23 4e 4b 2f 7f ...... Dell Wireless 1395 WLAN Mini-Card
11 ...00 23 ae 01 68 0a ...... Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
1 ........................... Software Loopback Interface 1
15 ...00 00 00 00 00 00 00 e0 isatap.{2FBE7FC8-D48B-41E3-8499-CE53EE0918C2}
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
13 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
14 ...00 00 00 00 00 00 00 e0 isatap.{BCAA673A-E380-4FB3-A235-495A6E84E1C1}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.250 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.250 281
192.168.1.250 255.255.255.255 On-link 192.168.1.250 281
192.168.1.255 255.255.255.255 On-link 192.168.1.250 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.250 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.250 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 281 ::/0 fe80::7644:1ff:fe0e:1458
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:4137:9e76:3ccb:928:3f57:fe05/128
On-link
12 33 2602:306:c842:2889::/64 On-link
12 281 2602:306:c842:2889:cc94:31b3:a293:b0c9/128
On-link
12 281 2602:306:c842:2889:e8cd:cf61:409e:ff1c/128
On-link
12 281 fe80::/64 On-link
10 266 fe80::/64 On-link
10 266 fe80::3ccb:928:3f57:fe05/128
On-link
12 281 fe80::cc94:31b3:a293:b0c9/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/29/2012 06:06:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2012 06:03:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10203230

Error: (03/29/2012 06:03:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10203230

Error: (03/29/2012 06:03:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/29/2012 06:03:06 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10201608

Error: (03/29/2012 06:03:06 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10201608

Error: (03/29/2012 06:03:06 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/29/2012 06:03:04 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10198690

Error: (03/29/2012 06:03:04 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10198690

Error: (03/29/2012 06:03:04 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (03/29/2012 06:06:04 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (03/29/2012 01:04:03 AM) (Source: DCOM) (User: )
Description: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (03/29/2012 01:03:20 AM) (Source: DCOM) (User: )
Description: {9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/28/2012 11:55:04 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (03/27/2012 10:58:07 PM) (Source: Service Control Manager) (User: )
Description: 30000STacSV

Error: (03/27/2012 11:01:55 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (03/26/2012 05:33:24 PM) (Source: Service Control Manager) (User: )
Description: 30000Netman

Error: (03/26/2012 02:00:40 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (03/25/2012 10:40:03 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (03/24/2012 07:27:39 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058


Microsoft Office Sessions:
=========================
Error: (03/29/2012 06:06:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2012 06:03:08 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10203230

Error: (03/29/2012 06:03:08 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10203230

Error: (03/29/2012 06:03:08 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/29/2012 06:03:06 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10201608

Error: (03/29/2012 06:03:06 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10201608

Error: (03/29/2012 06:03:06 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/29/2012 06:03:04 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10198690

Error: (03/29/2012 06:03:04 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10198690

Error: (03/29/2012 06:03:04 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


=========================== Installed Programs ============================

Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Amazon MP3 Downloader 1.0.12 (Version: 1.0.12)
Any Video Converter 3.2.7
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
att.net Internet Mail
att.net Toolbar
Bonjour (Version: 3.0.0.10)
Browser Address Error Redirector (Version: 1.00.0000)
Cisco EAP-FAST Module (Version: 2.1.3)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant HDA D330 MDC V.92 Modem (Version: 7.74.00)
Dell-eBay (Version: 1.00.0000)
Dell Best of Web (Version: 1.00.0000)
Dell Dock (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Version: 2.1.08060)
Dell Touchpad (Version: 7.1.103.4)
Dell Wireless WLAN Card Utility (Version: 4.170.77.13)
Digital Line Detect (Version: 1.21)
EDocs
Geek Squad 24 Hour Computer Support (Version: 2.1.322)
GIMP 2.6.11 (Version: 2.6.11)
Google Chrome (Version: 17.0.963.83)
Google Desktop (Version: -)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer (Version: 4.0.0.002)
GoToAssist 8.0.0.514
IMVU Avatar Chat Software
IMVU Inc Toolbar (Version: 6.8.5.1)
Intel® Matrix Storage Manager
iTunes (Version: 10.5.3.3)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ 6 Update 7 (Version: 1.6.0.70)
Kaspersky Anti-Virus 2011 (Version: 11.0.2.556)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
McAfee Security Scan Plus (Version: 2.0.181.2)
MediaDirect (Version: 3.5)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Modem Diagnostic Tool (Version: 1.0.24.0)
Mozilla Firefox 7.0.1 (x86 en-US) (Version: 7.0.1)
NetWaiting (Version: 2.5.53)
OutlookAddinSetup (Version: 1.0.0)
OverDrive Media Console (Version: 3.2.10)
QuickSet (Version: 8.2.20)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE (Version: 10.1)
Roxio Creator DE (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Veoh Giraffic Video Accelerator (Version: 0.86.192.230)
Veoh Web Player (Version: 1.1.2.0000)
Yahoo! Software Update

========================= Memory info: ===================================

Percentage of memory in use: 48%
Total physical RAM: 3061.31 MB
Available physical RAM: 1574.1 MB
Total Pagefile: 6340.81 MB
Available Pagefile: 4525.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.02 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:136.74 GB) (Free:86.62 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:4.76 GB) NTFS

========================= Users: ========================================

User accounts for \\KSAND-PC

Administrator Guest K Sand


**** End of log ****

_______________________________________________-


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.29.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
K Sand :: KSAND-PC [administrator]

3/29/2012 6:23:42 PM
mbam-log-2012-03-29 (18-23-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222720
Time elapsed: 1 hour(s), 4 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


