Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very slow computer, possible infection


  • This topic is locked This topic is locked
24 replies to this topic

#1 rzacharia21

rzacharia21

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 12 May 2012 - 05:27 PM

I have attempted to run GMER at least 5 times on my computer, and each time, the computer shuts down in the middle of the scan. I do not know what the issue is with that, but the DDS logs are below and attached. This computer is very slow so any help would be greatly appreciated.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Alan at 16:21:50 on 2012-05-12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.182 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
svchost.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\SFT\GuardedID\gidd.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\tbctray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
C:\Program Files\Constant Guard Protection Suite\IDVault.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\program files\constant guard protection suite\NativeBHO.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - c:\program files\xfin_portal\auxi\comcastAu.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
TB: @c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [GIDDesktop] c:\program files\sft\guardedid\gidd.exe /s
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [TraySantaCruz] c:\windows\system32\tbctray.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alan\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289532921890
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E8708423-57E4-4AC4-B837-C488E8851312} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: GIDLogonXP - GIDLogonXP.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v
.
============= SERVICES / DRIVERS ===============
.
R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2011-6-17 25232]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2012-3-30 65608]
R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [2010-11-13 144768]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [2010-11-13 545088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-24 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-24 136176]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-05-12 16:27:23 6734704 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0e35c58c-a949-44d0-85b8-d902c3f1a99c}\mpengine.dll
2012-04-23 17:33:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-04-23 17:33:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-04-23 17:33:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-04-23 17:33:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-04-23 17:33:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-04-23 17:33:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-04-23 17:33:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
.
==================== Find3M ====================
.
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x86787AB8]
3 CLASSPNP[0xF78A3FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000005a[0x86773F18]
5 ACPI[0xF781A620] -> nt!IofCallDriver[0x804E37D5] -> \Device\Ide\IdeDeviceP0T0L0-3[0x86774D98]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
.
============= FINISH: 16:23:25.87 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:39 PM

Posted 12 May 2012 - 11:52 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 rzacharia21

rzacharia21
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 13 May 2012 - 09:11 PM

ComboFix:

ComboFix 12-05-13.03 - Alan 05/13/2012 20:42:42.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.442 [GMT -5:00]
Running from: c:\documents and settings\Alan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET22.tmp
c:\windows\system32\SET23.tmp
c:\windows\system32\SET24.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-14 to 2012-05-14 )))))))))))))))))))))))))))))))
.
.
2012-05-14 01:29 . 2012-05-14 01:29 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0E35C58C-A949-44D0-85B8-D902C3F1A99C}\MpKsl28e278ea.sys
2012-05-14 01:19 . 2012-05-14 01:19 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0E35C58C-A949-44D0-85B8-D902C3F1A99C}\offreg.dll
2012-05-12 16:27 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0E35C58C-A949-44D0-85B8-D902C3F1A99C}\mpengine.dll
2012-04-23 17:33 . 2012-04-23 17:33 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-04-23 17:33 . 2012-04-23 17:33 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-04-23 17:33 . 2012-04-23 17:33 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-04-23 17:33 . 2012-04-23 17:33 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-04-23 17:33 . 2012-04-23 17:33 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-04-23 17:33 . 2012-04-23 17:33 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-04-23 17:33 . 2012-04-23 17:33 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 07:36 . 2011-09-18 20:58 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-25 39408]
"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-10 153136]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"GIDDesktop"="c:\program files\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"TraySantaCruz"="c:\windows\system32\tbctray.exe" [2002-04-03 290816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Alan\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2012-3-30 5572168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GIDLogonXP]
2011-07-05 15:25 53528 ----a-w- c:\windows\system32\GIDLogonXP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Brother\\BRAdmin Light\\BRAdmLight.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [6/17/2011 9:39 PM 25232]
R1 MpKsl28e278ea;MpKsl28e278ea;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0E35C58C-A949-44D0-85B8-D902C3F1A99C}\MpKsl28e278ea.sys [5/13/2012 8:29 PM 29904]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [6/17/2009 12:49 PM 616408]
R2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [3/30/2012 11:15 AM 65608]
R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [11/13/2010 6:44 PM 144768]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [11/13/2010 6:44 PM 545088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/24/2012 10:56 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/24/2012 10:56 PM 136176]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 7:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL28E278EA
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 15:26 435976 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-05-08 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-17 03:12]
.
2012-05-13 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-17 03:12]
.
2012-05-13 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-17 03:12]
.
2012-05-13 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-17 03:12]
.
2012-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-25 03:56]
.
2012-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-25 03:56]
.
2012-05-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-13 21:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\GIDLogonXP.dll
c:\windows\system32\GIDHookLogon.dll
c:\windows\system32\GIDBIN1.dll
c:\windows\system32\WININET.dll
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll
.
Completion time: 2012-05-13 21:06:25
ComboFix-quarantined-files.txt 2012-05-14 02:06
.
Pre-Run: 56,301,244,416 bytes free
Post-Run: 58,392,895,488 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - B6EA51243D53392B7F4ED3A52604B52D


Security Check:

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Adobe Reader X 10.1.0 Adobe Reader out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````


The computer still is very slow. I'm not sure if that did much

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:39 PM

Posted 13 May 2012 - 09:32 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 rzacharia21

rzacharia21
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 13 May 2012 - 10:41 PM

ASWMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-13 21:57:45
-----------------------------
21:57:45.234 OS Version: Windows 5.1.2600 Service Pack 3
21:57:45.234 Number of processors: 1 586 0x204
21:57:45.234 ComputerName: ALAN-16E25EFA80 UserName: Alan
21:57:46.015 Initialize success
22:03:34.453 AVAST engine defs: 12051301
22:04:02.906 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:04:02.906 Disk 0 Vendor: Size: 0MB BusType: 0
22:04:02.921 Disk 0 MBR read successfully
22:04:02.921 Disk 0 MBR scan
22:04:02.984 Disk 0 Windows XP default MBR code
22:04:02.984 Disk 0 MBR hidden
22:04:03.000 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
22:04:03.140 Disk 0 scanning C:\WINDOWS\system32\drivers
22:04:35.531 Service scanning
22:04:52.750 Service MpKsl0e77bb51 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{56AB4B37-803C-4B08-AE8C-BD3C866A0EA3}\MpKsl0e77bb51.sys **LOCKED** 32
22:05:19.671 Modules scanning
22:05:27.515 Disk 0 trace - called modules:
22:05:27.531 ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
22:05:28.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86787ab8]
22:05:28.031 3 CLASSPNP.SYS[f78a3fd7] -> nt!IofCallDriver -> \Device\0000005a[0x86773f18]
22:05:28.031 5 ACPI.sys[f781a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86774d98]
22:05:28.406 AVAST engine scan C:\WINDOWS
22:05:53.390 AVAST engine scan C:\WINDOWS\system32
22:18:00.328 AVAST engine scan C:\WINDOWS\system32\drivers
22:19:10.640 AVAST engine scan C:\Documents and Settings\Alan
22:26:12.234 AVAST engine scan C:\Documents and Settings\All Users
22:27:46.281 Scan finished successfully
22:40:49.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Alan\Desktop\MBR.dat"
22:40:49.421 The log file has been saved successfully to "C:\Documents and Settings\Alan\Desktop\aswMBR.txt"





TDDS killer log:

