Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect


  • Please log in to reply
16 replies to this topic

#1 LittleCaterpillar

LittleCaterpillar

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 30 April 2012 - 04:22 PM

Hi :) Just found you via Mozilla and since this website is easily the best I've seen help-wise I thought I'd beg you for help before going to my local not-terribly-helpful computer shop - would anyone mind helping me please?

For some reason I'm now getting redirected everytime I use Google search. If I ask a question, the search will take a long time (even though on Google it still says the search took 0.5 seconds or whatever). The search results all get redirected, occasionally to dodgy sites Firefox stops for me or to other websites like Bing.

I've run MSE, Malwarebytes and Superantispyware, all of which were downloaded before this problem started - nothing. Everything's dandy according to them.

I don't know if this is connected to the other problem I'm having with a Windows update that refuses to finish, or if it's a hanger-on from being infected wth the Smart HDD virus a few weeks ago (that was professionally removed for me). I've also noticed that I appear to be unable to start in Safe Mode, if I'm going about it in the right way.

I run Windows 7 and only use Mozilla Firefox 12.0. All my plugins are up to date, bar Google Earth. I do have IE 9 but I have never used it. I know other people have had this same problem but all were slightly different to my set-up and the topics didn't seem to suggest someone else joining them would be particularly helpful. I hope starting a new topic was the right thing to do.

Thank you for any help you can give me.

LittleCaterpillar

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:26 PM

Posted 30 April 2012 - 04:32 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 LittleCaterpillar

LittleCaterpillar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 30 April 2012 - 04:47 PM

ThaNks for the fast answer. I clicked on the link for TDSSkiller and downloaded it but it's refusing to launch. Am I missing a step?

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:26 PM

Posted 30 April 2012 - 04:59 PM

Download

FIXTDSS

Launch it ,It may ask for restart,reboot the PC

On reboot click on repair

Now run tdsskiller and aswmbr

good luck

#5 LittleCaterpillar

LittleCaterpillar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 30 April 2012 - 05:17 PM

Hi,

Thanks again - I downloaded FIXTDSS and ran it and it did work although after it rebooted MSE woke up and told me about an Alureon trojan it had isolated. It's been quarantined and removed.

I then ran TDSSkiller but I'm not sure where/how to find the log on my C drive? Would you mind telling me how to find it and whether you'd like me to post the log first before running aswMBR?

EDIT: I think I just found it, my apologies. Should I go ahead and run aswMBR, or wait until you've seen the log?