_____________________________________________________--


19:31:39.0071 4120 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
19:31:40.0171 4120 ============================================================
19:31:40.0172 4120 Current date / time: 2012/03/29 19:31:40.0171
19:31:40.0172 4120 SystemInfo:
19:31:40.0172 4120
19:31:40.0172 4120 OS Version: 6.0.6002 ServicePack: 2.0
19:31:40.0172 4120 Product type: Workstation
19:31:40.0172 4120 ComputerName: KSAND-PC
19:31:40.0173 4120 UserName: K Sand
19:31:40.0173 4120 Windows directory: C:\Windows
19:31:40.0173 4120 System windows directory: C:\Windows
19:31:40.0173 4120 Processor architecture: Intel x86
19:31:40.0173 4120 Number of processors: 2
19:31:40.0173 4120 Page size: 0x1000
19:31:40.0173 4120 Boot type: Normal boot
19:31:40.0173 4120 ============================================================
19:31:40.0877 4120 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:31:40.0882 4120 \Device\Harddisk0\DR0:
19:31:40.0882 4120 MBR used
19:31:40.0882 4120 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1388000
19:31:40.0882 4120 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C000, BlocksNum 0x1117D6A8
19:31:40.0978 4120 Initialize success
19:31:40.0978 4120 ============================================================
19:32:15.0256 3052 ============================================================
19:32:15.0256 3052 Scan started
19:32:15.0256 3052 Mode: Manual;
19:32:15.0257 3052 ============================================================
19:32:17.0719 3052 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:32:17.0724 3052 ACPI - ok
19:32:17.0818 3052 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:32:17.0826 3052 AdobeARMservice - ok
19:32:17.0951 3052 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:32:17.0959 3052 adp94xx - ok
19:32:17.0993 3052 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:32:17.0999 3052 adpahci - ok
19:32:18.0032 3052 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:32:18.0035 3052 adpu160m - ok
19:32:18.0057 3052 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:32:18.0061 3052 adpu320 - ok
19:32:18.0112 3052 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
19:32:18.0117 3052 AeLookupSvc - ok
19:32:18.0177 3052 AESTFilters (ef1142512bec12f1c2c87735da1755be) C:\Windows\system32\aestsrv.exe
19:32:18.0181 3052 AESTFilters - ok
19:32:18.0264 3052 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:32:18.0271 3052 AFD - ok
19:32:18.0387 3052 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:32:18.0390 3052 agp440 - ok
19:32:18.0429 3052 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:32:18.0432 3052 aic78xx - ok
19:32:18.0468 3052 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
19:32:18.0471 3052 ALG - ok
19:32:18.0513 3052 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
19:32:18.0516 3052 aliide - ok
19:32:18.0546 3052 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:32:18.0549 3052 amdagp - ok
19:32:18.0584 3052 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
19:32:18.0587 3052 amdide - ok
19:32:18.0614 3052 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:32:18.0616 3052 AmdK7 - ok
19:32:18.0641 3052 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
19:32:18.0643 3052 AmdK8 - ok
19:32:18.0719 3052 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys
19:32:18.0725 3052 ApfiltrService - ok
19:32:18.0799 3052 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
19:32:18.0807 3052 Appinfo - ok
19:32:18.0913 3052 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:32:18.0918 3052 Apple Mobile Device - ok
19:32:18.0994 3052 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:32:18.0997 3052 arc - ok
19:32:19.0069 3052 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:32:19.0072 3052 arcsas - ok
19:32:19.0124 3052 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:32:19.0127 3052 AsyncMac - ok
19:32:19.0170 3052 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:32:19.0172 3052 atapi - ok
19:32:19.0250 3052 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:32:19.0269 3052 AudioEndpointBuilder - ok
19:32:19.0280 3052 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:32:19.0297 3052 Audiosrv - ok
19:32:19.0397 3052 AVP (b2b3fcba37671c853879df7dde8a839a) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
19:32:19.0404 3052 AVP - ok
19:32:19.0508 3052 BCM42RLY (7bd70aeed0d975285a1b20bd012ebf4e) C:\Windows\system32\drivers\BCM42RLY.sys
19:32:19.0512 3052 BCM42RLY - ok
19:32:19.0629 3052 BCM43XX (fa6707a346cd122407f3b0bad1c47639) C:\Windows\system32\DRIVERS\bcmwl6.sys
19:32:19.0646 3052 BCM43XX - ok
19:32:19.0723 3052 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:32:19.0726 3052 Beep - ok
19:32:19.0836 3052 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
19:32:19.0853 3052 BFE - ok
19:32:19.0944 3052 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
19:32:19.0968 3052 BITS - ok
19:32:20.0019 3052 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:32:20.0022 3052 blbdrive - ok
19:32:20.0120 3052 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
19:32:20.0139 3052 Bonjour Service - ok
19:32:20.0227 3052 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:32:20.0231 3052 bowser - ok
19:32:20.0311 3052 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:32:20.0313 3052 BrFiltLo - ok
19:32:20.0366 3052 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:32:20.0368 3052 BrFiltUp - ok
19:32:20.0420 3052 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
19:32:20.0423 3052 Browser - ok
19:32:20.0465 3052 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:32:20.0470 3052 Brserid - ok
19:32:20.0502 3052 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:32:20.0505 3052 BrSerWdm - ok
19:32:20.0524 3052 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:32:20.0527 3052 BrUsbMdm - ok
19:32:20.0548 3052 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:32:20.0551 3052 BrUsbSer - ok
19:32:20.0595 3052 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:32:20.0598 3052 BTHMODEM - ok
19:32:20.0661 3052 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:32:20.0664 3052 cdfs - ok
19:32:20.0720 3052 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:32:20.0722 3052 cdrom - ok
19:32:20.0802 3052 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:32:20.0805 3052 CertPropSvc - ok
19:32:20.0844 3052 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
19:32:20.0846 3052 circlass - ok
19:32:20.0888 3052 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:32:20.0893 3052 CLFS - ok
19:32:20.0983 3052 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:32:20.0987 3052 clr_optimization_v2.0.50727_32 - ok
19:32:21.0051 3052 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:32:21.0065 3052 clr_optimization_v4.0.30319_32 - ok
19:32:21.0184 3052 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:32:21.0188 3052 CmBatt - ok
19:32:21.0219 3052 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
19:32:21.0223 3052 cmdide - ok