21:55:08.0281 3992 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
21:55:08.0640 3992 ============================================================
21:55:08.0640 3992 Current date / time: 2012/05/13 21:55:08.0640
21:55:08.0640 3992 SystemInfo:
21:55:08.0640 3992
21:55:08.0640 3992 OS Version: 5.1.2600 ServicePack: 3.0
21:55:08.0640 3992 Product type: Workstation
21:55:08.0640 3992 ComputerName: ALAN-16E25EFA80
21:55:08.0640 3992 UserName: Alan
21:55:08.0640 3992 Windows directory: C:\WINDOWS
21:55:08.0640 3992 System windows directory: C:\WINDOWS
21:55:08.0640 3992 Processor architecture: Intel x86
21:55:08.0640 3992 Number of processors: 1
21:55:08.0640 3992 Page size: 0x1000
21:55:08.0640 3992 Boot type: Normal boot
21:55:08.0640 3992 ============================================================
21:55:11.0609 3992 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:55:11.0609 3992 ============================================================
21:55:11.0609 3992 \Device\Harddisk0\DR0:
21:55:11.0609 3992 MBR partitions:
21:55:11.0609 3992 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E0D1
21:55:11.0609 3992 ============================================================
21:55:11.0640 3992 C: <-> \Device\Harddisk0\DR0\Partition0
21:55:11.0640 3992 ============================================================
21:55:11.0640 3992 Initialize success
21:55:11.0640 3992 ============================================================
21:55:13.0640 1228 ============================================================
21:55:13.0640 1228 Scan started
21:55:13.0640 1228 Mode: Manual;
21:55:13.0640 1228 ============================================================
21:55:14.0468 1228 Abiosdsk - ok
21:55:14.0484 1228 abp480n5 - ok
21:55:14.0531 1228 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:55:14.0546 1228 ACPI - ok
21:55:14.0578 1228 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:55:14.0578 1228 ACPIEC - ok
21:55:14.0593 1228 adpu160m - ok
21:55:14.0640 1228 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:55:14.0656 1228 aec - ok
21:55:14.0687 1228 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
21:55:14.0703 1228 AFD - ok
21:55:14.0734 1228 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:55:14.0734 1228 agp440 - ok
21:55:14.0750 1228 Aha154x - ok
21:55:14.0765 1228 aic78u2 - ok
21:55:14.0781 1228 aic78xx - ok
21:55:14.0828 1228 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:55:14.0828 1228 Alerter - ok
21:55:14.0859 1228 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:55:14.0859 1228 ALG - ok
21:55:14.0875 1228 AliIde - ok
21:55:14.0906 1228 amsint - ok
21:55:15.0000 1228 AntiSpywareService (f9dac844b1d370da4c984d4c22f5e696) C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
21:55:15.0015 1228 AntiSpywareService - ok
21:55:15.0062 1228 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
21:55:15.0078 1228 AppMgmt - ok
21:55:15.0078 1228 asc - ok
21:55:15.0093 1228 asc3350p - ok
21:55:15.0109 1228 asc3550 - ok
21:55:15.0234 1228 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:55:15.0234 1228 aspnet_state - ok
21:55:15.0265 1228 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:55:15.0265 1228 AsyncMac - ok
21:55:15.0312 1228 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:55:15.0312 1228 atapi - ok
21:55:15.0328 1228 Atdisk - ok
21:55:15.0359 1228 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:55:15.0359 1228 Atmarpc - ok
21:55:15.0390 1228 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:55:15.0406 1228 AudioSrv - ok
21:55:15.0453 1228 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:55:15.0453 1228 audstub - ok
21:55:15.0500 1228 basic2 (9372cc48814a17e67c28945eb4acc189) C:\WINDOWS\system32\DRIVERS\basic2.sys
21:55:15.0500 1228 basic2 - ok
21:55:15.0531 1228 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:55:15.0546 1228 Beep - ok
21:55:15.0609 1228 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:55:15.0625 1228 BITS - ok
21:55:15.0671 1228 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:55:15.0671 1228 Browser - ok
21:55:15.0734 1228 catchme - ok
21:55:15.0781 1228 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:55:15.0781 1228 cbidf2k - ok
21:55:15.0796 1228 cd20xrnt - ok
21:55:15.0828 1228 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:55:15.0828 1228 Cdaudio - ok
21:55:15.0859 1228 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:55:15.0859 1228 Cdfs - ok
21:55:15.0890 1228 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:55:15.0890 1228 Cdrom - ok
21:55:15.0921 1228 Changer - ok
21:55:15.0968 1228 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:55:15.0968 1228 CiSvc - ok
21:55:15.0984 1228 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:55:15.0984 1228 ClipSrv - ok
21:55:16.0046 1228 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:55:16.0046 1228 clr_optimization_v2.0.50727_32 - ok
21:55:16.0125 1228 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:55:16.0125 1228 clr_optimization_v4.0.30319_32 - ok
21:55:16.0140 1228 CmdIde - ok
21:55:16.0171 1228 COMSysApp - ok
21:55:16.0203 1228 Cpqarray - ok
21:55:16.0234 1228 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:55:16.0234 1228 CryptSvc - ok
21:55:16.0250 1228 dac2w2k - ok
21:55:16.0265 1228 dac960nt - ok
21:55:16.0328 1228 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:55:16.0343 1228 DcomLaunch - ok
21:55:16.0390 1228 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:55:16.0437 1228 Dhcp - ok
21:55:16.0468 1228 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:55:16.0468 1228 Disk - ok
21:55:16.0500 1228 DM9102 (51ef6ca3d57055fed6ab99021d562443) C:\WINDOWS\system32\DRIVERS\DM9PCI5.SYS
21:55:16.0500 1228 DM9102 - ok
21:55:16.0515 1228 dmadmin - ok
21:55:16.0609 1228 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:55:16.0625 1228 dmboot - ok
21:55:16.0656 1228 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:55:16.0671 1228 dmio - ok
21:55:16.0703 1228 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:55:16.0703 1228 dmload - ok
21:55:16.0734 1228 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:55:16.0734 1228 dmserver - ok
21:55:16.0765 1228 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:55:16.0765 1228 DMusic - ok
21:55:16.0796 1228 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
21:55:16.0796 1228 Dnscache - ok
21:55:16.0859 1228 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:55:16.0875 1228 Dot3svc - ok
21:55:16.0890 1228 dpti2o - ok
21:55:16.0937 1228 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:55:16.0937 1228 drmkaud - ok
21:55:16.0984 1228 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:55:16.0984 1228 EapHost - ok
21:55:17.0031 1228 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:55:17.0062 1228 ERSvc - ok
21:55:17.0093 1228 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:55:17.0109 1228 Eventlog - ok
21:55:17.0156 1228 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
21:55:17.0265 1228 EventSystem - ok
21:55:17.0312 1228 Fallback (9ea76a7f28cd968f8adc709e479f23b2) C:\WINDOWS\system32\DRIVERS\fallback.sys
21:55:17.0328 1228 Fallback - ok
21:55:17.0359 1228 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:55:17.0375 1228 Fastfat - ok
21:55:17.0421 1228 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:55:17.0437 1228 FastUserSwitchingCompatibility - ok
21:55:17.0484 1228 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:55:17.0484 1228 Fdc - ok
21:55:17.0500 1228 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:55:17.0515 1228 Fips - ok
21:55:17.0531 1228 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:55:17.0531 1228 Flpydisk - ok
21:55:17.0562 1228 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:55:17.0578 1228 FltMgr - ok
21:55:17.0843 1228 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:55:17.0859 1228 FontCache3.0.0.0 - ok
21:55:17.0875 1228 Fsks (b7b262d0431374f3afd1349e35b368d9) C:\WINDOWS\system32\DRIVERS\fsksnt.sys
21:55:17.0890 1228 Fsks - ok
21:55:17.0921 1228 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:55:17.0921 1228 Fs_Rec - ok
21:55:17.0968 1228 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:55:17.0984 1228 Ftdisk - ok
21:55:18.0031 1228 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
21:55:18.0031 1228 gameenum - ok
21:55:18.0093 1228 GIDv2 (20f6c49e2c410fcd32d781f521579bf5) C:\WINDOWS\system32\drivers\GIDv2.sys
21:55:18.0140 1228 GIDv2 - ok
21:55:18.0187 1228 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:55:18.0187 1228 Gpc - ok
21:55:18.0281 1228 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:55:18.0281 1228 gupdate - ok
21:55:18.0296 1228 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:55:18.0296 1228 gupdatem - ok
21:55:18.0343 1228 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:55:18.0515 1228 gusvc - ok
21:55:18.0562 1228 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:55:18.0562 1228 helpsvc - ok
21:55:18.0578 1228 HidServ - ok
21:55:18.0625 1228 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:55:18.0625 1228 hidusb - ok
21:55:18.0671 1228 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:55:18.0687 1228 hkmsvc - ok
21:55:18.0703 1228 hpn - ok
21:55:18.0750 1228 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
21:55:18.0765 1228 HSFHWBS2 - ok
21:55:18.0859 1228 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
21:55:18.0906 1228 HSF_DP - ok
21:55:18.0968 1228 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:55:18.0984 1228 HTTP - ok
21:55:19.0015 1228 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:55:19.0015 1228 HTTPFilter - ok
21:55:19.0031 1228 i2omgmt - ok
21:55:19.0046 1228 i2omp - ok
21:55:19.0093 1228 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:55:19.0093 1228 i8042prt - ok
21:55:19.0234 1228 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:55:19.0281 1228 idsvc - ok
21:55:19.0343 1228 IDVaultSvc (9eb85e7ee5d408fbd7968e695d088570) C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
21:55:19.0343 1228 IDVaultSvc - ok
21:55:19.0375 1228 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:55:19.0375 1228 Imapi - ok
21:55:19.0421 1228 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:55:19.0546 1228 ImapiService - ok
21:55:19.0562 1228 ini910u - ok
21:55:19.0609 1228 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:55:19.0609 1228 IntelIde - ok
21:55:19.0656 1228 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:55:19.0656 1228 intelppm - ok
21:55:19.0671 1228 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:55:19.0671 1228 Ip6Fw - ok
21:55:19.0718 1228 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:55:19.0718 1228 IpFilterDriver - ok
21:55:19.0750 1228 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:55:19.0750 1228 IpInIp - ok
21:55:19.0781 1228 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:55:19.0796 1228 IpNat - ok
21:55:19.0828 1228 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:55:19.0828 1228 IPSec - ok
21:55:19.0859 1228 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:55:19.0859 1228 IRENUM - ok
21:55:19.0906 1228 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:55:19.0906 1228 isapnp - ok
21:55:19.0968 1228 ITMRTSVC (54f694c6cd3a1149ba3a8bdacc83badc) C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
21:55:19.0984 1228 ITMRTSVC - ok
21:55:20.0046 1228 K56 (a4e3277398c8aba999483d4c658c9696) C:\WINDOWS\system32\DRIVERS\k56nt.sys
21:55:20.0078 1228 K56 - ok