23:12:47.0273 3352 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
23:12:47.0429 3352 ============================================================
23:12:47.0429 3352 Current date / time: 2012/04/30 23:12:47.0429
23:12:47.0429 3352 SystemInfo:
23:12:47.0429 3352
23:12:47.0429 3352 OS Version: 6.1.7601 ServicePack: 1.0
23:12:47.0429 3352 Product type: Workstation
23:12:47.0429 3352 ComputerName: LAURA-PC
23:12:47.0429 3352 UserName: Laura
23:12:47.0429 3352 Windows directory: C:\Windows
23:12:47.0429 3352 System windows directory: C:\Windows
23:12:47.0429 3352 Processor architecture: Intel x86
23:12:47.0429 3352 Number of processors: 2
23:12:47.0429 3352 Page size: 0x1000
23:12:47.0429 3352 Boot type: Normal boot
23:12:47.0429 3352 ============================================================
23:12:49.0117 3352 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:12:49.0132 3352 ============================================================
23:12:49.0132 3352 \Device\Harddisk0\DR0:
23:12:49.0148 3352 MBR partitions:
23:12:49.0148 3352 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x10029D5, BlocksNum 0x8507EDB
23:12:49.0148 3352 ============================================================
23:12:49.0179 3352 C: <-> \Device\Harddisk0\DR0\Partition0
23:12:49.0179 3352 ============================================================
23:12:49.0179 3352 Initialize success
23:12:49.0179 3352 ============================================================
23:13:09.0851 3672 ============================================================
23:13:09.0851 3672 Scan started
23:13:09.0851 3672 Mode: Manual; TDLFS;
23:13:09.0851 3672 ============================================================
23:13:11.0304 3672 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
23:13:11.0304 3672 !SASCORE - ok
23:13:11.0507 3672 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
23:13:11.0523 3672 1394ohci - ok
23:13:11.0585 3672 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
23:13:11.0601 3672 ACPI - ok
23:13:11.0632 3672 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
23:13:11.0632 3672 AcpiPmi - ok
23:13:11.0773 3672 AdobeActiveFileMonitor5.0 (177ff6608b48638d4066726f3a3f8444) C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
23:13:11.0773 3672 AdobeActiveFileMonitor5.0 - ok
23:13:11.0898 3672 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:13:11.0898 3672 AdobeARMservice - ok
23:13:11.0976 3672 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:13:11.0992 3672 AdobeFlashPlayerUpdateSvc - ok
23:13:12.0070 3672 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
23:13:12.0101 3672 adp94xx - ok
23:13:12.0148 3672 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
23:13:12.0164 3672 adpahci - ok
23:13:12.0195 3672 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
23:13:12.0195 3672 adpu320 - ok
23:13:12.0242 3672 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
23:13:12.0257 3672 AeLookupSvc - ok
23:13:12.0304 3672 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
23:13:12.0320 3672 AFD - ok
23:13:12.0367 3672 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
23:13:12.0367 3672 agp440 - ok
23:13:12.0414 3672 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
23:13:12.0414 3672 aic78xx - ok
23:13:12.0476 3672 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
23:13:12.0476 3672 ALG - ok
23:13:12.0523 3672 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
23:13:12.0523 3672 aliide - ok
23:13:12.0539 3672 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
23:13:12.0554 3672 amdagp - ok
23:13:12.0554 3672 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
23:13:12.0570 3672 amdide - ok
23:13:12.0632 3672 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
23:13:12.0632 3672 AmdK8 - ok
23:13:12.0648 3672 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
23:13:12.0648 3672 AmdPPM - ok
23:13:12.0710 3672 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
23:13:12.0726 3672 amdsata - ok
23:13:12.0757 3672 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
23:13:12.0757 3672 amdsbs - ok
23:13:12.0789 3672 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
23:13:12.0789 3672 amdxata - ok
23:13:12.0835 3672 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\Windows\system32\Drivers\ssadadb.sys
23:13:12.0835 3672 androidusb - ok
23:13:12.0945 3672 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
23:13:12.0945 3672 AppID - ok
23:13:13.0007 3672 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
23:13:13.0007 3672 AppIDSvc - ok
23:13:13.0039 3672 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
23:13:13.0039 3672 Appinfo - ok
23:13:13.0101 3672 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
23:13:13.0101 3672 arc - ok
23:13:13.0117 3672 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
23:13:13.0117 3672 arcsas - ok
23:13:13.0164 3672 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
23:13:13.0164 3672 AsyncMac - ok
23:13:13.0179 3672 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
23:13:13.0195 3672 atapi - ok
23:13:13.0273 3672 Ati External Event Utility (2039e24fe00639a9123dcd6f22d42d74) C:\Windows\system32\Ati2evxx.exe
23:13:13.0304 3672 Ati External Event Utility - ok
23:13:13.0570 3672 atikmdag (d2e9acb68fa61c911cc21e07f87705bf) C:\Windows\system32\DRIVERS\atikmdag.sys
23:13:13.0757 3672 atikmdag - ok
23:13:13.0945 3672 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
23:13:13.0960 3672 AudioEndpointBuilder - ok
23:13:13.0992 3672 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
23:13:13.0992 3672 Audiosrv - ok
23:13:14.0054 3672 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
23:13:14.0054 3672 AxInstSV - ok
23:13:14.0132 3672 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
23:13:14.0148 3672 b06bdrv - ok
23:13:14.0195 3672 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
23:13:14.0226 3672 b57nd60x - ok
23:13:14.0382 3672 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
23:13:14.0398 3672 BBSvc - ok
23:13:14.0445 3672 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
23:13:14.0460 3672 BBUpdate - ok
23:13:14.0492 3672 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
23:13:14.0507 3672 BDESVC - ok
23:13:14.0539 3672 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
23:13:14.0539 3672 Beep - ok
23:13:14.0601 3672 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
23:13:14.0632 3672 BFE - ok
23:13:14.0710 3672 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
23:13:14.0742 3672 BITS - ok
23:13:14.0820 3672 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
23:13:14.0820 3672 blbdrive - ok
23:13:14.0898 3672 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
23:13:14.0929 3672 Bonjour Service - ok
23:13:14.0960 3672 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
23:13:14.0976 3672 bowser - ok
23:13:15.0007 3672 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:13:15.0023 3672 BrFiltLo - ok
23:13:15.0039 3672 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:13:15.0039 3672 BrFiltUp - ok
23:13:15.0085 3672 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
23:13:15.0101 3672 Browser - ok
23:13:15.0132 3672 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
23:13:15.0148 3672 Brserid - ok
23:13:15.0164 3672 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
23:13:15.0179 3672 BrSerWdm - ok
23:13:15.0195 3672 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:13:15.0195 3672 BrUsbMdm - ok
23:13:15.0210 3672 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
23:13:15.0210 3672 BrUsbSer - ok
23:13:15.0226 3672 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
23:13:15.0226 3672 BTHMODEM - ok
23:13:15.0289 3672 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
23:13:15.0289 3672 bthserv - ok
23:13:15.0320 3672 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
23:13:15.0335 3672 cdfs - ok
23:13:15.0398 3672 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
23:13:15.0398 3672 cdrom - ok
23:13:15.0460 3672 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
23:13:15.0460 3672 CertPropSvc - ok
23:13:15.0476 3672 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
23:13:15.0476 3672 circlass - ok
23:13:15.0539 3672 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
23:13:15.0554 3672 CLFS - ok
23:13:15.0648 3672 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:13:15.0648 3672 clr_optimization_v2.0.50727_32 - ok
23:13:15.0742 3672 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:13:15.0789 3672 clr_optimization_v4.0.30319_32 - ok
23:13:15.0835 3672 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
23:13:15.0835 3672 CmBatt - ok
23:13:15.0898 3672 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
23:13:15.0898 3672 cmdide - ok
23:13:15.0960 3672 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
23:13:15.0976 3672 CNG - ok
23:13:16.0007 3672 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
23:13:16.0007 3672 Compbatt - ok
23:13:16.0117 3672 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
23:13:16.0117 3672 CompositeBus - ok
23:13:16.0148 3672 COMSysApp - ok
23:13:16.0179 3672 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
23:13:16.0179 3672 crcdisk - ok
23:13:16.0242 3672 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
23:13:16.0242 3672 CryptSvc - ok
23:13:16.0304 3672 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
23:13:16.0320 3672 DcomLaunch - ok
23:13:16.0367 3672 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
23:13:16.0382 3672 defragsvc - ok
23:13:16.0429 3672 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
23:13:16.0429 3672 DfsC - ok
23:13:16.0492 3672 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
23:13:16.0507 3672 Dhcp - ok
23:13:16.0523 3672 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
23:13:16.0523 3672 discache - ok
23:13:16.0601 3672 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
23:13:16.0601 3672 Disk - ok
23:13:16.0632 3672 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
23:13:16.0648 3672 Dnscache - ok
23:13:16.0710 3672 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
23:13:16.0710 3672 dot3svc - ok
23:13:16.0757 3672 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
23:13:16.0757 3672 DPS - ok
23:13:16.0820 3672 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
23:13:16.0820 3672 drmkaud - ok
23:13:16.0867 3672 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
23:13:16.0882 3672 DXGKrnl - ok
23:13:16.0960 3672 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
23:13:16.0976 3672 EapHost - ok
23:13:17.0148 3672 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
23:13:17.0273 3672 ebdrv - ok
23:13:17.0382 3672 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
23:13:17.0382 3672 EFS - ok
23:13:17.0492 3672 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
23:13:17.0523 3672 ehRecvr - ok
23:13:17.0570 3672 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
23:13:17.0570 3672 ehSched - ok
23:13:17.0695 3672 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
23:13:17.0789 3672 elxstor - ok
23:13:17.0820 3672 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
23:13:17.0820 3672 ErrDev - ok
23:13:17.0882 3672 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
23:13:17.0898 3672 EventSystem - ok
23:13:17.0929 3672 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
23:13:17.0945 3672 exfat - ok
23:13:17.0976 3672 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
23:13:17.0976 3672 fastfat - ok
23:13:18.0054 3672 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
23:13:18.0085 3672 Fax - ok
23:13:18.0101 3672 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
23:13:18.0101 3672 fdc - ok
23:13:18.0117 3672 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
23:13:18.0117 3672 fdPHost - ok
23:13:18.0148 3672 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
23:13:18.0148 3672 FDResPub - ok
23:13:18.0164 3672 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
23:13:18.0164 3672 FileInfo - ok
23:13:18.0179 3672 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
23:13:18.0179 3672 Filetrace - ok
23:13:18.0210 3672 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
23:13:18.0210 3672 flpydisk - ok