19:32:21.0235 3052 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:32:21.0241 3052 Compbatt - ok
19:32:21.0251 3052 COMSysApp - ok
19:32:21.0288 3052 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:32:21.0291 3052 crcdisk - ok
19:32:21.0317 3052 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:32:21.0319 3052 Crusoe - ok
19:32:21.0390 3052 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
19:32:21.0405 3052 CryptSvc - ok
19:32:21.0471 3052 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:32:21.0494 3052 DcomLaunch - ok
19:32:21.0542 3052 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:32:21.0546 3052 DfsC - ok
19:32:21.0707 3052 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
19:32:21.0733 3052 DFSR - ok
19:32:21.0875 3052 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
19:32:21.0891 3052 Dhcp - ok
19:32:21.0997 3052 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:32:22.0000 3052 disk - ok
19:32:22.0093 3052 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
19:32:22.0107 3052 Dnscache - ok
19:32:22.0198 3052 DockLoginService (13511564cac5a005255765e322c16967) C:\Program Files\Dell\DellDock\DockLogin.exe
19:32:22.0242 3052 DockLoginService - ok
19:32:22.0322 3052 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
19:32:22.0326 3052 dot3svc - ok
19:32:22.0398 3052 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
19:32:22.0409 3052 DPS - ok
19:32:22.0479 3052 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:32:22.0483 3052 drmkaud - ok
19:32:22.0545 3052 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:32:22.0555 3052 DXGKrnl - ok
19:32:22.0632 3052 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
19:32:22.0636 3052 e1express - ok
19:32:22.0667 3052 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:32:22.0670 3052 E1G60 - ok
19:32:22.0728 3052 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
19:32:22.0739 3052 EapHost - ok
19:32:22.0818 3052 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:32:22.0822 3052 Ecache - ok
19:32:22.0886 3052 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
19:32:22.0908 3052 ehRecvr - ok
19:32:22.0921 3052 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
19:32:22.0926 3052 ehSched - ok
19:32:22.0940 3052 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
19:32:22.0951 3052 ehstart - ok
19:32:23.0051 3052 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:32:23.0057 3052 elxstor - ok
19:32:23.0131 3052 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
19:32:23.0153 3052 EMDMgmt - ok
19:32:23.0181 3052 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
19:32:23.0184 3052 ErrDev - ok
19:32:23.0233 3052 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
19:32:23.0267 3052 EventSystem - ok
19:32:23.0363 3052 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:32:23.0367 3052 exfat - ok
19:32:23.0395 3052 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:32:23.0399 3052 fastfat - ok
19:32:23.0501 3052 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:32:23.0503 3052 fdc - ok
19:32:23.0545 3052 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
19:32:23.0555 3052 fdPHost - ok
19:32:23.0569 3052 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
19:32:23.0581 3052 FDResPub - ok
19:32:23.0630 3052 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:32:23.0633 3052 FileInfo - ok
19:32:23.0656 3052 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:32:23.0658 3052 Filetrace - ok
19:32:23.0683 3052 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:32:23.0686 3052 flpydisk - ok
19:32:23.0731 3052 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:32:23.0736 3052 FltMgr - ok
19:32:23.0860 3052 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
19:32:23.0872 3052 FontCache - ok
19:32:23.0968 3052 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:32:23.0972 3052 FontCache3.0.0.0 - ok
19:32:24.0044 3052 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:32:24.0048 3052 Fs_Rec - ok
19:32:24.0075 3052 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:32:24.0078 3052 gagp30kx - ok
19:32:24.0115 3052 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:32:24.0120 3052 GEARAspiWDM - ok
19:32:24.0223 3052 Giraffic - ok
19:32:24.0300 3052 GoogleDesktopManager-010708-104812 (ff0e0e6e5768b82bead44bfbcb9bdfe6) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
19:32:24.0306 3052 GoogleDesktopManager-010708-104812 - ok
19:32:24.0373 3052 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
19:32:24.0384 3052 GoToAssist - ok
19:32:24.0487 3052 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
19:32:24.0507 3052 gpsvc - ok
19:32:24.0606 3052 gusvc (751c1d2ca2abf4a9f5a6b8d7d45b907c) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:32:24.0615 3052 gusvc - ok
19:32:24.0720 3052 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:32:24.0728 3052 HDAudBus - ok
19:32:24.0769 3052 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:32:24.0772 3052 HidBth - ok
19:32:24.0801 3052 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:32:24.0803 3052 HidIr - ok
19:32:24.0841 3052 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
19:32:24.0845 3052 hidserv - ok
19:32:24.0889 3052 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
19:32:24.0892 3052 HidUsb - ok
19:32:24.0933 3052 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
19:32:24.0939 3052 hkmsvc - ok
19:32:24.0963 3052 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:32:24.0965 3052 HpCISSs - ok
19:32:25.0054 3052 HSF_DPV (99f85640054ba65190b860d878a7c9ae) C:\Windows\system32\DRIVERS\HSX_DPV.sys
19:32:25.0069 3052 HSF_DPV - ok
19:32:25.0103 3052 HSXHWAZL (cfbc2b81972e298f0e19ee68fa9e73da) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
19:32:25.0109 3052 HSXHWAZL - ok
19:32:25.0167 3052 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:32:25.0176 3052 HTTP - ok
19:32:25.0235 3052 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:32:25.0238 3052 i2omp - ok
19:32:25.0357 3052 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:32:25.0360 3052 i8042prt - ok
19:32:25.0470 3052 IAANTMON (ae38a12f79a4980ddb88f36514f8a1da) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
19:32:25.0480 3052 IAANTMON - ok
19:32:25.0590 3052 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
19:32:25.0597 3052 iaStor - ok
19:32:25.0669 3052 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:32:25.0674 3052 iaStorV - ok
19:32:25.0789 3052 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:32:25.0833 3052 idsvc - ok
19:32:25.0975 3052 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:32:26.0006 3052 igfx - ok
19:32:26.0040 3052 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:32:26.0043 3052 iirsp - ok
19:32:26.0090 3052 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
19:32:26.0109 3052 IKEEXT - ok
19:32:26.0241 3052 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
19:32:26.0246 3052 IntcHdmiAddService - ok
19:32:26.0278 3052 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