21:55:20.0109 1228 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:55:20.0109 1228 Kbdclass - ok
21:55:20.0171 1228 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:55:20.0187 1228 kmixer - ok
21:55:20.0218 1228 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:55:20.0218 1228 KSecDD - ok
21:55:20.0265 1228 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:55:20.0281 1228 lanmanserver - ok
21:55:20.0328 1228 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:55:20.0343 1228 lanmanworkstation - ok
21:55:20.0359 1228 lbrtfdc - ok
21:55:20.0406 1228 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:55:20.0406 1228 LmHosts - ok
21:55:20.0437 1228 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:55:20.0453 1228 mdmxsdk - ok
21:55:20.0484 1228 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:55:20.0484 1228 Messenger - ok
21:55:20.0578 1228 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:55:20.0593 1228 Microsoft Office Groove Audit Service - ok
21:55:20.0625 1228 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:55:20.0625 1228 mnmdd - ok
21:55:20.0656 1228 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
21:55:20.0656 1228 mnmsrvc - ok
21:55:20.0703 1228 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:55:20.0703 1228 Modem - ok
21:55:20.0750 1228 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
21:55:20.0750 1228 MODEMCSA - ok
21:55:20.0781 1228 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:55:20.0781 1228 Mouclass - ok
21:55:20.0828 1228 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:55:20.0828 1228 mouhid - ok
21:55:20.0875 1228 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:55:20.0875 1228 MountMgr - ok
21:55:20.0921 1228 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
21:55:20.0921 1228 MpFilter - ok
21:55:21.0031 1228 MpKsl0e77bb51 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{56AB4B37-803C-4B08-AE8C-BD3C866A0EA3}\MpKsl0e77bb51.sys
21:55:21.0031 1228 MpKsl0e77bb51 - ok
21:55:21.0046 1228 mraid35x - ok
21:55:21.0093 1228 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:55:21.0109 1228 MRxDAV - ok
21:55:21.0171 1228 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:55:21.0187 1228 MRxSmb - ok
21:55:21.0218 1228 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
21:55:21.0218 1228 MSDTC - ok
21:55:21.0281 1228 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:55:21.0281 1228 Msfs - ok
21:55:21.0296 1228 MSIServer - ok
21:55:21.0328 1228 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:55:21.0328 1228 MSKSSRV - ok
21:55:21.0390 1228 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
21:55:21.0390 1228 MsMpSvc - ok
21:55:21.0421 1228 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:55:21.0421 1228 MSPCLOCK - ok
21:55:21.0453 1228 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:55:21.0453 1228 MSPQM - ok
21:55:21.0484 1228 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:55:21.0484 1228 mssmbios - ok
21:55:21.0531 1228 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:55:21.0531 1228 Mup - ok
21:55:21.0593 1228 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:55:21.0609 1228 napagent - ok
21:55:21.0718 1228 NBService (f46070ddada5c396b1f2ebf1c46dbb08) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
21:55:21.0750 1228 NBService - ok
21:55:21.0796 1228 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:55:21.0812 1228 NDIS - ok
21:55:21.0843 1228 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:55:21.0843 1228 NdisTapi - ok
21:55:21.0859 1228 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:55:21.0859 1228 Ndisuio - ok
21:55:21.0890 1228 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:55:21.0906 1228 NdisWan - ok
21:55:21.0921 1228 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:55:21.0921 1228 NDProxy - ok
21:55:21.0953 1228 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:55:21.0953 1228 NetBIOS - ok
21:55:22.0000 1228 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:55:22.0015 1228 NetBT - ok
21:55:22.0062 1228 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:55:22.0062 1228 NetDDE - ok
21:55:22.0078 1228 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:55:22.0078 1228 NetDDEdsdm - ok
21:55:22.0109 1228 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:55:22.0109 1228 Netlogon - ok
21:55:22.0140 1228 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:55:22.0156 1228 Netman - ok
21:55:22.0250 1228 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:55:22.0265 1228 NetTcpPortSharing - ok
21:55:22.0328 1228 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
21:55:22.0328 1228 Nla - ok
21:55:22.0421 1228 NMIndexingService (433049770b810d7c83c5c94cdb3e09d2) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
21:55:22.0437 1228 NMIndexingService - ok
21:55:22.0484 1228 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:55:22.0484 1228 Npfs - ok
21:55:22.0531 1228 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:55:22.0546 1228 Ntfs - ok
21:55:22.0578 1228 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:55:22.0578 1228 NtLmSsp - ok
21:55:22.0640 1228 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:55:22.0656 1228 NtmsSvc - ok
21:55:22.0687 1228 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:55:22.0687 1228 Null - ok
21:55:22.0828 1228 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:55:22.0890 1228 nv - ok
21:55:22.0984 1228 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:55:22.0984 1228 NwlnkFlt - ok
21:55:23.0000 1228 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:55:23.0000 1228 NwlnkFwd - ok
21:55:23.0109 1228 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:55:23.0125 1228 odserv - ok
21:55:23.0187 1228 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:55:23.0203 1228 ose - ok
21:55:23.0250 1228 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:55:23.0250 1228 Parport - ok
21:55:23.0281 1228 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:55:23.0281 1228 PartMgr - ok
21:55:23.0312 1228 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:55:23.0312 1228 ParVdm - ok
21:55:23.0359 1228 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:55:23.0359 1228 PCI - ok
21:55:23.0375 1228 PCIDump - ok
21:55:23.0406 1228 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
21:55:23.0406 1228 PCIIde - ok
21:55:23.0437 1228 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:55:23.0453 1228 Pcmcia - ok
21:55:23.0468 1228 PDCOMP - ok
21:55:23.0484 1228 PDFRAME - ok
21:55:23.0500 1228 PDRELI - ok
21:55:23.0515 1228 PDRFRAME - ok
21:55:23.0546 1228 perc2 - ok
21:55:23.0562 1228 perc2hib - ok
21:55:23.0640 1228 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:55:23.0656 1228 PlugPlay - ok
21:55:23.0671 1228 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:55:23.0671 1228 PolicyAgent - ok
21:55:23.0703 1228 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:55:23.0703 1228 PptpMiniport - ok
21:55:23.0718 1228 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:55:23.0718 1228 ProtectedStorage - ok
21:55:23.0750 1228 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:55:23.0750 1228 PSched - ok
21:55:23.0781 1228 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:55:23.0781 1228 Ptilink - ok
21:55:23.0796 1228 ql1080 - ok
21:55:23.0828 1228 Ql10wnt - ok
21:55:23.0843 1228 ql12160 - ok
21:55:23.0859 1228 ql1240 - ok
21:55:23.0890 1228 ql1280 - ok
21:55:23.0906 1228 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:55:23.0906 1228 RasAcd - ok
21:55:23.0953 1228 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:55:23.0953 1228 RasAuto - ok
21:55:23.0984 1228 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:55:23.0984 1228 Rasl2tp - ok
21:55:24.0031 1228 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:55:24.0109 1228 RasMan - ok
21:55:24.0140 1228 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:55:24.0140 1228 RasPppoe - ok
21:55:24.0156 1228 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:55:24.0171 1228 Raspti - ok
21:55:24.0218 1228 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:55:24.0234 1228 Rdbss - ok
21:55:24.0265 1228 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:55:24.0265 1228 RDPCDD - ok
21:55:24.0296 1228 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:55:24.0312 1228 rdpdr - ok
21:55:24.0359 1228 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
21:55:24.0375 1228 RDPWD - ok
21:55:24.0406 1228 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:55:24.0421 1228 RDSessMgr - ok
21:55:24.0468 1228 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:55:24.0468 1228 redbook - ok
21:55:24.0500 1228 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:55:24.0500 1228 RemoteAccess - ok
21:55:24.0546 1228 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
21:55:24.0546 1228 RemoteRegistry - ok
21:55:24.0593 1228 Rksample (4c35e57300a2dc5932a8e29efa527c32) C:\WINDOWS\system32\DRIVERS\rksample.sys
21:55:24.0593 1228 Rksample - ok
21:55:24.0656 1228 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
21:55:24.0656 1228 RpcLocator - ok
21:55:24.0703 1228 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
21:55:24.0718 1228 RpcSs - ok
21:55:24.0750 1228 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:55:24.0750 1228 RSVP - ok
21:55:24.0796 1228 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:55:24.0796 1228 SamSs - ok
21:55:24.0843 1228 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:55:24.0843 1228 SCardSvr - ok
21:55:24.0890 1228 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:55:24.0906 1228 Schedule - ok
21:55:25.0015 1228 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
21:55:25.0031 1228 SeaPort - ok
21:55:25.0062 1228 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:55:25.0062 1228 Secdrv - ok
21:55:25.0109 1228 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:55:25.0125 1228 seclogon - ok
21:55:25.0140 1228 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
21:55:25.0140 1228 SENS - ok
21:55:25.0187 1228 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:55:25.0187 1228 serenum - ok
21:55:25.0203 1228 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:55:25.0203 1228 Serial - ok
21:55:25.0281 1228 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:55:25.0281 1228 Sfloppy - ok
21:55:25.0328 1228 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
21:55:25.0343 1228 SharedAccess - ok
21:55:25.0375 1228 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:55:25.0390 1228 ShellHWDetection - ok
21:55:25.0406 1228 Simbad - ok
21:55:25.0468 1228 SoftFax (413cfa795cad19a010889df0ec060408) C:\WINDOWS\system32\DRIVERS\faxnt.sys
21:55:25.0468 1228 SoftFax - ok
21:55:25.0515 1228 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
21:55:25.0515 1228 SONYPVU1 - ok
21:55:25.0531 1228 Sparrow - ok
21:55:25.0578 1228 SpeakerPhone (c11082c80723771c1979eacf7fdde1c3) C:\WINDOWS\system32\DRIVERS\spkpnt.sys
21:55:25.0578 1228 SpeakerPhone - ok
21:55:25.0625 1228 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:55:25.0625 1228 splitter - ok
21:55:25.0656 1228 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:55:25.0671 1228 Spooler - ok
21:55:25.0703 1228 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:55:25.0703 1228 sr - ok
21:55:25.0750 1228 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:55:25.0765 1228 srservice - ok
21:55:25.0828 1228 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:55:25.0843 1228 Srv - ok
21:55:25.0890 1228 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:55:25.0890 1228 SSDPSRV - ok