23:13:18.0242 3672 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
23:13:18.0242 3672 FltMgr - ok
23:13:18.0304 3672 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
23:13:18.0351 3672 FontCache - ok
23:13:18.0460 3672 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:13:18.0476 3672 FontCache3.0.0.0 - ok
23:13:18.0507 3672 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
23:13:18.0507 3672 FsDepends - ok
23:13:18.0539 3672 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
23:13:18.0539 3672 Fs_Rec - ok
23:13:18.0617 3672 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
23:13:18.0617 3672 fvevol - ok
23:13:18.0664 3672 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:13:18.0664 3672 gagp30kx - ok
23:13:18.0710 3672 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\Windows\system32\Drivers\GEARAspiWDM.sys
23:13:18.0710 3672 GEARAspiWDM - ok
23:13:18.0773 3672 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
23:13:18.0804 3672 gpsvc - ok
23:13:18.0976 3672 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
23:13:18.0976 3672 gupdate - ok
23:13:19.0023 3672 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
23:13:19.0023 3672 gupdatem - ok
23:13:19.0085 3672 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:13:19.0117 3672 gusvc - ok
23:13:19.0164 3672 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
23:13:19.0164 3672 hcw85cir - ok
23:13:19.0210 3672 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
23:13:19.0210 3672 HDAudBus - ok
23:13:19.0242 3672 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
23:13:19.0242 3672 HidBatt - ok
23:13:19.0257 3672 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
23:13:19.0273 3672 HidBth - ok
23:13:19.0289 3672 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
23:13:19.0289 3672 HidIr - ok
23:13:19.0335 3672 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
23:13:19.0351 3672 hidserv - ok
23:13:19.0382 3672 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
23:13:19.0382 3672 HidUsb - ok
23:13:19.0429 3672 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
23:13:19.0429 3672 hkmsvc - ok
23:13:19.0476 3672 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
23:13:19.0492 3672 HomeGroupListener - ok
23:13:19.0523 3672 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
23:13:19.0539 3672 HomeGroupProvider - ok
23:13:19.0617 3672 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
23:13:19.0632 3672 hpqcxs08 - ok
23:13:19.0664 3672 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
23:13:19.0679 3672 hpqddsvc - ok
23:13:19.0726 3672 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
23:13:19.0742 3672 HpSAMD - ok
23:13:19.0867 3672 HPSLPSVC (a04f4ac48895774a2cf9d1c9eaaacef0) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
23:13:19.0914 3672 HPSLPSVC - ok
23:13:20.0054 3672 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
23:13:20.0070 3672 HTTP - ok
23:13:20.0132 3672 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
23:13:20.0132 3672 hwpolicy - ok
23:13:20.0195 3672 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
23:13:20.0195 3672 i8042prt - ok
23:13:20.0242 3672 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
23:13:20.0257 3672 iaStorV - ok
23:13:20.0367 3672 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
23:13:20.0367 3672 IDriverT - ok
23:13:20.0523 3672 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:13:20.0570 3672 idsvc - ok
23:13:20.0710 3672 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
23:13:20.0710 3672 iirsp - ok
23:13:20.0804 3672 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
23:13:20.0914 3672 IKEEXT - ok
23:13:21.0023 3672 IntcAzAudAddService (a47b2875680ad67b35c6150bd0203056) C:\Windows\system32\drivers\RTKVHDA.sys
23:13:21.0039 3672 IntcAzAudAddService - ok
23:13:21.0179 3672 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
23:13:21.0179 3672 intelide - ok
23:13:21.0242 3672 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
23:13:21.0242 3672 intelppm - ok
23:13:21.0273 3672 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
23:13:21.0289 3672 IPBusEnum - ok
23:13:21.0320 3672 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:13:21.0320 3672 IpFilterDriver - ok
23:13:21.0398 3672 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
23:13:21.0414 3672 iphlpsvc - ok
23:13:21.0445 3672 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
23:13:21.0445 3672 IPMIDRV - ok
23:13:21.0492 3672 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
23:13:21.0492 3672 IPNAT - ok
23:13:21.0523 3672 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
23:13:21.0523 3672 IRENUM - ok
23:13:21.0554 3672 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
23:13:21.0554 3672 isapnp - ok
23:13:21.0585 3672 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
23:13:21.0601 3672 iScsiPrt - ok
23:13:21.0632 3672 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:13:21.0632 3672 kbdclass - ok
23:13:21.0679 3672 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
23:13:21.0679 3672 kbdhid - ok
23:13:21.0773 3672 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:13:21.0773 3672 KeyIso - ok
23:13:21.0804 3672 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
23:13:21.0804 3672 KSecDD - ok
23:13:21.0851 3672 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
23:13:21.0851 3672 KSecPkg - ok
23:13:21.0898 3672 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
23:13:21.0914 3672 KtmRm - ok
23:13:21.0976 3672 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
23:13:22.0007 3672 LanmanServer - ok
23:13:22.0054 3672 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
23:13:22.0054 3672 LanmanWorkstation - ok
23:13:22.0117 3672 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
23:13:22.0117 3672 lltdio - ok
23:13:22.0148 3672 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
23:13:22.0164 3672 lltdsvc - ok
23:13:22.0179 3672 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
23:13:22.0179 3672 lmhosts - ok
23:13:22.0226 3672 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:13:22.0257 3672 LSI_FC - ok
23:13:22.0289 3672 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:13:22.0304 3672 LSI_SAS - ok
23:13:22.0335 3672 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:13:22.0335 3672 LSI_SAS2 - ok
23:13:22.0367 3672 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:13:22.0367 3672 LSI_SCSI - ok
23:13:22.0398 3672 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
23:13:22.0414 3672 luafv - ok
23:13:22.0445 3672 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
23:13:22.0445 3672 Mcx2Svc - ok
23:13:22.0460 3672 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
23:13:22.0476 3672 megasas - ok
23:13:22.0507 3672 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
23:13:22.0523 3672 MegaSR - ok
23:13:22.0570 3672 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
23:13:22.0570 3672 MMCSS - ok
23:13:22.0585 3672 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
23:13:22.0585 3672 Modem - ok
23:13:22.0632 3672 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
23:13:22.0632 3672 monitor - ok
23:13:22.0664 3672 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
23:13:22.0664 3672 mouclass - ok
23:13:22.0695 3672 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
23:13:22.0710 3672 mouhid - ok
23:13:22.0820 3672 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
23:13:22.0820 3672 mountmgr - ok
23:13:22.0929 3672 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:13:22.0945 3672 MozillaMaintenance - ok
23:13:23.0023 3672 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
23:13:23.0023 3672 MpFilter - ok
23:13:23.0070 3672 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
23:13:23.0070 3672 mpio - ok
23:13:23.0242 3672 MpKsl7eb7194a (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{03370889-2DF1-4960-A6BC-8EDDAF2B2E92}\MpKsl7eb7194a.sys
23:13:23.0242 3672 MpKsl7eb7194a - ok
23:13:23.0273 3672 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
23:13:23.0273 3672 mpsdrv - ok
23:13:23.0351 3672 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
23:13:23.0382 3672 MpsSvc - ok
23:13:23.0414 3672 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
23:13:23.0429 3672 MRxDAV - ok
23:13:23.0476 3672 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:13:23.0492 3672 mrxsmb - ok
23:13:23.0523 3672 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:13:23.0554 3672 mrxsmb10 - ok
23:13:23.0570 3672 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:13:23.0585 3672 mrxsmb20 - ok
23:13:23.0632 3672 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
23:13:23.0632 3672 msahci - ok
23:13:23.0742 3672 MSCSPTISRV (8e46a7bac823dd82d4fb2a34c3df4c1d) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
23:13:23.0757 3672 MSCSPTISRV - ok
23:13:23.0804 3672 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
23:13:23.0820 3672 msdsm - ok
23:13:23.0867 3672 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
23:13:23.0882 3672 MSDTC - ok
23:13:23.0960 3672 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
23:13:23.0960 3672 Msfs - ok
23:13:23.0992 3672 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
23:13:23.0992 3672 mshidkmdf - ok
23:13:24.0023 3672 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
23:13:24.0023 3672 msisadrv - ok
23:13:24.0070 3672 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
23:13:24.0070 3672 MSiSCSI - ok
23:13:24.0085 3672 msiserver - ok
23:13:24.0132 3672 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
23:13:24.0132 3672 MSKSSRV - ok
23:13:24.0226 3672 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
23:13:24.0226 3672 MsMpSvc - ok
23:13:24.0257 3672 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
23:13:24.0257 3672 MSPCLOCK - ok
23:13:24.0273 3672 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
23:13:24.0273 3672 MSPQM - ok
23:13:24.0304 3672 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
23:13:24.0304 3672 MsRPC - ok
23:13:24.0351 3672 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
23:13:24.0351 3672 mssmbios - ok
23:13:24.0382 3672 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
23:13:24.0382 3672 MSTEE - ok
23:13:24.0414 3672 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
23:13:24.0414 3672 MTConfig - ok
23:13:24.0445 3672 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
23:13:24.0445 3672 Mup - ok
23:13:24.0492 3672 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
23:13:24.0507 3672 napagent - ok
23:13:24.0585 3672 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
23:13:24.0601 3672 NativeWifiP - ok
23:13:24.0664 3672 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
23:13:24.0695 3672 NDIS - ok
23:13:24.0726 3672 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
23:13:24.0726 3672 NdisCap - ok
23:13:24.0742 3672 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
23:13:24.0742 3672 NdisTapi - ok
23:13:24.0804 3672 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
23:13:24.0804 3672 Ndisuio - ok
23:13:24.0929 3672 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
23:13:24.0929 3672 NdisWan - ok
23:13:24.0992 3672 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
23:13:24.0992 3672 NDProxy - ok
23:13:25.0085 3672 Net Driver HPZ12 (80b7a96f908da13617e7e6832c5c6a64) C:\Windows\system32\HPZinw12.dll
23:13:25.0085 3672 Net Driver HPZ12 - ok
23:13:25.0132 3672 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
23:13:25.0132 3672 NetBIOS - ok
23:13:25.0179 3672 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
23:13:25.0195 3672 NetBT - ok
23:13:25.0226 3672 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:13:25.0226 3672 Netlogon - ok
23:13:25.0289 3672 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
23:13:25.0320 3672 Netman - ok
23:13:25.0367 3672 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
23:13:25.0382 3672 netprofm - ok
23:13:25.0492 3672 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:13:25.0507 3672 NetTcpPortSharing - ok
23:13:25.0554 3672 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
23:13:25.0554 3672 nfrd960 - ok
23:13:25.0617 3672 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:13:25.0617 3672 NisDrv - ok