19:32:26.0280 3052 intelide - ok
19:32:26.0299 3052 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:32:26.0304 3052 intelppm - ok
19:32:26.0347 3052 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
19:32:26.0352 3052 IPBusEnum - ok
19:32:26.0409 3052 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:32:26.0413 3052 IpFilterDriver - ok
19:32:26.0456 3052 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
19:32:26.0473 3052 iphlpsvc - ok
19:32:26.0509 3052 IpInIp - ok
19:32:26.0553 3052 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:32:26.0557 3052 IPMIDRV - ok
19:32:26.0591 3052 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:32:26.0595 3052 IPNAT - ok
19:32:26.0687 3052 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
19:32:26.0719 3052 iPod Service - ok
19:32:26.0815 3052 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:32:26.0818 3052 IRENUM - ok
19:32:26.0863 3052 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:32:26.0866 3052 isapnp - ok
19:32:26.0950 3052 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:32:26.0956 3052 iScsiPrt - ok
19:32:26.0997 3052 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:32:27.0000 3052 iteatapi - ok
19:32:27.0035 3052 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:32:27.0038 3052 iteraid - ok
19:32:27.0062 3052 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:32:27.0065 3052 kbdclass - ok
19:32:27.0147 3052 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
19:32:27.0150 3052 kbdhid - ok
19:32:27.0208 3052 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:32:27.0227 3052 KeyIso - ok
19:32:27.0401 3052 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\Windows\system32\DRIVERS\kl1.sys
19:32:27.0404 3052 KL1 - ok
19:32:27.0433 3052 kl2 (713576569667ac9e0f8556076004a96b) C:\Windows\system32\DRIVERS\kl2.sys
19:32:27.0435 3052 kl2 - ok
19:32:27.0506 3052 klif (39920d69eaedb51757527aa54fe25216) C:\Windows\system32\DRIVERS\klif.sys
19:32:27.0515 3052 klif - ok
19:32:27.0718 3052 KLIM6 (cf88b4985d957eee45c9939092e87c92) C:\Windows\system32\DRIVERS\klim6.sys
19:32:27.0720 3052 KLIM6 - ok
19:32:27.0752 3052 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
19:32:27.0754 3052 klmouflt - ok
19:32:27.0805 3052 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
19:32:27.0812 3052 KSecDD - ok
19:32:27.0891 3052 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
19:32:27.0906 3052 KtmRm - ok
19:32:27.0948 3052 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
19:32:27.0957 3052 LanmanServer - ok
19:32:28.0008 3052 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
19:32:28.0028 3052 LanmanWorkstation - ok
19:32:28.0079 3052 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:32:28.0083 3052 lltdio - ok
19:32:28.0167 3052 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
19:32:28.0174 3052 lltdsvc - ok
19:32:28.0218 3052 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
19:32:28.0240 3052 lmhosts - ok
19:32:28.0311 3052 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:32:28.0315 3052 LSI_FC - ok
19:32:28.0351 3052 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:32:28.0354 3052 LSI_SAS - ok
19:32:28.0473 3052 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:32:28.0476 3052 LSI_SCSI - ok
19:32:28.0530 3052 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:32:28.0533 3052 luafv - ok
19:32:28.0615 3052 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files\Common Files\Motive\McciCMService.exe
19:32:28.0624 3052 McciCMService - ok
19:32:28.0719 3052 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
19:32:28.0737 3052 McComponentHostService - ok
19:32:28.0824 3052 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
19:32:28.0835 3052 Mcx2Svc - ok
19:32:28.0918 3052 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:32:28.0922 3052 mdmxsdk - ok
19:32:28.0965 3052 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:32:28.0967 3052 megasas - ok
19:32:29.0005 3052 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:32:29.0012 3052 MegaSR - ok
19:32:29.0051 3052 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:32:29.0064 3052 MMCSS - ok
19:32:29.0092 3052 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:32:29.0096 3052 Modem - ok
19:32:29.0120 3052 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:32:29.0122 3052 monitor - ok
19:32:29.0143 3052 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:32:29.0145 3052 mouclass - ok
19:32:29.0171 3052 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:32:29.0174 3052 mouhid - ok
19:32:29.0199 3052 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:32:29.0202 3052 MountMgr - ok
19:32:29.0256 3052 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:32:29.0259 3052 mpio - ok
19:32:29.0309 3052 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:32:29.0313 3052 mpsdrv - ok
19:32:29.0360 3052 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
19:32:29.0380 3052 MpsSvc - ok
19:32:29.0436 3052 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:32:29.0440 3052 Mraid35x - ok
19:32:29.0494 3052 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
19:32:29.0497 3052 MREMP50 - ok
19:32:29.0502 3052 MREMPR5 - ok
19:32:29.0509 3052 MRENDIS5 - ok
19:32:29.0560 3052 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
19:32:29.0564 3052 MRESP50 - ok
19:32:29.0644 3052 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:32:29.0647 3052 MRxDAV - ok
19:32:29.0681 3052 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:32:29.0689 3052 mrxsmb - ok
19:32:29.0722 3052 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:32:29.0728 3052 mrxsmb10 - ok
19:32:29.0745 3052 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:32:29.0750 3052 mrxsmb20 - ok
19:32:29.0800 3052 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
19:32:29.0802 3052 msahci - ok
19:32:29.0832 3052 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:32:29.0836 3052 msdsm - ok
19:32:29.0876 3052 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
19:32:29.0882 3052 MSDTC - ok
19:32:29.0940 3052 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:32:29.0943 3052 Msfs - ok
19:32:29.0967 3052 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:32:29.0970 3052 msisadrv - ok
19:32:30.0019 3052 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
19:32:30.0024 3052 MSiSCSI - ok
19:32:30.0034 3052 msiserver - ok
19:32:30.0062 3052 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:32:30.0065 3052 MSKSSRV - ok
19:32:30.0090 3052 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:32:30.0093 3052 MSPCLOCK - ok
19:32:30.0115 3052 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:32:30.0119 3052 MSPQM - ok
19:32:30.0190 3052 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:32:30.0194 3052 MsRPC - ok
19:32:30.0226 3052 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:32:30.0230 3052 mssmbios - ok
19:32:30.0273 3052 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:32:30.0275 3052 MSTEE - ok