21:55:25.0953 1228 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:55:25.0984 1228 stisvc - ok
21:55:26.0015 1228 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:55:26.0015 1228 swenum - ok
21:55:26.0062 1228 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:55:26.0062 1228 swmidi - ok
21:55:26.0078 1228 SwPrv - ok
21:55:26.0093 1228 symc810 - ok
21:55:26.0125 1228 symc8xx - ok
21:55:26.0140 1228 sym_hi - ok
21:55:26.0156 1228 sym_u3 - ok
21:55:26.0187 1228 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:55:26.0203 1228 sysaudio - ok
21:55:26.0250 1228 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:55:26.0250 1228 SysmonLog - ok
21:55:26.0281 1228 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:55:26.0312 1228 TapiSrv - ok
21:55:26.0359 1228 tbcspud (b45259cc19ea0a5b8a407923e03df96c) C:\WINDOWS\system32\drivers\tbcspud.sys
21:55:26.0375 1228 tbcspud - ok
21:55:26.0453 1228 tbcwdm (c7480d4478fa45bc83753e3e0b09cb58) C:\WINDOWS\system32\drivers\tbcwdm.sys
21:55:26.0468 1228 tbcwdm - ok
21:55:26.0515 1228 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:55:26.0546 1228 Tcpip - ok
21:55:26.0578 1228 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:55:26.0578 1228 TDPIPE - ok
21:55:26.0609 1228 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:55:26.0609 1228 TDTCP - ok
21:55:26.0640 1228 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:55:26.0640 1228 TermDD - ok
21:55:26.0718 1228 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:55:26.0734 1228 TermService - ok
21:55:26.0781 1228 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:55:26.0781 1228 Themes - ok
21:55:26.0843 1228 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
21:55:26.0843 1228 TlntSvr - ok
21:55:26.0875 1228 Tones (e0f10a379239b4fab319c55a9cd6bc96) C:\WINDOWS\system32\DRIVERS\tonesnt.sys
21:55:26.0890 1228 Tones - ok
21:55:26.0906 1228 TosIde - ok
21:55:26.0937 1228 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:55:26.0953 1228 TrkWks - ok
21:55:27.0015 1228 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:55:27.0015 1228 Udfs - ok
21:55:27.0031 1228 ultra - ok
21:55:27.0093 1228 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:55:27.0109 1228 Update - ok
21:55:27.0156 1228 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:55:27.0250 1228 upnphost - ok
21:55:27.0281 1228 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:55:27.0281 1228 UPS - ok
21:55:27.0328 1228 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:55:27.0375 1228 usbccgp - ok
21:55:27.0421 1228 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:55:27.0421 1228 usbehci - ok
21:55:27.0453 1228 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:55:27.0453 1228 usbhub - ok
21:55:27.0484 1228 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:55:27.0531 1228 usbprint - ok
21:55:27.0562 1228 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:55:27.0609 1228 usbscan - ok
21:55:27.0640 1228 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:55:27.0640 1228 USBSTOR - ok
21:55:27.0687 1228 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:55:27.0687 1228 usbuhci - ok
21:55:27.0734 1228 V124 (177b65899d418f8c8f037b20567a99d6) C:\WINDOWS\system32\DRIVERS\v124nt.sys
21:55:27.0750 1228 V124 - ok
21:55:27.0781 1228 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:55:27.0781 1228 VgaSave - ok
21:55:27.0812 1228 ViaIde - ok
21:55:27.0843 1228 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:55:27.0843 1228 VolSnap - ok
21:55:27.0890 1228 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:55:27.0906 1228 VSS - ok
21:55:27.0968 1228 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
21:55:28.0000 1228 W32Time - ok
21:55:28.0046 1228 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:55:28.0046 1228 Wanarp - ok
21:55:28.0093 1228 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
21:55:28.0125 1228 WDC_SAM - ok
21:55:28.0140 1228 WDICA - ok
21:55:28.0171 1228 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:55:28.0187 1228 wdmaud - ok
21:55:28.0234 1228 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:55:28.0234 1228 WebClient - ok
21:55:28.0312 1228 winachsf (a941aa38e3951058e584c4bbddd56ed9) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:55:28.0328 1228 winachsf - ok
21:55:28.0390 1228 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:55:28.0406 1228 winmgmt - ok
21:55:28.0515 1228 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
21:55:28.0562 1228 WinRM - ok
21:55:28.0625 1228 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:55:28.0625 1228 WmdmPmSN - ok
21:55:28.0687 1228 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
21:55:28.0718 1228 Wmi - ok
21:55:28.0796 1228 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:55:28.0812 1228 WmiApSrv - ok
21:55:28.0953 1228 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:55:28.0984 1228 WMPNetworkSvc - ok
21:55:29.0156 1228 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:55:29.0218 1228 WPFFontCache_v0400 - ok
21:55:29.0328 1228 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:55:29.0328 1228 WS2IFSL - ok
21:55:29.0359 1228 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
21:55:29.0359 1228 wscsvc - ok
21:55:29.0406 1228 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
21:55:29.0421 1228 wuauserv - ok
21:55:29.0437 1228 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:55:29.0437 1228 WudfPf - ok
21:55:29.0468 1228 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:55:29.0468 1228 WudfRd - ok
21:55:29.0500 1228 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:55:29.0500 1228 WudfSvc - ok
21:55:29.0562 1228 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:55:29.0593 1228 WZCSVC - ok
21:55:29.0625 1228 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:55:29.0640 1228 xmlprov - ok
21:55:29.0671 1228 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:55:29.0812 1228 \Device\Harddisk0\DR0 - ok
21:55:29.0828 1228 Boot (0x1200) (2badce2693567a63cfbbf1994547fc92) \Device\Harddisk0\DR0\Partition0
21:55:29.0828 1228 \Device\Harddisk0\DR0\Partition0 - ok
21:55:29.0843 1228 ============================================================
21:55:29.0843 1228 Scan finished
21:55:29.0843 1228 ============================================================
21:55:29.0859 3012 Detected object count: 0
21:55:29.0859 3012 Actual detected object count: 0
21:55:49.0937 2644 ============================================================
21:55:49.0937 2644 Scan started
21:55:49.0937 2644 Mode: Manual;
21:55:49.0937 2644 ============================================================
21:55:50.0125 2644 Abiosdsk - ok
21:55:50.0140 2644 abp480n5 - ok
21:55:50.0203 2644 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:55:50.0203 2644 ACPI - ok
21:55:50.0234 2644 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:55:50.0234 2644 ACPIEC - ok
21:55:50.0250 2644 adpu160m - ok
21:55:50.0296 2644 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:55:50.0296 2644 aec - ok
21:55:50.0328 2644 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
21:55:50.0343 2644 AFD - ok
21:55:50.0375 2644 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:55:50.0375 2644 agp440 - ok
21:55:50.0390 2644 Aha154x - ok
21:55:50.0406 2644 aic78u2 - ok
21:55:50.0421 2644 aic78xx - ok
21:55:50.0453 2644 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:55:50.0453 2644 Alerter - ok
21:55:50.0484 2644 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:55:50.0484 2644 ALG - ok
21:55:50.0500 2644 AliIde - ok
21:55:50.0515 2644 amsint - ok
21:55:50.0609 2644 AntiSpywareService (f9dac844b1d370da4c984d4c22f5e696) C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
21:55:50.0609 2644 AntiSpywareService - ok
21:55:50.0656 2644 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
21:55:50.0656 2644 AppMgmt - ok
21:55:50.0671 2644 asc - ok
21:55:50.0687 2644 asc3350p - ok
21:55:50.0703 2644 asc3550 - ok
21:55:50.0843 2644 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:55:50.0843 2644 aspnet_state - ok
21:55:50.0875 2644 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:55:50.0875 2644 AsyncMac - ok
21:55:50.0906 2644 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:55:50.0906 2644 atapi - ok
21:55:50.0921 2644 Atdisk - ok
21:55:50.0968 2644 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:55:50.0968 2644 Atmarpc - ok
21:55:51.0015 2644 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:55:51.0015 2644 AudioSrv - ok
21:55:51.0046 2644 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:55:51.0046 2644 audstub - ok
21:55:51.0093 2644 basic2 (9372cc48814a17e67c28945eb4acc189) C:\WINDOWS\system32\DRIVERS\basic2.sys
21:55:51.0093 2644 basic2 - ok
21:55:51.0125 2644 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:55:51.0125 2644 Beep - ok
21:55:51.0187 2644 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:55:51.0187 2644 BITS - ok
21:55:51.0234 2644 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:55:51.0234 2644 Browser - ok
21:55:51.0296 2644 catchme - ok
21:55:51.0328 2644 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:55:51.0328 2644 cbidf2k - ok
21:55:51.0343 2644 cd20xrnt - ok
21:55:51.0375 2644 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:55:51.0375 2644 Cdaudio - ok
21:55:51.0421 2644 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:55:51.0421 2644 Cdfs - ok
21:55:51.0437 2644 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:55:51.0453 2644 Cdrom - ok
21:55:51.0468 2644 Changer - ok
21:55:51.0500 2644 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:55:51.0500 2644 CiSvc - ok
21:55:51.0531 2644 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:55:51.0531 2644 ClipSrv - ok
21:55:51.0593 2644 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:55:51.0593 2644 clr_optimization_v2.0.50727_32 - ok
21:55:51.0671 2644 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:55:51.0671 2644 clr_optimization_v4.0.30319_32 - ok
21:55:51.0687 2644 CmdIde - ok
21:55:51.0703 2644 COMSysApp - ok
21:55:51.0734 2644 Cpqarray - ok
21:55:51.0765 2644 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:55:51.0765 2644 CryptSvc - ok
21:55:51.0781 2644 dac2w2k - ok
21:55:51.0796 2644 dac960nt - ok
21:55:51.0859 2644 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:55:51.0875 2644 DcomLaunch - ok
21:55:51.0921 2644 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:55:51.0921 2644 Dhcp - ok
21:55:51.0953 2644 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:55:51.0953 2644 Disk - ok
21:55:51.0984 2644 DM9102 (51ef6ca3d57055fed6ab99021d562443) C:\WINDOWS\system32\DRIVERS\DM9PCI5.SYS
21:55:51.0984 2644 DM9102 - ok
21:55:52.0000 2644 dmadmin - ok
21:55:52.0093 2644 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:55:52.0093 2644 dmboot - ok
21:55:52.0125 2644 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:55:52.0140 2644 dmio - ok
21:55:52.0156 2644 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:55:52.0156 2644 dmload - ok
21:55:52.0203 2644 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:55:52.0203 2644 dmserver - ok
21:55:52.0234 2644 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:55:52.0234 2644 DMusic - ok
21:55:52.0281 2644 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
21:55:52.0281 2644 Dnscache - ok
21:55:52.0328 2644 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:55:52.0328 2644 Dot3svc - ok
21:55:52.0343 2644 dpti2o - ok