23:13:25.0757 3672 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
23:13:25.0773 3672 NisSrv - ok
23:13:25.0835 3672 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
23:13:25.0851 3672 NlaSvc - ok
23:13:25.0882 3672 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
23:13:25.0882 3672 Npfs - ok
23:13:25.0914 3672 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
23:13:25.0914 3672 nsi - ok
23:13:25.0945 3672 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
23:13:25.0960 3672 nsiproxy - ok
23:13:26.0054 3672 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
23:13:26.0148 3672 Ntfs - ok
23:13:26.0164 3672 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
23:13:26.0164 3672 Null - ok
23:13:26.0210 3672 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
23:13:26.0226 3672 nvraid - ok
23:13:26.0242 3672 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
23:13:26.0257 3672 nvstor - ok
23:13:26.0273 3672 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
23:13:26.0289 3672 nv_agp - ok
23:13:26.0398 3672 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:13:26.0429 3672 odserv - ok
23:13:26.0445 3672 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
23:13:26.0445 3672 ohci1394 - ok
23:13:26.0476 3672 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:13:26.0492 3672 ose - ok
23:13:26.0539 3672 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
23:13:26.0554 3672 p2pimsvc - ok
23:13:26.0601 3672 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
23:13:26.0617 3672 p2psvc - ok
23:13:26.0695 3672 PAC7311 (2085d5168fc0c56bb13304d180d244b6) C:\Windows\system32\DRIVERS\PA707UCM.SYS
23:13:26.0695 3672 PAC7311 - ok
23:13:26.0773 3672 PACSPTISVR (753a8f339f231d2b857e2ccd51a6e6ca) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
23:13:26.0773 3672 PACSPTISVR - ok
23:13:26.0867 3672 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
23:13:26.0867 3672 Parport - ok
23:13:26.0914 3672 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
23:13:26.0914 3672 partmgr - ok
23:13:26.0945 3672 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
23:13:26.0960 3672 Parvdm - ok
23:13:26.0992 3672 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
23:13:27.0007 3672 PcaSvc - ok
23:13:27.0039 3672 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
23:13:27.0039 3672 pci - ok
23:13:27.0070 3672 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
23:13:27.0085 3672 pciide - ok
23:13:27.0117 3672 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
23:13:27.0148 3672 pcmcia - ok
23:13:27.0179 3672 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
23:13:27.0179 3672 pcw - ok
23:13:27.0226 3672 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
23:13:27.0257 3672 PEAUTH - ok
23:13:27.0382 3672 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
23:13:27.0445 3672 pla - ok
23:13:27.0601 3672 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
23:13:27.0632 3672 PlugPlay - ok
23:13:27.0789 3672 Pml Driver HPZ12 (0c155c5d8942b3cbcf9506a9d376b9ad) C:\Windows\system32\HPZipm12.dll
23:13:27.0789 3672 Pml Driver HPZ12 - ok
23:13:27.0851 3672 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
23:13:27.0851 3672 PNRPAutoReg - ok
23:13:27.0882 3672 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
23:13:27.0898 3672 PNRPsvc - ok
23:13:27.0945 3672 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
23:13:27.0960 3672 PolicyAgent - ok
23:13:27.0992 3672 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
23:13:28.0007 3672 Power - ok
23:13:28.0070 3672 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
23:13:28.0070 3672 PptpMiniport - ok
23:13:28.0117 3672 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
23:13:28.0117 3672 Processor - ok
23:13:28.0164 3672 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
23:13:28.0179 3672 ProfSvc - ok
23:13:28.0195 3672 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:13:28.0210 3672 ProtectedStorage - ok
23:13:28.0242 3672 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
23:13:28.0242 3672 Psched - ok
23:13:28.0289 3672 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
23:13:28.0304 3672 PxHelp20 - ok
23:13:28.0382 3672 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
23:13:28.0445 3672 ql2300 - ok
23:13:28.0585 3672 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
23:13:28.0601 3672 ql40xx - ok
23:13:28.0664 3672 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
23:13:28.0679 3672 QWAVE - ok
23:13:28.0789 3672 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
23:13:28.0789 3672 QWAVEdrv - ok
23:13:28.0851 3672 RapportBuka (e2aa111b00f5205ffd52a57f48b4f642) C:\Windows\system32\drivers\RapportBuka.sys
23:13:28.0929 3672 RapportBuka - ok
23:13:29.0132 3672 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
23:13:29.0132 3672 RapportCerberus_34302 - ok
23:13:29.0242 3672 RapportEI (43b9aa1423bf54367c5a3de1559780e8) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
23:13:29.0257 3672 RapportEI - ok
23:13:29.0367 3672 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
23:13:29.0367 3672 RapportIaso - ok
23:13:29.0398 3672 RapportKELL (118600ab8f15fe27f2c865f3fb4efa58) C:\Windows\system32\Drivers\RapportKELL.sys
23:13:29.0414 3672 RapportKELL - ok
23:13:29.0476 3672 RapportMgmtService (d9ef54568fafcb4be4637068e768409a) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
23:13:29.0507 3672 RapportMgmtService - ok
23:13:29.0554 3672 RapportPG (4af05a67b643a5190dfcbb793273e0bc) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
23:13:29.0554 3672 RapportPG - ok
23:13:29.0601 3672 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
23:13:29.0601 3672 RasAcd - ok
23:13:29.0664 3672 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:13:29.0664 3672 RasAgileVpn - ok
23:13:29.0710 3672 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
23:13:29.0710 3672 RasAuto - ok
23:13:29.0726 3672 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:13:29.0742 3672 Rasl2tp - ok
23:13:29.0789 3672 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
23:13:29.0804 3672 RasMan - ok
23:13:29.0835 3672 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
23:13:29.0851 3672 RasPppoe - ok
23:13:29.0867 3672 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
23:13:29.0867 3672 RasSstp - ok
23:13:29.0945 3672 rcp_service (b694467b0325267c8eabf04a71d53d99) C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe
23:13:30.0023 3672 rcp_service - ok
23:13:30.0085 3672 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
23:13:30.0101 3672 rdbss - ok
23:13:30.0117 3672 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
23:13:30.0117 3672 rdpbus - ok
23:13:30.0164 3672 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:13:30.0164 3672 RDPCDD - ok
23:13:30.0195 3672 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
23:13:30.0210 3672 RDPENCDD - ok
23:13:30.0226 3672 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
23:13:30.0242 3672 RDPREFMP - ok
23:13:30.0273 3672 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
23:13:30.0289 3672 RDPWD - ok
23:13:30.0335 3672 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
23:13:30.0351 3672 rdyboost - ok
23:13:30.0398 3672 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
23:13:30.0398 3672 RemoteAccess - ok
23:13:30.0429 3672 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
23:13:30.0445 3672 RemoteRegistry - ok
23:13:30.0476 3672 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
23:13:30.0476 3672 RpcEptMapper - ok
23:13:30.0523 3672 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
23:13:30.0523 3672 RpcLocator - ok
23:13:30.0570 3672 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
23:13:30.0570 3672 RpcSs - ok
23:13:30.0617 3672 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
23:13:30.0632 3672 rspndr - ok
23:13:30.0695 3672 rt61x86 (e70dab50dc67d4037a612384d649313f) C:\Windows\system32\DRIVERS\netr61.sys
23:13:30.0695 3672 rt61x86 - ok
23:13:30.0773 3672 RTL8023xp (166911eada13cd34dd8f8c667707be94) C:\Windows\system32\DRIVERS\Rtnicxp.sys
23:13:30.0773 3672 RTL8023xp - ok
23:13:30.0820 3672 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:13:30.0820 3672 SamSs - ok
23:13:30.0929 3672 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:13:30.0929 3672 SASDIFSV - ok
23:13:30.0960 3672 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:13:30.0960 3672 SASKUTIL - ok
23:13:31.0007 3672 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
23:13:31.0023 3672 sbp2port - ok
23:13:31.0070 3672 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
23:13:31.0085 3672 SCardSvr - ok
23:13:31.0117 3672 SCDEmu (612a3d69e603dbbe5c3c1079186a0393) C:\Windows\system32\drivers\SCDEmu.sys
23:13:31.0117 3672 SCDEmu - ok
23:13:31.0164 3672 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
23:13:31.0164 3672 scfilter - ok
23:13:31.0226 3672 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
23:13:31.0273 3672 Schedule - ok
23:13:31.0304 3672 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
23:13:31.0320 3672 SCPolicySvc - ok
23:13:31.0351 3672 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
23:13:31.0367 3672 SDRSVC - ok
23:13:31.0398 3672 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:13:31.0398 3672 secdrv - ok
23:13:31.0429 3672 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
23:13:31.0429 3672 seclogon - ok
23:13:31.0476 3672 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
23:13:31.0476 3672 SENS - ok
23:13:31.0523 3672 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
23:13:31.0523 3672 SensrSvc - ok
23:13:31.0539 3672 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
23:13:31.0539 3672 Serenum - ok
23:13:31.0601 3672 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
23:13:31.0601 3672 Serial - ok
23:13:31.0648 3672 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
23:13:31.0648 3672 sermouse - ok
23:13:31.0710 3672 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
23:13:31.0726 3672 SessionEnv - ok
23:13:31.0804 3672 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
23:13:31.0804 3672 sffdisk - ok
23:13:31.0835 3672 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
23:13:31.0835 3672 sffp_mmc - ok
23:13:31.0867 3672 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
23:13:31.0867 3672 sffp_sd - ok
23:13:31.0898 3672 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
23:13:31.0898 3672 sfloppy - ok
23:13:31.0945 3672 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
23:13:31.0960 3672 SharedAccess - ok
23:13:32.0007 3672 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
23:13:32.0023 3672 ShellHWDetection - ok
23:13:32.0070 3672 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
23:13:32.0070 3672 sisagp - ok
23:13:32.0101 3672 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:13:32.0101 3672 SiSRaid2 - ok
23:13:32.0132 3672 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
23:13:32.0132 3672 SiSRaid4 - ok
23:13:32.0164 3672 SMARTMouseFilterx86 (ffcedfdf9e123486ded53ff73eeba02a) C:\Windows\system32\DRIVERS\SMARTMouseFilterx86.sys
23:13:32.0195 3672 SMARTMouseFilterx86 - ok
23:13:32.0242 3672 SMARTVHidMini2000x86 (472e7760e72df206d4051d4ab2fbbb56) C:\Windows\system32\DRIVERS\SMARTVHidMini2000x86.sys
23:13:32.0273 3672 SMARTVHidMini2000x86 - ok
23:13:32.0304 3672 SMARTVTabletPCx86 (0cf4104ee62c129bf27a29d719bc7806) C:\Windows\system32\DRIVERS\SMARTVTabletPCx86.sys
23:13:32.0351 3672 SMARTVTabletPCx86 - ok
23:13:32.0382 3672 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
23:13:32.0382 3672 Smb - ok
23:13:32.0445 3672 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
23:13:32.0445 3672 SNMPTRAP - ok
23:13:32.0476 3672 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
23:13:32.0492 3672 spldr - ok
23:13:32.0539 3672 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
23:13:32.0554 3672 Spooler - ok
23:13:32.0742 3672 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
23:13:32.0929 3672 sppsvc - ok
23:13:33.0117 3672 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
23:13:33.0148 3672 sppuinotify - ok
23:13:33.0304 3672 SPTISRV (e3e6c96b0ef4492c3c8fd0deef4e35a1) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
23:13:33.0320 3672 SPTISRV - ok