19:32:30.0295 3052 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:32:30.0298 3052 Mup - ok
19:32:30.0345 3052 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
19:32:30.0365 3052 napagent - ok
19:32:30.0446 3052 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:32:30.0450 3052 NativeWifiP - ok
19:32:30.0521 3052 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:32:30.0529 3052 NDIS - ok
19:32:30.0596 3052 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:32:30.0599 3052 NdisTapi - ok
19:32:30.0639 3052 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:32:30.0642 3052 Ndisuio - ok
19:32:30.0693 3052 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:32:30.0696 3052 NdisWan - ok
19:32:30.0751 3052 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:32:30.0754 3052 NDProxy - ok
19:32:30.0802 3052 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:32:30.0805 3052 NetBIOS - ok
19:32:30.0860 3052 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:32:30.0864 3052 netbt - ok
19:32:30.0910 3052 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:32:30.0925 3052 Netlogon - ok
19:32:30.0975 3052 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
19:32:30.0990 3052 Netman - ok
19:32:31.0035 3052 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
19:32:31.0047 3052 netprofm - ok
19:32:31.0109 3052 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:32:31.0113 3052 NetTcpPortSharing - ok
19:32:31.0188 3052 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:32:31.0191 3052 nfrd960 - ok
19:32:31.0240 3052 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
19:32:31.0253 3052 NlaSvc - ok
19:32:31.0321 3052 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:32:31.0324 3052 Npfs - ok
19:32:31.0359 3052 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
19:32:31.0366 3052 nsi - ok
19:32:31.0395 3052 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:32:31.0398 3052 nsiproxy - ok
19:32:31.0466 3052 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:32:31.0482 3052 Ntfs - ok
19:32:31.0561 3052 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:32:31.0563 3052 ntrigdigi - ok
19:32:31.0589 3052 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:32:31.0592 3052 Null - ok
19:32:31.0628 3052 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:32:31.0631 3052 nvraid - ok
19:32:31.0660 3052 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:32:31.0662 3052 nvstor - ok
19:32:31.0727 3052 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:32:31.0730 3052 nv_agp - ok
19:32:31.0743 3052 NwlnkFlt - ok
19:32:31.0764 3052 NwlnkFwd - ok
19:32:31.0803 3052 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
19:32:31.0806 3052 ohci1394 - ok
19:32:31.0855 3052 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:32:31.0868 3052 p2pimsvc - ok
19:32:31.0900 3052 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:32:31.0912 3052 p2psvc - ok
19:32:31.0953 3052 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:32:31.0957 3052 Parport - ok
19:32:32.0014 3052 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
19:32:32.0016 3052 partmgr - ok
19:32:32.0041 3052 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:32:32.0043 3052 Parvdm - ok
19:32:32.0079 3052 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
19:32:32.0092 3052 PcaSvc - ok
19:32:32.0148 3052 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:32:32.0151 3052 pci - ok
19:32:32.0206 3052 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
19:32:32.0208 3052 pciide - ok
19:32:32.0267 3052 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:32:32.0271 3052 pcmcia - ok
19:32:32.0351 3052 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:32:32.0365 3052 PEAUTH - ok
19:32:32.0449 3052 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
19:32:32.0473 3052 pla - ok
19:32:32.0515 3052 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
19:32:32.0534 3052 PlugPlay - ok
19:32:32.0598 3052 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:32:32.0610 3052 PNRPAutoReg - ok
19:32:32.0643 3052 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:32:32.0655 3052 PNRPsvc - ok
19:32:32.0712 3052 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
19:32:32.0719 3052 PolicyAgent - ok
19:32:32.0788 3052 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:32:32.0791 3052 PptpMiniport - ok
19:32:32.0831 3052 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
19:32:32.0833 3052 Processor - ok
19:32:32.0880 3052 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
19:32:32.0903 3052 ProfSvc - ok
19:32:32.0939 3052 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:32:32.0953 3052 ProtectedStorage - ok
19:32:32.0993 3052 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:32:32.0996 3052 PSched - ok
19:32:33.0051 3052 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
19:32:33.0063 3052 PxHelp20 - ok
19:32:33.0189 3052 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:32:33.0205 3052 ql2300 - ok
19:32:33.0234 3052 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:32:33.0237 3052 ql40xx - ok
19:32:33.0275 3052 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
19:32:33.0284 3052 QWAVE - ok
19:32:33.0350 3052 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:32:33.0353 3052 QWAVEdrv - ok
19:32:33.0446 3052 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
19:32:33.0474 3052 R300 - ok
19:32:33.0537 3052 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:32:33.0540 3052 RasAcd - ok
19:32:33.0581 3052 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
19:32:33.0588 3052 RasAuto - ok
19:32:33.0628 3052 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:32:33.0631 3052 Rasl2tp - ok
19:32:33.0670 3052 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
19:32:33.0688 3052 RasMan - ok
19:32:33.0737 3052 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:32:33.0739 3052 RasPppoe - ok
19:32:33.0820 3052 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:32:33.0823 3052 RasSstp - ok
19:32:33.0876 3052 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:32:33.0880 3052 rdbss - ok
19:32:33.0906 3052 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:32:33.0909 3052 RDPCDD - ok
19:32:33.0949 3052 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:32:33.0955 3052 rdpdr - ok
19:32:33.0967 3052 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:32:33.0970 3052 RDPENCDD - ok
19:32:34.0025 3052 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
19:32:34.0030 3052 RDPWD - ok
19:32:34.0090 3052 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
19:32:34.0096 3052 RemoteAccess - ok
19:32:34.0139 3052 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
19:32:34.0146 3052 RemoteRegistry - ok
19:32:34.0236 3052 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
19:32:34.0240 3052 rimmptsk - ok
19:32:34.0262 3052 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
19:32:34.0266 3052 rimsptsk - ok
19:32:34.0285 3052 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
19:32:34.0287 3052 rismxdp - ok