21:55:52.0375 2644 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:55:52.0375 2644 drmkaud - ok
21:55:52.0421 2644 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:55:52.0421 2644 EapHost - ok
21:55:52.0468 2644 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:55:52.0468 2644 ERSvc - ok
21:55:52.0515 2644 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:55:52.0515 2644 Eventlog - ok
21:55:52.0562 2644 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
21:55:52.0562 2644 EventSystem - ok
21:55:52.0609 2644 Fallback (9ea76a7f28cd968f8adc709e479f23b2) C:\WINDOWS\system32\DRIVERS\fallback.sys
21:55:52.0625 2644 Fallback - ok
21:55:52.0656 2644 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:55:52.0656 2644 Fastfat - ok
21:55:52.0703 2644 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:55:52.0703 2644 FastUserSwitchingCompatibility - ok
21:55:52.0750 2644 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:55:52.0750 2644 Fdc - ok
21:55:52.0781 2644 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:55:52.0781 2644 Fips - ok
21:55:52.0796 2644 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:55:52.0796 2644 Flpydisk - ok
21:55:52.0843 2644 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:55:52.0843 2644 FltMgr - ok
21:55:52.0937 2644 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:55:52.0937 2644 FontCache3.0.0.0 - ok
21:55:52.0968 2644 Fsks (b7b262d0431374f3afd1349e35b368d9) C:\WINDOWS\system32\DRIVERS\fsksnt.sys
21:55:52.0968 2644 Fsks - ok
21:55:53.0015 2644 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:55:53.0015 2644 Fs_Rec - ok
21:55:53.0031 2644 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:55:53.0031 2644 Ftdisk - ok
21:55:53.0078 2644 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
21:55:53.0078 2644 gameenum - ok
21:55:53.0109 2644 GIDv2 (20f6c49e2c410fcd32d781f521579bf5) C:\WINDOWS\system32\drivers\GIDv2.sys
21:55:53.0109 2644 GIDv2 - ok
21:55:53.0140 2644 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:55:53.0140 2644 Gpc - ok
21:55:53.0234 2644 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:55:53.0250 2644 gupdate - ok
21:55:53.0265 2644 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:55:53.0265 2644 gupdatem - ok
21:55:53.0296 2644 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:55:53.0312 2644 gusvc - ok
21:55:53.0375 2644 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:55:53.0375 2644 helpsvc - ok
21:55:53.0390 2644 HidServ - ok
21:55:53.0421 2644 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:55:53.0421 2644 hidusb - ok
21:55:53.0468 2644 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:55:53.0468 2644 hkmsvc - ok
21:55:53.0484 2644 hpn - ok
21:55:53.0546 2644 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
21:55:53.0546 2644 HSFHWBS2 - ok
21:55:53.0625 2644 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
21:55:53.0625 2644 HSF_DP - ok
21:55:53.0687 2644 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:55:53.0703 2644 HTTP - ok
21:55:53.0734 2644 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:55:53.0734 2644 HTTPFilter - ok
21:55:53.0750 2644 i2omgmt - ok
21:55:53.0765 2644 i2omp - ok
21:55:53.0812 2644 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:55:53.0812 2644 i8042prt - ok
21:55:53.0953 2644 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:55:53.0968 2644 idsvc - ok
21:55:54.0031 2644 IDVaultSvc (9eb85e7ee5d408fbd7968e695d088570) C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
21:55:54.0031 2644 IDVaultSvc - ok
21:55:54.0062 2644 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:55:54.0062 2644 Imapi - ok
21:55:54.0109 2644 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:55:54.0109 2644 ImapiService - ok
21:55:54.0140 2644 ini910u - ok
21:55:54.0171 2644 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:55:54.0171 2644 IntelIde - ok
21:55:54.0203 2644 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:55:54.0203 2644 intelppm - ok
21:55:54.0234 2644 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:55:54.0234 2644 Ip6Fw - ok
21:55:54.0265 2644 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:55:54.0281 2644 IpFilterDriver - ok
21:55:54.0296 2644 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:55:54.0296 2644 IpInIp - ok
21:55:54.0328 2644 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:55:54.0328 2644 IpNat - ok
21:55:54.0359 2644 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:55:54.0359 2644 IPSec - ok
21:55:54.0406 2644 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:55:54.0406 2644 IRENUM - ok
21:55:54.0437 2644 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:55:54.0437 2644 isapnp - ok
21:55:54.0500 2644 ITMRTSVC (54f694c6cd3a1149ba3a8bdacc83badc) C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
21:55:54.0500 2644 ITMRTSVC - ok
21:55:54.0562 2644 K56 (a4e3277398c8aba999483d4c658c9696) C:\WINDOWS\system32\DRIVERS\k56nt.sys
21:55:54.0562 2644 K56 - ok
21:55:54.0578 2644 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:55:54.0593 2644 Kbdclass - ok
21:55:54.0640 2644 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:55:54.0640 2644 kmixer - ok
21:55:54.0687 2644 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:55:54.0687 2644 KSecDD - ok
21:55:54.0734 2644 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:55:54.0734 2644 lanmanserver - ok
21:55:54.0781 2644 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:55:54.0781 2644 lanmanworkstation - ok
21:55:54.0796 2644 lbrtfdc - ok
21:55:54.0859 2644 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:55:54.0859 2644 LmHosts - ok
21:55:54.0890 2644 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:55:54.0890 2644 mdmxsdk - ok
21:55:54.0921 2644 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:55:54.0921 2644 Messenger - ok
21:55:55.0031 2644 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:55:55.0031 2644 Microsoft Office Groove Audit Service - ok
21:55:55.0062 2644 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:55:55.0062 2644 mnmdd - ok
21:55:55.0109 2644 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
21:55:55.0109 2644 mnmsrvc - ok
21:55:55.0156 2644 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:55:55.0156 2644 Modem - ok
21:55:55.0171 2644 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
21:55:55.0171 2644 MODEMCSA - ok
21:55:55.0187 2644 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:55:55.0203 2644 Mouclass - ok
21:55:55.0234 2644 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:55:55.0250 2644 mouhid - ok
21:55:55.0296 2644 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:55:55.0296 2644 MountMgr - ok
21:55:55.0328 2644 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
21:55:55.0328 2644 MpFilter - ok
21:55:55.0437 2644 MpKsl0e77bb51 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{56AB4B37-803C-4B08-AE8C-BD3C866A0EA3}\MpKsl0e77bb51.sys
21:55:55.0453 2644 MpKsl0e77bb51 - ok
21:55:55.0468 2644 mraid35x - ok
21:55:55.0500 2644 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:55:55.0500 2644 MRxDAV - ok
21:55:55.0562 2644 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:55:55.0562 2644 MRxSmb - ok
21:55:55.0609 2644 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
21:55:55.0609 2644 MSDTC - ok
21:55:55.0640 2644 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:55:55.0640 2644 Msfs - ok
21:55:55.0656 2644 MSIServer - ok
21:55:55.0703 2644 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:55:55.0703 2644 MSKSSRV - ok
21:55:55.0765 2644 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
21:55:55.0765 2644 MsMpSvc - ok
21:55:55.0796 2644 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:55:55.0796 2644 MSPCLOCK - ok
21:55:55.0812 2644 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:55:55.0812 2644 MSPQM - ok
21:55:55.0859 2644 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:55:55.0859 2644 mssmbios - ok
21:55:55.0890 2644 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:55:55.0906 2644 Mup - ok
21:55:55.0953 2644 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:55:55.0953 2644 napagent - ok
21:55:56.0078 2644 NBService (f46070ddada5c396b1f2ebf1c46dbb08) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
21:55:56.0093 2644 NBService - ok
21:55:56.0140 2644 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:55:56.0140 2644 NDIS - ok
21:55:56.0171 2644 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:55:56.0171 2644 NdisTapi - ok
21:55:56.0187 2644 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:55:56.0187 2644 Ndisuio - ok
21:55:56.0218 2644 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:55:56.0218 2644 NdisWan - ok
21:55:56.0265 2644 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:55:56.0265 2644 NDProxy - ok
21:55:56.0281 2644 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:55:56.0296 2644 NetBIOS - ok
21:55:56.0312 2644 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:55:56.0328 2644 NetBT - ok
21:55:56.0359 2644 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:55:56.0375 2644 NetDDE - ok
21:55:56.0390 2644 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:55:56.0390 2644 NetDDEdsdm - ok
21:55:56.0421 2644 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:55:56.0421 2644 Netlogon - ok
21:55:56.0468 2644 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:55:56.0468 2644 Netman - ok
21:55:56.0578 2644 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:55:56.0578 2644 NetTcpPortSharing - ok
21:55:56.0625 2644 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
21:55:56.0625 2644 Nla - ok
21:55:56.0734 2644 NMIndexingService (433049770b810d7c83c5c94cdb3e09d2) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
21:55:56.0734 2644 NMIndexingService - ok
21:55:56.0765 2644 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:55:56.0781 2644 Npfs - ok
21:55:56.0812 2644 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:55:56.0828 2644 Ntfs - ok
21:55:56.0859 2644 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:55:56.0859 2644 NtLmSsp - ok
21:55:56.0921 2644 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:55:56.0921 2644 NtmsSvc - ok
21:55:56.0984 2644 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:55:56.0984 2644 Null - ok
21:55:57.0109 2644 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:55:57.0140 2644 nv - ok
21:55:57.0218 2644 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:55:57.0218 2644 NwlnkFlt - ok
21:55:57.0234 2644 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:55:57.0234 2644 NwlnkFwd - ok
21:55:57.0343 2644 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:55:57.0359 2644 odserv - ok
21:55:57.0406 2644 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:55:57.0406 2644 ose - ok
21:55:57.0453 2644 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:55:57.0453 2644 Parport - ok
21:55:57.0484 2644 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:55:57.0484 2644 PartMgr - ok
21:55:57.0515 2644 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:55:57.0515 2644 ParVdm - ok
21:55:57.0562 2644 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:55:57.0562 2644 PCI - ok
21:55:57.0578 2644 PCIDump - ok
21:55:57.0609 2644 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
21:55:57.0609 2644 PCIIde - ok
21:55:57.0640 2644 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:55:57.0640 2644 Pcmcia - ok
21:55:57.0656 2644 PDCOMP - ok
21:55:57.0671 2644 PDFRAME - ok
21:55:57.0703 2644 PDRELI - ok