23:13:33.0585 3672 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
23:13:33.0601 3672 srv - ok
23:13:33.0648 3672 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
23:13:33.0664 3672 srv2 - ok
23:13:33.0695 3672 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
23:13:33.0710 3672 srvnet - ok
23:13:33.0742 3672 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\Windows\system32\DRIVERS\ssadbus.sys
23:13:33.0757 3672 ssadbus - ok
23:13:33.0773 3672 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\Windows\system32\DRIVERS\ssadmdfl.sys
23:13:33.0789 3672 ssadmdfl - ok
23:13:33.0820 3672 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\Windows\system32\DRIVERS\ssadmdm.sys
23:13:33.0835 3672 ssadmdm - ok
23:13:33.0882 3672 ssadserd (1a5a397bc459f346ab56492b61ef79f6) C:\Windows\system32\DRIVERS\ssadserd.sys
23:13:33.0882 3672 ssadserd - ok
23:13:33.0929 3672 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
23:13:33.0929 3672 SSDPSRV - ok
23:13:33.0945 3672 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
23:13:33.0960 3672 SstpSvc - ok
23:13:34.0007 3672 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
23:13:34.0007 3672 stexstor - ok
23:13:34.0054 3672 STI Simulator (ed78dfad8efcdfbc89500492c4d14645) C:\Windows\System32\PAStiSvc.exe
23:13:34.0054 3672 STI Simulator - ok
23:13:34.0085 3672 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
23:13:34.0101 3672 StillCam - ok
23:13:34.0148 3672 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
23:13:34.0179 3672 StiSvc - ok
23:13:34.0226 3672 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
23:13:34.0226 3672 swenum - ok
23:13:34.0289 3672 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
23:13:34.0382 3672 swprv - ok
23:13:34.0429 3672 SynTP (2d2c815364a878c7e358d5f549711197) C:\Windows\system32\DRIVERS\SynTP.sys
23:13:34.0429 3672 SynTP - ok
23:13:34.0523 3672 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
23:13:34.0585 3672 SysMain - ok
23:13:34.0632 3672 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
23:13:34.0632 3672 TabletInputService - ok
23:13:34.0695 3672 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
23:13:34.0710 3672 TapiSrv - ok
23:13:34.0804 3672 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
23:13:34.0820 3672 TBS - ok
23:13:34.0960 3672 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
23:13:35.0007 3672 Tcpip - ok
23:13:35.0054 3672 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
23:13:35.0054 3672 TCPIP6 - ok
23:13:35.0101 3672 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
23:13:35.0101 3672 tcpipreg - ok
23:13:35.0164 3672 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
23:13:35.0164 3672 TDPIPE - ok
23:13:35.0195 3672 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
23:13:35.0195 3672 TDTCP - ok
23:13:35.0226 3672 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
23:13:35.0226 3672 tdx - ok
23:13:35.0257 3672 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
23:13:35.0257 3672 TermDD - ok
23:13:35.0335 3672 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
23:13:35.0367 3672 TermService - ok
23:13:35.0398 3672 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
23:13:35.0398 3672 Themes - ok
23:13:35.0445 3672 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
23:13:35.0445 3672 THREADORDER - ok
23:13:35.0492 3672 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
23:13:35.0492 3672 TrkWks - ok
23:13:35.0554 3672 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
23:13:35.0585 3672 TrustedInstaller - ok
23:13:35.0617 3672 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:13:35.0617 3672 tssecsrv - ok
23:13:35.0664 3672 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
23:13:35.0664 3672 TsUsbFlt - ok
23:13:35.0742 3672 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
23:13:35.0742 3672 tunnel - ok
23:13:35.0773 3672 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
23:13:35.0789 3672 uagp35 - ok
23:13:35.0867 3672 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
23:13:35.0898 3672 udfs - ok
23:13:35.0945 3672 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
23:13:35.0960 3672 UI0Detect - ok
23:13:35.0992 3672 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
23:13:35.0992 3672 uliagpkx - ok
23:13:36.0039 3672 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
23:13:36.0039 3672 umbus - ok
23:13:36.0054 3672 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
23:13:36.0070 3672 UmPass - ok
23:13:36.0101 3672 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
23:13:36.0117 3672 upnphost - ok
23:13:36.0164 3672 upperdev (7062ed67a10f1c83b2ab951736e24f11) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
23:13:36.0164 3672 upperdev - ok
23:13:36.0210 3672 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
23:13:36.0210 3672 usbccgp - ok
23:13:36.0242 3672 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
23:13:36.0257 3672 usbcir - ok
23:13:36.0289 3672 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
23:13:36.0289 3672 usbehci - ok
23:13:36.0320 3672 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
23:13:36.0335 3672 usbhub - ok
23:13:36.0382 3672 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
23:13:36.0382 3672 usbohci - ok
23:13:36.0429 3672 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
23:13:36.0429 3672 usbprint - ok
23:13:36.0492 3672 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\drivers\usbser.sys
23:13:36.0492 3672 usbser - ok
23:13:36.0507 3672 UsbserFilt (b76d8039f5b595c4ca551b3d5dd15a98) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
23:13:36.0507 3672 UsbserFilt - ok
23:13:36.0539 3672 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:13:36.0539 3672 USBSTOR - ok
23:13:36.0570 3672 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
23:13:36.0570 3672 usbuhci - ok
23:13:36.0601 3672 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
23:13:36.0617 3672 UxSms - ok
23:13:36.0648 3672 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:13:36.0648 3672 VaultSvc - ok
23:13:36.0695 3672 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
23:13:36.0695 3672 vdrvroot - ok
23:13:36.0757 3672 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
23:13:36.0789 3672 vds - ok
23:13:36.0867 3672 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
23:13:36.0882 3672 vga - ok
23:13:36.0898 3672 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
23:13:36.0898 3672 VgaSave - ok
23:13:36.0929 3672 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
23:13:36.0945 3672 vhdmp - ok
23:13:36.0960 3672 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
23:13:36.0960 3672 viaagp - ok
23:13:36.0992 3672 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
23:13:37.0007 3672 ViaC7 - ok
23:13:37.0039 3672 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
23:13:37.0039 3672 viaide - ok
23:13:37.0070 3672 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
23:13:37.0070 3672 volmgr - ok
23:13:37.0117 3672 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
23:13:37.0148 3672 volmgrx - ok
23:13:37.0179 3672 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
23:13:37.0195 3672 volsnap - ok
23:13:37.0226 3672 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
23:13:37.0242 3672 vsmraid - ok
23:13:37.0335 3672 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
23:13:37.0382 3672 VSS - ok
23:13:37.0414 3672 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
23:13:37.0414 3672 vwifibus - ok
23:13:37.0429 3672 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
23:13:37.0429 3672 vwififlt - ok
23:13:37.0476 3672 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
23:13:37.0492 3672 W32Time - ok
23:13:37.0523 3672 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
23:13:37.0523 3672 WacomPen - ok
23:13:37.0585 3672 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
23:13:37.0585 3672 WANARP - ok
23:13:37.0601 3672 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
23:13:37.0601 3672 Wanarpv6 - ok
23:13:37.0648 3672 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
23:13:37.0648 3672 wanatw - ok
23:13:37.0804 3672 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
23:13:37.0914 3672 WatAdminSvc - ok
23:13:38.0007 3672 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
23:13:38.0054 3672 wbengine - ok
23:13:38.0117 3672 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
23:13:38.0132 3672 WbioSrvc - ok
23:13:38.0164 3672 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
23:13:38.0195 3672 wcncsvc - ok
23:13:38.0210 3672 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
23:13:38.0210 3672 WcsPlugInService - ok
23:13:38.0273 3672 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
23:13:38.0289 3672 Wd - ok
23:13:38.0351 3672 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
23:13:38.0367 3672 Wdf01000 - ok
23:13:38.0398 3672 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
23:13:38.0398 3672 WdiServiceHost - ok
23:13:38.0414 3672 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
23:13:38.0414 3672 WdiSystemHost - ok
23:13:38.0460 3672 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
23:13:38.0476 3672 WebClient - ok
23:13:38.0523 3672 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
23:13:38.0539 3672 Wecsvc - ok
23:13:38.0570 3672 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
23:13:38.0570 3672 wercplsupport - ok
23:13:38.0585 3672 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
23:13:38.0585 3672 WerSvc - ok
23:13:38.0632 3672 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
23:13:38.0632 3672 WfpLwf - ok
23:13:38.0648 3672 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
23:13:38.0648 3672 WIMMount - ok
23:13:38.0789 3672 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
23:13:38.0867 3672 WinDefend - ok
23:13:38.0898 3672 WinHttpAutoProxySvc - ok
23:13:38.0960 3672 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
23:13:38.0960 3672 Winmgmt - ok
23:13:39.0054 3672 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
23:13:39.0117 3672 WinRM - ok
23:13:39.0195 3672 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
23:13:39.0210 3672 WinUsb - ok
23:13:39.0289 3672 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
23:13:39.0320 3672 Wlansvc - ok
23:13:39.0523 3672 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:13:39.0617 3672 wlidsvc - ok
23:13:39.0773 3672 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
23:13:39.0773 3672 WmiAcpi - ok
23:13:39.0882 3672 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
23:13:39.0898 3672 wmiApSrv - ok
23:13:40.0070 3672 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
23:13:40.0117 3672 WMPNetworkSvc - ok
23:13:40.0148 3672 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
23:13:40.0164 3672 WPCSvc - ok
23:13:40.0210 3672 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
23:13:40.0210 3672 WPDBusEnum - ok
23:13:40.0273 3672 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
23:13:40.0273 3672 ws2ifsl - ok
23:13:40.0304 3672 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
23:13:40.0304 3672 wscsvc - ok
23:13:40.0320 3672 WSearch - ok
23:13:40.0460 3672 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
23:13:40.0539 3672 wuauserv - ok
23:13:40.0710 3672 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
23:13:40.0710 3672 WudfPf - ok
23:13:40.0757 3672 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:13:40.0773 3672 WUDFRd - ok
23:13:40.0851 3672 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
23:13:40.0867 3672 wudfsvc - ok
23:13:40.0898 3672 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
23:13:40.0929 3672 WwanSvc - ok
23:13:40.0976 3672 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:13:41.0101 3672 \Device\Harddisk0\DR0 - ok
23:13:41.0117 3672 Boot (0x1200) (9bfd5cd488b002c1017d2d992acc53eb) \Device\Harddisk0\DR0\Partition0
23:13:41.0117 3672 \Device\Harddisk0\DR0\Partition0 - ok
23:13:41.0117 3672 ============================================================
23:13:41.0117 3672 Scan finished
23:13:41.0117 3672 ============================================================
23:13:41.0132 3800 Detected object count: 0
23:13:41.0132 3800 Actual detected object count: 0