19:32:34.0322 3052 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
19:32:34.0327 3052 RpcLocator - ok
19:32:34.0375 3052 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:32:34.0397 3052 RpcSs - ok
19:32:34.0460 3052 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:32:34.0464 3052 rspndr - ok
19:32:34.0502 3052 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:32:34.0517 3052 SamSs - ok
19:32:34.0594 3052 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:32:34.0598 3052 sbp2port - ok
19:32:34.0641 3052 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
19:32:34.0647 3052 SCardSvr - ok
19:32:34.0704 3052 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
19:32:34.0722 3052 Schedule - ok
19:32:34.0747 3052 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:32:34.0750 3052 SCPolicySvc - ok
19:32:34.0814 3052 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
19:32:34.0817 3052 sdbus - ok
19:32:34.0856 3052 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
19:32:34.0868 3052 SDRSVC - ok
19:32:34.0941 3052 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:32:34.0945 3052 secdrv - ok
19:32:34.0964 3052 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
19:32:34.0977 3052 seclogon - ok
19:32:35.0003 3052 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
19:32:35.0016 3052 SENS - ok
19:32:35.0060 3052 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:32:35.0063 3052 Serenum - ok
19:32:35.0095 3052 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:32:35.0099 3052 Serial - ok
19:32:35.0181 3052 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:32:35.0184 3052 sermouse - ok
19:32:35.0271 3052 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
19:32:35.0279 3052 SessionEnv - ok
19:32:35.0371 3052 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
19:32:35.0374 3052 sffdisk - ok
19:32:35.0392 3052 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:32:35.0395 3052 sffp_mmc - ok
19:32:35.0419 3052 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
19:32:35.0423 3052 sffp_sd - ok
19:32:35.0450 3052 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:32:35.0453 3052 sfloppy - ok
19:32:35.0496 3052 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
19:32:35.0504 3052 SharedAccess - ok
19:32:35.0543 3052 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
19:32:35.0551 3052 ShellHWDetection - ok
19:32:35.0593 3052 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:32:35.0596 3052 sisagp - ok
19:32:35.0622 3052 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:32:35.0626 3052 SiSRaid2 - ok
19:32:35.0662 3052 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:32:35.0665 3052 SiSRaid4 - ok
19:32:35.0821 3052 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
19:32:35.0878 3052 slsvc - ok
19:32:35.0986 3052 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
19:32:35.0993 3052 SLUINotify - ok
19:32:36.0039 3052 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:32:36.0042 3052 Smb - ok
19:32:36.0095 3052 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
19:32:36.0102 3052 SNMPTRAP - ok
19:32:36.0140 3052 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:32:36.0143 3052 spldr - ok
19:32:36.0213 3052 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
19:32:36.0225 3052 Spooler - ok
19:32:36.0268 3052 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:32:36.0275 3052 srv - ok
19:32:36.0343 3052 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:32:36.0348 3052 srv2 - ok
19:32:36.0370 3052 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:32:36.0375 3052 srvnet - ok
19:32:36.0432 3052 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
19:32:36.0441 3052 SSDPSRV - ok
19:32:36.0527 3052 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
19:32:36.0541 3052 SstpSvc - ok
19:32:36.0645 3052 STacSV (7e6dd4b34acd36af6c711d2bde91b040) C:\Windows\system32\STacSV.exe
19:32:36.0651 3052 STacSV - ok
19:32:36.0719 3052 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
19:32:36.0726 3052 STHDA - ok
19:32:36.0801 3052 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
19:32:36.0813 3052 stisvc - ok
19:32:36.0894 3052 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
19:32:36.0907 3052 stllssvr - ok
19:32:36.0984 3052 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:32:36.0987 3052 swenum - ok
19:32:37.0034 3052 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
19:32:37.0043 3052 swprv - ok
19:32:37.0079 3052 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:32:37.0082 3052 Symc8xx - ok
19:32:37.0102 3052 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:32:37.0105 3052 Sym_hi - ok
19:32:37.0138 3052 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:32:37.0141 3052 Sym_u3 - ok
19:32:37.0221 3052 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
19:32:37.0245 3052 SysMain - ok
19:32:37.0279 3052 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
19:32:37.0292 3052 TabletInputService - ok
19:32:37.0348 3052 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
19:32:37.0357 3052 TapiSrv - ok
19:32:37.0377 3052 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
19:32:37.0384 3052 TBS - ok
19:32:37.0465 3052 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
19:32:37.0478 3052 Tcpip - ok
19:32:37.0576 3052 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
19:32:37.0589 3052 Tcpip6 - ok
19:32:37.0629 3052 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:32:37.0639 3052 tcpipreg - ok
19:32:37.0693 3052 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:32:37.0696 3052 TDPIPE - ok
19:32:37.0726 3052 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:32:37.0730 3052 TDTCP - ok
19:32:37.0797 3052 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:32:37.0800 3052 tdx - ok
19:32:37.0847 3052 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:32:37.0851 3052 TermDD - ok
19:32:37.0911 3052 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
19:32:37.0922 3052 TermService - ok
19:32:37.0970 3052 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
19:32:37.0978 3052 Themes - ok
19:32:38.0019 3052 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:32:38.0030 3052 THREADORDER - ok
19:32:38.0067 3052 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
19:32:38.0079 3052 TrkWks - ok
19:32:38.0134 3052 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
19:32:38.0137 3052 TrustedInstaller - ok
19:32:38.0221 3052 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:32:38.0225 3052 tssecsrv - ok
19:32:38.0272 3052 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:32:38.0275 3052 tunmp - ok
19:32:38.0341 3052 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:32:38.0356 3052 tunnel - ok
19:32:38.0403 3052 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:32:38.0406 3052 uagp35 - ok
19:32:38.0450 3052 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:32:38.0455 3052 udfs - ok
19:32:38.0541 3052 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
19:32:38.0548 3052 UI0Detect - ok