21:55:57.0718 2644 PDRFRAME - ok
21:55:57.0750 2644 perc2 - ok
21:55:57.0765 2644 perc2hib - ok
21:55:57.0859 2644 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:55:57.0859 2644 PlugPlay - ok
21:55:57.0890 2644 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:55:57.0890 2644 PolicyAgent - ok
21:55:57.0906 2644 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:55:57.0921 2644 PptpMiniport - ok
21:55:57.0937 2644 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:55:57.0937 2644 ProtectedStorage - ok
21:55:57.0953 2644 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:55:57.0953 2644 PSched - ok
21:55:58.0000 2644 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:55:58.0000 2644 Ptilink - ok
21:55:58.0015 2644 ql1080 - ok
21:55:58.0031 2644 Ql10wnt - ok
21:55:58.0062 2644 ql12160 - ok
21:55:58.0078 2644 ql1240 - ok
21:55:58.0093 2644 ql1280 - ok
21:55:58.0125 2644 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:55:58.0125 2644 RasAcd - ok
21:55:58.0171 2644 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:55:58.0171 2644 RasAuto - ok
21:55:58.0203 2644 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:55:58.0203 2644 Rasl2tp - ok
21:55:58.0265 2644 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:55:58.0265 2644 RasMan - ok
21:55:58.0296 2644 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:55:58.0312 2644 RasPppoe - ok
21:55:58.0328 2644 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:55:58.0328 2644 Raspti - ok
21:55:58.0375 2644 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:55:58.0375 2644 Rdbss - ok
21:55:58.0390 2644 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:55:58.0390 2644 RDPCDD - ok
21:55:58.0437 2644 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:55:58.0453 2644 rdpdr - ok
21:55:58.0500 2644 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
21:55:58.0500 2644 RDPWD - ok
21:55:58.0562 2644 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:55:58.0562 2644 RDSessMgr - ok
21:55:58.0593 2644 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:55:58.0593 2644 redbook - ok
21:55:58.0656 2644 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:55:58.0656 2644 RemoteAccess - ok
21:55:58.0703 2644 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
21:55:58.0703 2644 RemoteRegistry - ok
21:55:58.0750 2644 Rksample (4c35e57300a2dc5932a8e29efa527c32) C:\WINDOWS\system32\DRIVERS\rksample.sys
21:55:58.0750 2644 Rksample - ok
21:55:58.0796 2644 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
21:55:58.0796 2644 RpcLocator - ok
21:55:58.0843 2644 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
21:55:58.0859 2644 RpcSs - ok
21:55:58.0890 2644 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:55:58.0890 2644 RSVP - ok
21:55:58.0921 2644 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:55:58.0937 2644 SamSs - ok
21:55:58.0984 2644 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:55:58.0984 2644 SCardSvr - ok
21:55:59.0031 2644 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:55:59.0046 2644 Schedule - ok
21:55:59.0140 2644 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
21:55:59.0140 2644 SeaPort - ok
21:55:59.0187 2644 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:55:59.0187 2644 Secdrv - ok
21:55:59.0234 2644 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:55:59.0234 2644 seclogon - ok
21:55:59.0265 2644 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
21:55:59.0265 2644 SENS - ok
21:55:59.0296 2644 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:55:59.0296 2644 serenum - ok
21:55:59.0328 2644 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:55:59.0328 2644 Serial - ok
21:55:59.0390 2644 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:55:59.0390 2644 Sfloppy - ok
21:55:59.0453 2644 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
21:55:59.0453 2644 SharedAccess - ok
21:55:59.0515 2644 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:55:59.0515 2644 ShellHWDetection - ok
21:55:59.0531 2644 Simbad - ok
21:55:59.0593 2644 SoftFax (413cfa795cad19a010889df0ec060408) C:\WINDOWS\system32\DRIVERS\faxnt.sys
21:55:59.0609 2644 SoftFax - ok
21:55:59.0640 2644 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
21:55:59.0640 2644 SONYPVU1 - ok
21:55:59.0656 2644 Sparrow - ok
21:55:59.0687 2644 SpeakerPhone (c11082c80723771c1979eacf7fdde1c3) C:\WINDOWS\system32\DRIVERS\spkpnt.sys
21:55:59.0703 2644 SpeakerPhone - ok
21:55:59.0750 2644 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:55:59.0750 2644 splitter - ok
21:55:59.0781 2644 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:55:59.0781 2644 Spooler - ok
21:55:59.0828 2644 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:55:59.0828 2644 sr - ok
21:55:59.0875 2644 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:55:59.0875 2644 srservice - ok
21:55:59.0921 2644 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:55:59.0937 2644 Srv - ok
21:55:59.0984 2644 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:55:59.0984 2644 SSDPSRV - ok
21:56:00.0046 2644 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:56:00.0062 2644 stisvc - ok
21:56:00.0078 2644 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:56:00.0093 2644 swenum - ok
21:56:00.0125 2644 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:56:00.0125 2644 swmidi - ok
21:56:00.0140 2644 SwPrv - ok
21:56:00.0171 2644 symc810 - ok
21:56:00.0187 2644 symc8xx - ok
21:56:00.0203 2644 sym_hi - ok
21:56:00.0234 2644 sym_u3 - ok
21:56:00.0265 2644 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:56:00.0265 2644 sysaudio - ok
21:56:00.0312 2644 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:56:00.0312 2644 SysmonLog - ok
21:56:00.0359 2644 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:56:00.0359 2644 TapiSrv - ok
21:56:00.0421 2644 tbcspud (b45259cc19ea0a5b8a407923e03df96c) C:\WINDOWS\system32\drivers\tbcspud.sys
21:56:00.0421 2644 tbcspud - ok
21:56:00.0500 2644 tbcwdm (c7480d4478fa45bc83753e3e0b09cb58) C:\WINDOWS\system32\drivers\tbcwdm.sys
21:56:00.0500 2644 tbcwdm - ok
21:56:00.0562 2644 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:56:00.0562 2644 Tcpip - ok
21:56:00.0593 2644 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:56:00.0593 2644 TDPIPE - ok
21:56:00.0625 2644 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:56:00.0625 2644 TDTCP - ok
21:56:00.0656 2644 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:56:00.0656 2644 TermDD - ok
21:56:00.0718 2644 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:56:00.0734 2644 TermService - ok
21:56:00.0781 2644 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:56:00.0781 2644 Themes - ok
21:56:00.0828 2644 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
21:56:00.0828 2644 TlntSvr - ok
21:56:00.0875 2644 Tones (e0f10a379239b4fab319c55a9cd6bc96) C:\WINDOWS\system32\DRIVERS\tonesnt.sys
21:56:00.0875 2644 Tones - ok
21:56:00.0890 2644 TosIde - ok
21:56:00.0937 2644 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:56:00.0937 2644 TrkWks - ok
21:56:00.0984 2644 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:56:00.0984 2644 Udfs - ok
21:56:01.0000 2644 ultra - ok
21:56:01.0062 2644 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:56:01.0078 2644 Update - ok
21:56:01.0109 2644 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:56:01.0125 2644 upnphost - ok
21:56:01.0140 2644 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:56:01.0156 2644 UPS - ok
21:56:01.0187 2644 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:56:01.0187 2644 usbccgp - ok
21:56:01.0234 2644 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:56:01.0234 2644 usbehci - ok
21:56:01.0265 2644 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:56:01.0265 2644 usbhub - ok
21:56:01.0312 2644 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:56:01.0312 2644 usbprint - ok
21:56:01.0328 2644 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:56:01.0328 2644 usbscan - ok
21:56:01.0359 2644 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:56:01.0359 2644 USBSTOR - ok
21:56:01.0406 2644 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:56:01.0406 2644 usbuhci - ok
21:56:01.0453 2644 V124 (177b65899d418f8c8f037b20567a99d6) C:\WINDOWS\system32\DRIVERS\v124nt.sys
21:56:01.0453 2644 V124 - ok
21:56:01.0484 2644 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:56:01.0484 2644 VgaSave - ok
21:56:01.0515 2644 ViaIde - ok
21:56:01.0531 2644 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:56:01.0546 2644 VolSnap - ok
21:56:01.0593 2644 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:56:01.0593 2644 VSS - ok
21:56:01.0656 2644 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
21:56:01.0656 2644 W32Time - ok
21:56:01.0703 2644 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:56:01.0703 2644 Wanarp - ok
21:56:01.0750 2644 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
21:56:01.0750 2644 WDC_SAM - ok
21:56:01.0765 2644 WDICA - ok
21:56:01.0812 2644 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:56:01.0812 2644 wdmaud - ok
21:56:01.0859 2644 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:56:01.0859 2644 WebClient - ok
21:56:01.0937 2644 winachsf (a941aa38e3951058e584c4bbddd56ed9) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:56:01.0937 2644 winachsf - ok
21:56:02.0031 2644 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:56:02.0031 2644 winmgmt - ok
21:56:02.0140 2644 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
21:56:02.0156 2644 WinRM - ok
21:56:02.0234 2644 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:56:02.0234 2644 WmdmPmSN - ok
21:56:02.0312 2644 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
21:56:02.0312 2644 Wmi - ok
21:56:02.0390 2644 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:56:02.0390 2644 WmiApSrv - ok
21:56:02.0546 2644 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:56:02.0562 2644 WMPNetworkSvc - ok
21:56:02.0703 2644 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:56:02.0718 2644 WPFFontCache_v0400 - ok
21:56:02.0781 2644 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:56:02.0781 2644 WS2IFSL - ok
21:56:02.0843 2644 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
21:56:02.0843 2644 wscsvc - ok
21:56:02.0859 2644 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
21:56:02.0859 2644 wuauserv - ok
21:56:02.0906 2644 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:56:02.0906 2644 WudfPf - ok
21:56:02.0937 2644 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:56:02.0937 2644 WudfRd - ok
21:56:02.0968 2644 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:56:02.0968 2644 WudfSvc - ok
21:56:03.0031 2644 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:56:03.0046 2644 WZCSVC - ok
21:56:03.0078 2644 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:56:03.0078 2644 xmlprov - ok
21:56:03.0125 2644 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:56:03.0265 2644 \Device\Harddisk0\DR0 - ok
21:56:03.0265 2644 Boot (0x1200) (2badce2693567a63cfbbf1994547fc92) \Device\Harddisk0\DR0\Partition0
21:56:03.0281 2644 \Device\Harddisk0\DR0\Partition0 - ok
21:56:03.0281 2644 ============================================================
21:56:03.0281 2644 Scan finished
21:56:03.0281 2644 ============================================================
21:56:03.0312 3016 Detected object count: 0
21:56:03.0312 3016 Actual detected object count: 0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:39 PM