Edited by LittleCaterpillar, 30 April 2012 - 05:25 PM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:26 PM

Posted 30 April 2012 - 05:33 PM

EDIT: I think I just found it, my apologies. Should I go ahead and run aswMBR, or wait until you've seen the log?

Go ahead :thumbup2:

#7 LittleCaterpillar

LittleCaterpillar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 30 April 2012 - 05:47 PM

Thanks again for the speediness! I didn't think you'd be this fast! :D

Here's the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-30 23:35:38
-----------------------------
23:35:38.754 OS Version: Windows 6.1.7601 Service Pack 1
23:35:38.754 Number of processors: 2 586 0xF02
23:35:38.754 ComputerName: LAURA-PC UserName: Laura
23:35:39.739 Initialize success
23:36:38.293 AVAST engine defs: 12043001
23:36:46.013 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:36:46.029 Disk 0 Vendor: ST980811AS 3.ALC Size: 76319MB BusType: 3
23:36:46.091 Disk 0 MBR read successfully
23:36:46.091 Disk 0 MBR scan
23:36:46.107 Disk 0 Windows 7 default MBR code
23:36:46.123 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8197 MB offset 63
23:36:46.154 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 68111 MB offset 16787925
23:36:46.216 Disk 0 scanning sectors +156281008
23:36:46.388 Disk 0 scanning C:\Windows\system32\drivers
23:37:10.763 Service scanning
23:37:35.669 Service MpKsl7eb7194a c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{03370889-2DF1-4960-A6BC-8EDDAF2B2E92}\MpKsl7eb7194a.sys **LOCKED** 32
23:38:08.341 Modules scanning
23:38:20.763 Disk 0 trace - called modules:
23:38:21.373 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
23:38:21.388 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d8e030]
23:38:21.404 3 CLASSPNP.SYS[89a5059e] -> nt!IofCallDriver -> [0x84f6f938]
23:38:21.419 5 ACPI.sys[892333d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84fec610]
23:38:21.966 AVAST engine scan C:\Windows
23:38:27.076 AVAST engine scan C:\Windows\system32
23:43:28.013 AVAST engine scan C:\Windows\system32\drivers
23:43:53.623 AVAST engine scan C:\Users\Laura
23:45:51.435 Disk 0 MBR has been saved successfully to "C:\Users\Laura\Documents\MBR.dat"
23:45:51.529 The log file has been saved successfully to "C:\Users\Laura\Documents\aswMBRLog.txt"

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:26 PM

Posted 30 April 2012 - 05:53 PM

Thanks again for the speediness! I didn't think you'd be this fast! :D

:thumbsup:


Run malwarebytes once again(FULL SCAN) in normal mode and post the log

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.


if it's a hanger-on from being infected wth the Smart HDD virus a few weeks ago

Did you recover your hidden files? How is your startmenu?

#9 LittleCaterpillar

LittleCaterpillar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 30 April 2012 - 06:01 PM

I did - once I found this website and found out they were actually hidden, not removed. My computer shop didn't tell me that. Or much else to be honest. Start Menu looks fine, or at least I've not been unable to find anything recently other than my documents etc :) I'll go and run Malware.