19:32:38.0616 3052 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:32:38.0619 3052 uliagpkx - ok
19:32:38.0671 3052 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:32:38.0677 3052 uliahci - ok
19:32:38.0733 3052 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:32:38.0737 3052 UlSata - ok
19:32:38.0814 3052 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:32:38.0818 3052 ulsata2 - ok
19:32:38.0853 3052 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:32:38.0857 3052 umbus - ok
19:32:38.0944 3052 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
19:32:38.0954 3052 upnphost - ok
19:32:39.0022 3052 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:32:39.0026 3052 usbccgp - ok
19:32:39.0057 3052 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:32:39.0061 3052 usbcir - ok
19:32:39.0159 3052 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:32:39.0161 3052 usbehci - ok
19:32:39.0184 3052 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:32:39.0188 3052 usbhub - ok
19:32:39.0239 3052 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:32:39.0244 3052 usbohci - ok
19:32:39.0275 3052 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
19:32:39.0278 3052 usbprint - ok
19:32:39.0326 3052 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:32:39.0329 3052 USBSTOR - ok
19:32:39.0373 3052 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:32:39.0376 3052 usbuhci - ok
19:32:39.0405 3052 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
19:32:39.0412 3052 UxSms - ok
19:32:39.0451 3052 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
19:32:39.0462 3052 vds - ok
19:32:39.0533 3052 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:32:39.0536 3052 vga - ok
19:32:39.0560 3052 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:32:39.0563 3052 VgaSave - ok
19:32:39.0594 3052 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:32:39.0597 3052 viaagp - ok
19:32:39.0645 3052 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:32:39.0648 3052 ViaC7 - ok
19:32:39.0681 3052 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
19:32:39.0684 3052 viaide - ok
19:32:39.0707 3052 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:32:39.0711 3052 volmgr - ok
19:32:39.0759 3052 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:32:39.0765 3052 volmgrx - ok
19:32:39.0824 3052 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:32:39.0828 3052 volsnap - ok
19:32:39.0872 3052 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:32:39.0876 3052 vsmraid - ok
19:32:39.0971 3052 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
19:32:40.0000 3052 VSS - ok
19:32:40.0036 3052 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
19:32:40.0045 3052 W32Time - ok
19:32:40.0124 3052 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:32:40.0127 3052 WacomPen - ok
19:32:40.0157 3052 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:32:40.0161 3052 Wanarp - ok
19:32:40.0169 3052 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:32:40.0173 3052 Wanarpv6 - ok
19:32:40.0223 3052 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
19:32:40.0245 3052 wcncsvc - ok
19:32:40.0277 3052 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
19:32:40.0289 3052 WcsPlugInService - ok
19:32:40.0366 3052 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:32:40.0369 3052 Wd - ok
19:32:40.0413 3052 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:32:40.0423 3052 Wdf01000 - ok
19:32:40.0455 3052 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:32:40.0462 3052 WdiServiceHost - ok
19:32:40.0477 3052 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:32:40.0484 3052 WdiSystemHost - ok
19:32:40.0526 3052 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
19:32:40.0545 3052 WebClient - ok
19:32:40.0617 3052 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
19:32:40.0627 3052 Wecsvc - ok
19:32:40.0672 3052 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
19:32:40.0684 3052 wercplsupport - ok
19:32:40.0748 3052 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
19:32:40.0766 3052 WerSvc - ok
19:32:40.0833 3052 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
19:32:40.0844 3052 winachsf - ok
19:32:40.0943 3052 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
19:32:40.0955 3052 WinDefend - ok
19:32:40.0964 3052 WinHttpAutoProxySvc - ok
19:32:41.0097 3052 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
19:32:41.0112 3052 Winmgmt - ok
19:32:41.0179 3052 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
19:32:41.0202 3052 WinRM - ok
19:32:41.0258 3052 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
19:32:41.0287 3052 Wlansvc - ok
19:32:41.0299 3052 wltrysvc - ok
19:32:41.0354 3052 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:32:41.0358 3052 WmiAcpi - ok
19:32:41.0419 3052 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
19:32:41.0424 3052 wmiApSrv - ok
19:32:41.0521 3052 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:32:41.0554 3052 WMPNetworkSvc - ok
19:32:41.0633 3052 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
19:32:41.0641 3052 WPCSvc - ok
19:32:41.0689 3052 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
19:32:41.0699 3052 WPDBusEnum - ok
19:32:41.0806 3052 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:32:41.0823 3052 WPFFontCache_v0400 - ok
19:32:41.0911 3052 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:32:41.0915 3052 ws2ifsl - ok
19:32:41.0951 3052 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
19:32:41.0958 3052 wscsvc - ok
19:32:41.0970 3052 WSearch - ok
19:32:42.0075 3052 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
19:32:42.0113 3052 wuauserv - ok
19:32:42.0191 3052 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:32:42.0195 3052 WUDFRd - ok
19:32:42.0237 3052 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
19:32:42.0252 3052 wudfsvc - ok
19:32:42.0293 3052 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
19:32:42.0297 3052 XAudio - ok
19:32:42.0395 3052 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
19:32:42.0402 3052 XAudioService - ok
19:32:42.0481 3052 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
19:32:42.0515 3052 YahooAUService - ok
19:32:42.0573 3052 yukonwlh (a4822191c7cea271903c2a4fb6d9809d) C:\Windows\system32\DRIVERS\yk60x86.sys
19:32:42.0579 3052 yukonwlh - ok
19:32:42.0636 3052 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
19:32:42.0696 3052 \Device\Harddisk0\DR0 - ok
19:32:42.0711 3052 Boot (0x1200) (1c87bb41b794aa77b498067de1159056) \Device\Harddisk0\DR0\Partition0
19:32:42.0713 3052 \Device\Harddisk0\DR0\Partition0 - ok
19:32:42.0715 3052 Boot (0x1200) (a1f4076aafdafcf92571a0cd3947c037) \Device\Harddisk0\DR0\Partition1
19:32:42.0717 3052 \Device\Harddisk0\DR0\Partition1 - ok
19:32:42.0717 3052 ============================================================
19:32:42.0717 3052 Scan finished
19:32:42.0717 3052 ============================================================
19:32:42.0721 5536 Detected object count: 0
19:32:42.0721 5536 Actual detected object count: 0