Posted 13 May 2012 - 10:46 PM

Greetings

I want you to reset the DMA you can do this by this script here - Reset DMA

If you have problems when you click on the link try to right click on the link and select "Save Target As" and then save to your desktop.
Once it is on your desktop right click on the file and select "Run"

If you still can't run it then you can go here "Reset DMA" to see what I want to do


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 
AtJob::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 rzacharia21

rzacharia21
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 13 May 2012 - 11:15 PM

Combofix log:

ComboFix 12-05-13.03 - Alan 05/13/2012 22:55:00.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.359 [GMT -5:00]
Running from: c:\documents and settings\Alan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Alan\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-14 to 2012-05-14 )))))))))))))))))))))))))))))))
.
.
2012-05-14 03:50 . 2012-05-14 03:50 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{56AB4B37-803C-4B08-AE8C-BD3C866A0EA3}\offreg.dll
2012-05-14 02:55 . 2012-05-14 02:55 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{56AB4B37-803C-4B08-AE8C-BD3C866A0EA3}\MpKsl0e77bb51.sys
2012-05-14 02:12 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{56AB4B37-803C-4B08-AE8C-BD3C866A0EA3}\mpengine.dll
2012-04-23 17:33 . 2012-04-23 17:33 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-04-23 17:33 . 2012-04-23 17:33 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-04-23 17:33 . 2012-04-23 17:33 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-04-23 17:33 . 2012-04-23 17:33 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-04-23 17:33 . 2012-04-23 17:33 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-04-23 17:33 . 2012-04-23 17:33 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-04-23 17:33 . 2012-04-23 17:33 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 07:36 . 2011-09-18 20:58 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-25 39408]
"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-10 153136]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"GIDDesktop"="c:\program files\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"TraySantaCruz"="c:\windows\system32\tbctray.exe" [2002-04-03 290816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Alan\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2012-3-30 5572168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GIDLogonXP]
2011-07-05 15:25 53528 ----a-w- c:\windows\system32\GIDLogonXP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Brother\\BRAdmin Light\\BRAdmLight.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [6/17/2011 9:39 PM 25232]
R1 MpKsl0e77bb51;MpKsl0e77bb51;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{56AB4B37-803C-4B08-AE8C-BD3C866A0EA3}\MpKsl0e77bb51.sys [5/13/2012 9:55 PM 29904]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [6/17/2009 12:49 PM 616408]
R2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [3/30/2012 11:15 AM 65608]
R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [11/13/2010 6:44 PM 144768]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [11/13/2010 6:44 PM 545088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/24/2012 10:56 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/24/2012 10:56 PM 136176]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 7:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 32390834
*NewlyCreated* - ASWMBR
*NewlyCreated* - MPKSL0E77BB51
*NewlyCreated* - MPKSL28E278EA
*Deregistered* - 32390834
*Deregistered* - aswMBR
*Deregistered* - MpKsl28e278ea
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 15:26 435976 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-05-08 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-17 03:12]
.
2012-05-13 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-17 03:12]
.
2012-05-13 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-17 03:12]
.
2012-05-13 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-17 03:12]
.
2012-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-25 03:56]
.
2012-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-25 03:56]
.
2012-05-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-13 23:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\GIDLogonXP.dll
c:\windows\system32\GIDHookLogon.dll
c:\windows\system32\GIDBIN1.dll
c:\windows\system32\WININET.dll
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll
.
- - - - - - - > 'explorer.exe'(3580)
c:\windows\system32\WININET.dll
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll
c:\windows\system32\GIDHook.dll
c:\windows\system32\GIDBIN1.dll
c:\windows\system32\EasyHook32.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-05-13 23:11:09
ComboFix-quarantined-files.txt 2012-05-14 04:11
ComboFix2.txt 2012-05-14 02:06
.
Pre-Run: 58,156,232,704 bytes free
Post-Run: 58,378,260,480 bytes free
.
- - End Of File - - EED8E8700917944A2727F21378DECFE

Computer is still running slow. Let me know what else i can do.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:39 PM

Posted 13 May 2012 - 11:50 PM

Print out these instructions to use while in the Recovery Console:

1.Restart your computer.
2.Before Windows loads, you will be prompted to choose which Operating System to start.
3.Use the up and down arrow key to select Microsoft Windows Recovery Console
4.You must enter which Windows installation to log onto. Type 1 and press 'Enter'.
5.At the C:\Windows prompt, type the following bolded entries, and press 'Enter'

fixmbr
[/list]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 rzacharia21

rzacharia21
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 14 May 2012 - 02:44 PM

Hey Gringo, I did what was asked. The computer seems to be at the same speed and pace, and on top of that, it is telling me that my copy of Windows is counterfeited which I do not believe is the case. I was wondering what else I should do.