Do you have any idea of how these sort of things get picked up? I can't remember having gone to any unusual wesbites and I generally don't visit new ones - I'd like to avoid this sort of thing if I can. Did I leave the equivalent of a window open or something? :P

#10 LittleCaterpillar

LittleCaterpillar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 30 April 2012 - 09:13 PM

Hi,

Eset found this:

C:\drivers\AUDIO\RtlExUpd.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\AUDIO\SetCDfmt.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\AUDIO\Vista\RTCOMDLL.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\AUDIO\Vista\RtlCPAPI.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\AUDIO\Vista64\RTCOMDLL.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\AUDIO\Vista64\RtlCPAPI.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\AUDIO\WDM\Alcmtr.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\AUDIO\WDM\AlcWzrd.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\AUDIO\WDM\MicCal.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\AUDIO\WDM\RTCOMDLL.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\AUDIO\WDM\RTHDCPL.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\AUDIO\WDM\RtlCPAPI.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\AUDIO\WDM\RTLCPL.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\AUDIO\WDM\RtlUpd.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\AUDIO\WDM\SkyTel.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\AUDIO\WDM\SoundMan.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\touchpad\InstNT.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\touchpad\SynCOM.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\touchpad\SynCtrl.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\touchpad\SynISDLL.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\touchpad\SynTPAPI.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\touchpad\SynTPCo4.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\touchpad\SynTPCOM.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\touchpad\SynTPCpl.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\touchpad\SynTPEnh.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\touchpad\SynTPRes.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\touchpad\SynZMetr.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\VIDEO\mfc80u.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\VIDEO\msvcp80.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\VIDEO\msvcr80.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\VIDEO\Setup.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\VIDEO\Bin\ATILog.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\VIDEO\Bin\ATIManifestDLMExt.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\VIDEO\Bin\ATISetup.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\VIDEO\Bin\CompressionDLMExt.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\VIDEO\Bin\ControlCenterActions.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\VIDEO\Bin\CRCVerDLMExt.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\VIDEO\Bin\DetectionManager.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\VIDEO\Bin\DLMCom.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\VIDEO\Bin\DownloadManager.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\VIDEO\Bin\EncryptionDLMExt.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\VIDEO\Bin\InstallManager.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\VIDEO\Bin\InstallManagerApp.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\VIDEO\Bin\LanguageMgr.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\VIDEO\Bin\mfc80u.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\VIDEO\Bin\msvcp80.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\VIDEO\Bin\msvcr80.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\VIDEO\Bin\PackageManager.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\VIDEO\Bin\xerces-c_2_6.dll a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\VIDEO\Packages\Apps\excalibur\setup.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\VIDEO\Packages\Apps\excalibur64\setup.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\drivers\WLAN\devcon.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe a variant of Win32/Ramnit.T virus deleted - quarantined
C:\Program Files\HP\HP Software Update\SoftwareUpdate.dll a variant of Win32/Ramnit.T virus deleted - quarantined














minitoolkit found this:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Laura (administrator) on 01-05-2012 at 03:06:27
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com

There are 10060 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Ralink Wireless LAN Card V2 = Wireless Network Connection (Connected)
Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Laura-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Ralink Wireless LAN Card V2
Physical Address. . . . . . . . . : 00-0D-F0-3A-A1-F9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::58df:cd32:21c6:db61%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.68(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 30 April 2012 23:09:32
Lease Expires . . . . . . . . . . : 01 May 2012 23:09:31
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 150998512
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0E-90-2F-97-00-1B-24-1A-92-EB
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
Physical Address. . . . . . . . . : 00-1B-24-1A-92-EB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{3E50051B-D3B3-424D-AAD5-3B7A309AC6E6}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:18f9:d2c:a94b:d46d(Preferred)
Link-local IPv6 Address . . . . . : fe80::18f9:d2c:a94b:d46d%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: api.home
Address: 192.168.1.254

Name: google.com
Addresses: 173.194.41.96
173.194.41.98
173.194.41.102
173.194.41.101
173.194.41.110
173.194.41.99
173.194.41.97
173.194.41.103
173.194.41.105
173.194.41.104
173.194.41.100


Pinging google.com [173.194.41.97] with 32 bytes of data:
Reply from 173.194.41.97: bytes=32 time=24ms TTL=51
Reply from 173.194.41.97: bytes=32 time=24ms TTL=51

Ping statistics for 173.194.41.97:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 24ms, Maximum = 24ms, Average = 24ms
Server: api.home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=154ms TTL=45
Reply from 209.191.122.70: bytes=32 time=170ms TTL=46

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 154ms, Maximum = 170ms, Average = 162ms
Server: api.home
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 0d f0 3a a1 f9 ......Ralink Wireless LAN Card V2
10...00 1b 24 1a 92 eb ......Realtek RTL8139/810x Family Fast Ethernet NIC
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.68 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.68 281
192.168.1.68 255.255.255.255 On-link 192.168.1.68 281
192.168.1.255 255.255.255.255 On-link 192.168.1.68 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.68 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.68 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:5ef5:79fb:18f9:d2c:a94b:d46d/128
On-link
11 281 fe80::/64 On-link
14 306 fe80::/64 On-link
14 306 fe80::18f9:d2c:a94b:d46d/128
On-link
11 281 fe80::58df:cd32:21c6:db61/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 09 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/30/2012 11:09:38 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/30/2012 11:06:31 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/30/2012 11:03:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: rtl70.bpl_unloaded, version: 0.0.0.0, time stamp: 0x2a425e19
Exception code: 0xc0000005
Fault offset: 0x4003d0a8
Faulting process id: 0xb48
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (04/30/2012 09:37:05 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/30/2012 09:27:44 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (04/30/2012 08:22:26 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/30/2012 02:17:25 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/30/2012 02:14:37 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKslff528664.

System Error:
The system cannot find the file specified.
.

Error: (04/30/2012 01:26:52 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/29/2012 10:38:03 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (04/30/2012 11:08:12 PM) (Source: Microsoft Antimalware) (User: )
Description: %Trojan:DOS/Alureon.E60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Trojan:DOS/Alureon.E603

Name: Trojan:DOS/Alureon.E

ID: 2147650952

Severity: %Trojan:DOS/Alureon.E600

Category: %Trojan:DOS/Alureon.E602

Path: 4.0.1526.02

Detection Origin: 4.0.1526.04

Detection Type: 4.0.1526.08

Detection Source: %Trojan:DOS/Alureon.E608

User: {F57EAB0E-76A8-4BF7-B699-D365ADCEAE0F}9

Process Name: %Trojan:DOS/Alureon.E609

Action: {F57EAB0E-76A8-4BF7-B699-D365ADCEAE0F}1

Action Status: {F57EAB0E-76A8-4BF7-B699-D365ADCEAE0F}8

Error Code: {F57EAB0E-76A8-4BF7-B699-D365ADCEAE0F}3

Error description: {F57EAB0E-76A8-4BF7-B699-D365ADCEAE0F}4

Signature Version: 2012-04-30T22:07:44.230Z1

Engine Version: 2012-04-30T22:07:44.230Z2

Error: (04/30/2012 11:07:58 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume .

Error: (04/30/2012 11:07:44 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume .

Error: (04/30/2012 11:07:43 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume .

Error: (04/30/2012 11:07:43 PM) (Source: Microsoft Antimalware) (User: )
Description: %Trojan:DOS/Alureon.E60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Trojan:DOS/Alureon.E603

Name: Trojan:DOS/Alureon.E

ID: 2147650952

Severity: %Trojan:DOS/Alureon.E600

Category: %Trojan:DOS/Alureon.E602

Path: 4.0.1526.02

Detection Origin: 4.0.1526.04

Detection Type: 4.0.1526.08

Detection Source: %Trojan:DOS/Alureon.E608

User: {FF232E21-A503-49E9-9278-90505FF64275}9

Process Name: %Trojan:DOS/Alureon.E609

Action: {FF232E21-A503-49E9-9278-90505FF64275}1

Action Status: {FF232E21-A503-49E9-9278-90505FF64275}8

Error Code: {FF232E21-A503-49E9-9278-90505FF64275}3

Error description: {FF232E21-A503-49E9-9278-90505FF64275}4

Signature Version: 2012-04-30T22:07:18.877Z1

Engine Version: 2012-04-30T22:07:18.877Z2

Error: (04/30/2012 11:07:25 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume .

Error: (04/30/2012 11:07:24 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume .

Error: (04/30/2012 11:07:24 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume .

Error: (04/30/2012 11:07:20 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume .

Error: (04/30/2012 11:07:20 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume .


Microsoft Office Sessions:
=========================
Error: (09/04/2009 01:35:55 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/14/2009 02:29:21 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/12/2009 08:22:01 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/21/2009 11:32:43 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 27 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/21/2009 11:08:07 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 56 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/13/2008 10:45:47 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1507 seconds with 120 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
1310 (Version: 82.0.242.000)
1310_Help (Version: 82.0.58.000)
1310Trb (Version: 82.0.242.000)
32 Bit HP CIO Components Installer (Version: 7.1.4)
AC3Filter (remove only)
Adobe Digital Editions
Adobe Flash Player 11 ActiveX (Version: 11.2.202.233)
Adobe Flash Player 11 Plugin (Version: 11.2.202.233)
Adobe Help Center 2.1 (Version: 2.1)
Adobe Photoshop Elements 2.0 (Version: 2.0)
Adobe Photoshop Elements 5.0 (Version: 5.0)
Adobe Reader 8
Adobe Reader X (10.1.2) (Version: 10.1.2)
Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
AIO_CDB_ProductContext (Version: 82.0.242.000)
AIO_CDB_Software (Version: 82.0.242.000)
AIO_Scan (Version: 82.0.173.000)
Amazon MP3 Downloader 1.0.9
AOL Uninstaller (Choose which Products to Remove)
ATI Catalyst Install Manager (Version: 3.0.641.0)
Bing Bar (Version: 7.1.361.0)
BitTorrent (Version: 6.0)
Bonjour (Version: 1.0.106)
British Telecom
Browser Address Error Redirector
BufferChm (Version: 140.0.212.000)
C410 (Version: 140.0.273.000)
calibre (Version: 0.8.30)
CCleaner (Version: 3.00)
Copy (Version: 120.0.214.000)
Coupon Printer for Windows (Version: 5.0.0.0)
CustomerResearchQFolder (Version: 1.00.0000)
D3DX10 (Version: 15.4.2368.0902)
deskPDF 2.5 Standard Edition
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 140.0.212.000)
DeviceManagementQFolder (Version: 1.00.0000)
DivX Setup (Version: 2.5.0.8)
DNA (Version: 2.2.4 (16502))
DocProc (Version: 140.0.99.000)
DocProcQFolder (Version: 1.00.0000)
eSupportQFolder (Version: 1.00.0000)
EuroTalk Talk Now Plus!
Fax (Version: 140.0.212.000)
Flash Player plugins 9
Google BAE
Google Earth Plug-in (Version: 6.1.0.5001)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
GoogleToolbar
GPBaseService2 (Version: 140.0.211.000)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Photo Creations (Version: 1.0.0.2024)
HP Photosmart Essential (Version: 1.12.0.46)
HP Photosmart Prem C410 All-In-One Driver Software 14.0 Rel. 7 (Version: 14.0)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (Version: 8.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (Version: 5.002.001.004)
HPAppStudio (Version: 140.0.95.000)
HPPhotoGadget (Version: 140.0.524.000)
HPProductAssistant (Version: 140.0.212.000)
HPSSupply (Version: 140.0.211.000)
ImgBurn (Version: 2.4.2.0)
Infocentre Rev. 2.0
Internet from BT
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ 6 Update 5 (Version: 1.6.0.50)
Java™ 6 Update 7 (Version: 1.6.0.70)
Magic ISO Maker v5.4 (build 0251)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
MarketResearch (Version: 140.0.212.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher 2007 (Version: 12.0.6612.1000)
Microsoft Office Publisher 2007 Trial (Version: 12.0.6612.1000)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.0.61118.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 12.0 (x86 en-GB) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
MSVC80_x86 (Version: 1.0.1.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network (Version: 140.0.215.000)
OCR Software by I.R.I.S. 14.0 (Version: 14.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenMG Secure Module 4.7.00 (Version: 4.7.00.12140)
Packard Bell Updator
PowerISO
PRS-500 USB driver (Version: 1.0.00.08110)
PS_AIO_07_C410_SW_Min (Version: 140.0.273.000)
QuickTime (Version: 7.69.80.9)
QuickTransfer (Version: 140.0.98.000)
Rapport (Version: 3.5.1108.73)
ReaConverter 5.5 Pro
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)
Realtek High Definition Audio Driver
RTC Client API v1.2 (Version: 1.2.0000)
Scan (Version: 140.0.80.000)
SetUp My PC
Shop for HP Supplies (Version: 14.0)
Skype 2.5.2.151
Skype™ 3.5 (Version: 3.5.239)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 140.0.214.000)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
Spotify (Version: 0.4.3)
Status (Version: 140.0.256.000)
SUPERAntiSpyware (Version: 5.0.1146)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 9.1.0.0)
Toolbox (Version: 140.0.428.000)
Toolbox (Version: 82.0.173.000)
TrayApp (Version: 140.0.212.000)
UnloadSupport (Version: 1.00.0000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Viewpoint Media Player
VLC media player 2.0.1 (Version: 2.0.1)
WebReg (Version: 140.0.212.017)
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080) (Version: 08/08/2006 1.0.03.08080)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)

========================= Memory info: ===================================

Percentage of memory in use: 62%
Total physical RAM: 1918.17 MB
Available physical RAM: 721.12 MB
Total Pagefile: 3836.34 MB
Available Pagefile: 2444.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1931.83 MB

========================= Partitions: =====================================

1 Drive c: (HDD) (Fixed) (Total:66.52 GB) (Free:39.11 GB) NTFS
2 Drive d: (BBCDVD1550) (CDROM) (Total:6.66 GB) (Free:0 GB) UDF

Edited by LittleCaterpillar, 30 April 2012 - 09:30 PM.


#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:26 PM

Posted 30 April 2012 - 11:22 PM

Lets stop our cleaning process here.

Win32/Ramnit.T virus deleted - quarantined

RAMINIT is a virus that infects your .exe,dll and html files.It can infect thousands of files at faster rate and is transferred using flash drives.At this stage i would advise you to Reinstall your operating system.Make sure that you do not back up .EXE,DLL or HTML files.After reinstalling your operating system run a scan once again.

good luck

#12 LittleCaterpillar

LittleCaterpillar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 01 May 2012 - 02:30 AM

Thank you very much for all this, I reaaly appreciate it.

If I'm reinstalling Windows 7 do I literally just pop the disc back in and go from there or do I have to go about uninstalling it and then reinstall it? How do I make sure it's not going to keep those files? I'm not sure entirely and I'm beginning to realise how little I know.

Thank you again

EDIT: Sorry, just woken up and had a dodo moment and forgot to check the Windows website - do you mean reformat the hardrive in the reinstall process so I get a clean install? Would that delete all the html etc?

Thanks again (especially for your patience).

Edited by LittleCaterpillar, 01 May 2012 - 02:44 AM.


#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:26 PM

Posted 01 May 2012 - 09:05 AM

Sorry, just woken up and had a dodo moment and forgot to check the Windows website - do you mean reformat the hardrive in the reinstall process so I get a clean install? Would that delete all the html etc?

Yes

Make sure not to back up files that are in EXE,DLL or HTML formats.Eventhough RAMINIT has affected less number of files according to the log.It could spread at faster rate.

After performing a clean install,run a scan with ESET online scanner once again.

I Would recommend to run this tool

https://www.freedrweb.com/download+cureit+free/?lng=en

This is greate tool especially against RAMINIT

good luck

#14 LittleCaterpillar

LittleCaterpillar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 01 May 2012 - 11:37 AM

Hi,

I've been trying to reinstall from my disk but for some reason my laptop will read DVD's fine but not my windows 7 32bit upgrade disc. I've tried finding it via My Computer, and I've tried going into BIOS and starting from the CD/DVD drive first but to avail. It just can't see it. Is it because it's an upgrade disc? Am I doing something wrong? Thought I'd post this here since it's part of the ongoing stuff I had before.

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:26 PM

Posted 01 May 2012 - 01:12 PM

The DVD may be corrupt.Check it on a different PC




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users