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:47 AM

Posted 29 March 2012 - 08:14 PM

It does look pretty good. You may have a bootkit.
I only saw an exploitable Java entry. Old Javas can be entry points for malware.
Remove this and reboot.. Java™ 6 Update 7 (Version: 1.6.0.70)


The music issue may be a Bootkit.

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 xRileyx

xRileyx
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 29 March 2012 - 09:05 PM

Bootkit Remover
© 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`73800000
Boot sector MD5 is: fe5642739ba66ba18c128543669678a2

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:47 AM

Posted 30 March 2012 - 09:09 AM

Ok, As I susupected,it's there.

Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.
Include the Bootkit report above.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 xRileyx

xRileyx
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 30 March 2012 - 01:57 PM

I'm having issues completing the steps. I can't download DDS. Every time I click on the 'download now' button nothing happens.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:47 AM

Posted 30 March 2012 - 02:14 PM

If you cannot get DDS to work, please try this instead.

Please download OTL by OldTimer and save it to your Desktop.
  • Close all other applications and windows so that you have nothing open.
  • Double click on the Posted Image icon on your desktop.

    Vista/Windows 7 users right-click and select Run As Administrator.
    If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
  • Under Output, ensure that Minimal Output is selected.
  • Click the "Scan All Users" checkbox.
    Leave the remaining selections to the default settings.
  • Click the Posted Image button.
  • Do not use the computer while the scan is in progress.
  • When the scan is complete, two log files will open in Notepad:
    • OTListIt.txt <- (will be maximized)
    • Extras.txt <- (will be minimized in the Task Bar).
  • Both logs are automatically saved to the Desktop.
  • Please copy and paste the contents of OTListIt.txt and Extras.txt in your next reply.
    If the Extras.txt log is too long, you may need to add a second reply to your thread or upload it as an attachment.
  • Click the red X in the upper right corner to exit OTL.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run. If OTL did not work, then reply back here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 xRileyx

xRileyx
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 03 April 2012 - 04:56 PM

Just finished getting rid of the bootkit and my computer is in great shape.

I wasn't sure if you'd need me to do anything else in this thread, so if not is it okay if I delete minitoolbox and bootkit remover? Oh, and the ones I needed for bootkit removal as well: aswMBR, ESET and ListParts?

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:47 AM

Posted 03 April 2012 - 07:10 PM

Hello, glad to hear it. you can remove all the tools. I did not ask for these yet ESET and ListParts.

But I would like to run the ESET scanner after that bootkit removal to catch any remnants..
Also in Control Panel >>Remove programs,you need to remove this.. Java™ 6 Update 7 (Version: 1.6.0.70)
Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.




I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 xRileyx

xRileyx
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 03 April 2012 - 10:37 PM

Okey doke. I removed the Java Update and finished the ESET scan. It didn't find anything so there was no log.

Edited by xRileyx, 03 April 2012 - 10:37 PM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:47 AM

Posted 04 April 2012 - 09:47 AM

Thanks,I'd say you are good to go then.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 xRileyx

xRileyx
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 04 April 2012 - 02:31 PM

I did the bootkit scan again and it showed the same information. Do I need to uninstall and reinstall the program before scanning again or is my computer still infected?

Edited by xRileyx, 04 April 2012 - 02:55 PM.


#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:47 AM

Posted 04 April 2012 - 08:12 PM

If it showed again I think it best you post the new topic as suggested in post 6. If there's a protected malware file we need to see it and get it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 xRileyx

xRileyx
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 04 April 2012 - 08:25 PM

Okay, I'll do that. Thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users