#10 rzacharia21

rzacharia21
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 14 May 2012 - 02:59 PM

The speed actually seems better. But like I said, the counterfeit windows problem is now present

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:39 PM

Posted 15 May 2012 - 07:54 AM

Greetings


go to windows update and when asked to validate allow it and if it still comes out bad it should give you some options on how to validate it - you may need to contact Microsoft but they are usually understanding in cases like this


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 rzacharia21

rzacharia21
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 17 May 2012 - 02:24 PM

computer is still slow, and they are making me purchase windows 7 when I had XP due to the fact that XP is no longer available. Given the fact that I know our Windows XP was purchased and is now claimed to be "counterfeit," what other remedies are there available? It seems like we went backwards in this instance because the computer still is not running well, and now I have a "counterfeit" version of XP.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:39 PM

Posted 17 May 2012 - 02:37 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 rzacharia21

rzacharia21
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 19 May 2012 - 11:29 PM

here is the OTL

OTL logfile created on: 5/19/2012 11:17:07 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Alan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.80 Mb Total Physical Memory | 346.10 Mb Available Physical Memory | 33.84% Memory free
2.40 Gb Paging File | 1.77 Gb Available in Paging File | 73.84% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 51.44 Gb Free Space | 69.03% Space Free | Partition Type: NTFS

Computer Name: ALAN-16E25EFA80 | User Name: Alan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Alan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe (White Sky, Inc.)
PRC - C:\Program Files\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\SFT\GuardedID\GIDD.exe (StrikeForce Technologies Inc.)
PRC - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe ()
PRC - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()
PRC - C:\WINDOWS\system32\WgaTray.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe (CA, Inc.)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\WINDOWS\system32\tbctray.exe (Voyetra Turtle Beach, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\822f2304c46ad32739ae2927f213627f\System.WorkflowServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\3e11aea7d742b5eddbd0b6bd1012f7df\System.Web.Services.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\408a14028cdc4c24dfb8f241da428142\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\dff877744c0f7f8752eb356f27edfa59\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\97d635f5c656ae43d94b55e67fc4ab50\System.ServiceModel.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\129b15861e200613ff78ae15581f9093\System.Security.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\660c4d6dd69ef22bc05587e1998cd135\SMDiagnostics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\bc254d2fa26664898ae21d45643bc194\System.ServiceModel.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\505e12638acd6fdb22e1fd2d4c6fc232\System.Runtime.Serialization.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\e09496ddb2bf6f3b69707924f2e6b5ff\System.IdentityModel.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\abc560ee41afeada750e6aa7afc534bb\WindowsFormsIntegration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\f121ccced1aa14badb316d8d9be5154d\UIAutomationProvider.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\32b169d0703541a18c987bd2dbf9fbd9\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7765146be2fa459c20856ff822f90d1e\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b44d2b225cf6b7861e85b2e915db1f93\PresentationFramework.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\9f4f33d28527d761c7483d6960862684\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll ()
MOD - C:\Program Files\Constant Guard Protection Suite\IdVaultCore.XmlSerializers.dll ()
MOD - C:\Program Files\Constant Guard Protection Suite\sqlite3.dll ()
MOD - C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll ()
MOD - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe ()
MOD - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()
MOD - C:\WINDOWS\system32\EasyHook32.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (IDVaultSvc) -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe (White Sky, Inc.)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AntiSpywareService) -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()
SRV - (ITMRTSVC) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe (CA, Inc.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Alan\LOCALS~1\Temp\catchme.sys File not found
DRV - (GIDv2) -- C:\WINDOWS\System32\drivers\gidv2.sys (StrikeForce Technologies, Inc.)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (tbcwdm) -- C:\WINDOWS\system32\drivers\tbcwdm.sys (Voyetra Turtle Beach)
DRV - (tbcspud) -- C:\WINDOWS\system32\drivers\tbcspud.sys (Voyetra Turtle Beach)
DRV - (DM9102) DAVICOM 9102(A) -- C:\WINDOWS\system32\drivers\DM9PCI5.SYS (CNet Technology, Inc. )
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\hsf_cnxt.sys (Conexant Systems)
DRV - (SpeakerPhone) -- C:\WINDOWS\system32\drivers\spkpnt.sys (Conexant Systems)
DRV - (K56) -- C:\WINDOWS\system32\drivers\k56nt.sys (Conexant Systems)
DRV - (Fsks) -- C:\WINDOWS\system32\drivers\fsksnt.sys (Conexant Systems)
DRV - (SoftFax) -- C:\WINDOWS\system32\drivers\faxnt.sys (Conexant Systems)
DRV - (Tones) -- C:\WINDOWS\system32\drivers\tonesnt.sys (Conexant Systems)
DRV - (Fallback) -- C:\WINDOWS\system32\drivers\fallback.sys (Conexant Systems)
DRV - (basic2) -- C:\WINDOWS\system32\drivers\basic2.sys (Conexant Systems)
DRV - (Rksample) -- C:\WINDOWS\system32\drivers\rksample.sys (Conexant Systems)
DRV - (V124) -- C:\WINDOWS\system32\drivers\v124nt.sys (Conexant Systems)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {971F354F-2244-4EBC-AC08-C552F80C0CC3}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{971F354F-2244-4EBC-AC08-C552F80C0CC3}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-790525478-179605362-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-790525478-179605362-1417001333-1003\..\SearchScopes,DefaultScope = {971F354F-2244-4EBC-AC08-C552F80C0CC3}
IE - HKU\S-1-5-21-790525478-179605362-1417001333-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-790525478-179605362-1417001333-1003\..\SearchScopes\{971F354F-2244-4EBC-AC08-C552F80C0CC3}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS468
IE - HKU\S-1-5-21-790525478-179605362-1417001333-1003\..\SearchScopes\{BAC665F2-5D4B-4704-915B-53D686FF280F}: "URL" = http://www.bing.com/search?FORM=IPGTDF&PC=IPGTDF&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-790525478-179605362-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012/02/27 15:34:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012/02/27 15:34:37 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
CHR - Extension: Gmail = C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/13 21:00:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files\xfin_portal\comcastdx.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Constant Guard Protection Suite (COM)) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files\Constant Guard Protection Suite\NativeBHO.dll (WhiteSky)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll (Visicom Media)
O3 - HKLM\..\Toolbar: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files\xfin_portal\comcastdx.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [GIDDesktop] C:\Program Files\SFT\GuardedID\gidd.exe (StrikeForce Technologies Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe (Voyetra Turtle Beach, Inc.)
O4 - HKU\S-1-5-21-790525478-179605362-1417001333-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-790525478-179605362-1417001333-1003..\Run: [ComcastAntispyClient] C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Constant Guard.lnk = C:\Program Files\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-179605362-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-790525478-179605362-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-790525478-179605362-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-790525478-179605362-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289532921890 (WUWebControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8708423-57E4-4AC4-B837-C488E8851312}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GIDLogonXP: DllName - (GIDLogonXP.dll) - C:\WINDOWS\System32\GIDLogonXP.dll (StrikeForce Technologies Inc)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/11 22:23:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/19 23:16:10 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alan\Desktop\OTL.exe
[2012/05/19 20:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/05/19 20:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/05/19 20:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2012/05/17 22:56:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/17 14:25:41 | 000,139,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2012/05/17 14:24:31 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2012/05/15 16:48:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService
[2012/05/14 20:52:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/05/14 20:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Desktop\5261 W. Jarvis Ave
[2012/05/13 23:51:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Desktop\Fixing Computer
[2012/05/13 23:11:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/05/13 20:39:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/05/13 20:35:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/13 20:35:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/13 20:35:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/13 20:35:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/05/13 20:34:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/05/13 20:28:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/20 20:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/19 23:17:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/19 23:16:12 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alan\Desktop\OTL.exe
[2012/05/19 22:16:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/19 20:54:00 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/05/19 20:40:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/05/19 14:34:10 | 000,505,802 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/19 14:34:10 | 000,089,140 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/19 14:32:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/19 14:30:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/05/19 14:00:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/05/19 13:25:37 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/05/19 13:15:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/19 13:15:23 | 1072,549,888 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/19 01:11:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/18 16:28:41 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/05/18 10:23:46 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/17 23:21:43 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/05/16 20:26:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/15 16:47:40 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\Continue Video Performer installation.lnk
[2012/05/13 21:00:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/13 20:39:52 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/05/12 16:17:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Alan\defogger_reenable
[2012/05/11 21:17:44 | 000,114,593 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\Mar Melis-SBS.html
[2012/05/08 10:10:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/04/28 14:33:32 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/04/20 20:19:45 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/19 20:54:00 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/05/19 01:13:34 | 000,159,672 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/05/18 10:34:34 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/05/17 23:21:36 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/05/17 14:24:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/05/17 14:24:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/05/15 16:47:40 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Alan\Desktop\Continue Video Performer installation.lnk
[2012/05/13 20:39:52 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/05/13 20:39:47 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/05/13 20:35:58 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/05/13 20:35:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/05/13 20:35:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/13 20:35:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/13 20:35:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/12 16:17:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Alan\defogger_reenable
[2012/05/11 21:17:33 | 000,114,593 | ---- | C] () -- C:\Documents and Settings\Alan\Desktop\Mar Melis-SBS.html
[2012/04/20 20:19:45 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2012/01/04 12:50:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2012/01/04 12:50:23 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2012/01/04 12:50:23 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM10A.DAT
[2011/06/08 13:34:03 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD7340.DAT
[2010/12/04 16:07:35 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/25 16:15:11 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/11/22 15:46:27 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/11/13 18:44:10 | 000,000,012 | ---- | C] () -- C:\WINDOWS\WinInit.INI
[2010/11/13 15:47:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/11 22:29:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/11/11 22:17:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/11 17:08:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/11 17:05:18 | 000,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

< End of report >

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:39 PM

Posted 19 May 2012 - 11:54 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    MOD - C:\WINDOWS\system32\EasyHook32.dll ():Files
    C:\WINDOWS\tasks\At*.job
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users