Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Home sp3 can't update/scan w/ MSSE or MBAM


  • Please log in to reply
16 replies to this topic

#1 Darkwood

Darkwood

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 18 May 2012 - 02:38 PM

Hi,

This computer won't scan, (wouldn't run regedit or msconfig or taskmanager - now fixed). I took the drive out & mounted it in another computer & loaded registry hives. I removed a bunch of random name .exe files in the HKLM\software\microsoft\windows\currentversion\run & runonce that were located in the \windows\system32 directory. I then right-clicked & scaned with both MBAM pro & MSSecurity Essentials. It found a problem in firefox, but that's all.

Back in the other computer, these programs time-out on update. I ran Hitman Pro but it didn't find anything. The computer re-starts during MBAM scans.
Since I deleted the reg entries, I can run regedit, & msconfig, but there is still an infection.

Thanks so much (in advance) for your help. This is a GREAT resource.

Mike

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:09 PM

Posted 18 May 2012 - 04:54 PM

Boot the PC into safemode with networking

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 Darkwood

Darkwood
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 18 May 2012 - 05:23 PM

Comp won't start in safe mode. Goes through the list of drivers & re-starts. Tried running TDSSKiller in normal mode, it found 4 threats, then hung.

15:02:47.0125 3864 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
15:02:48.0859 3864 ============================================================
15:02:48.0859 3864 Current date / time: 2012/05/18 15:02:48.0859
15:02:48.0859 3864 SystemInfo:
15:02:48.0859 3864
15:02:48.0859 3864 OS Version: 5.1.2600 ServicePack: 3.0
15:02:48.0859 3864 Product type: Workstation
15:02:48.0859 3864 ComputerName: COMQRAP
15:02:48.0859 3864 UserName: Robyn
15:02:48.0859 3864 Windows directory: C:\WINDOWS
15:02:48.0859 3864 System windows directory: C:\WINDOWS
15:02:48.0859 3864 Processor architecture: Intel x86
15:02:48.0859 3864 Number of processors: 1
15:02:48.0859 3864 Page size: 0x1000
15:02:48.0859 3864 Boot type: Normal boot
15:02:48.0859 3864 ============================================================
15:02:52.0265 3864 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:02:52.0281 3864 Drive \Device\Harddisk1\DR2 - Size: 0xEFBFFE00 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:02:52.0281 3864 ============================================================
15:02:52.0281 3864 \Device\Harddisk0\DR0:
15:02:52.0281 3864 MBR partitions:
15:02:52.0281 3864 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF8F8C1
15:02:52.0281 3864 \Device\Harddisk1\DR2:
15:02:52.0281 3864 MBR partitions:
15:02:52.0281 3864 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xB, StartLBA 0x26, BlocksNum 0x779FC2
15:02:52.0281 3864 ============================================================
15:02:52.0406 3864 C: <-> \Device\Harddisk0\DR0\Partition0
15:02:52.0406 3864 ============================================================
15:02:52.0406 3864 Initialize success
15:02:52.0406 3864 ============================================================
15:03:16.0781 1752 ============================================================
15:03:16.0781 1752 Scan started
15:03:16.0781 1752 Mode: Manual; TDLFS;
15:03:16.0781 1752 ============================================================
15:03:20.0828 1752 Abiosdsk - ok
15:03:20.0843 1752 abp480n5 - ok
15:03:20.0937 1752 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:03:21.0015 1752 ACPI - ok
15:03:21.0062 1752 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:03:21.0125 1752 ACPIEC - ok
15:03:21.0312 1752 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:03:21.0343 1752 AdobeFlashPlayerUpdateSvc - ok
15:03:21.0359 1752 adpu160m - ok
15:03:22.0171 1752 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:03:22.0250 1752 aec - ok
15:03:22.0437 1752 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:03:22.0500 1752 AFD - ok
15:03:22.0593 1752 AgereModemAudio (6416f9b6b220f0a890525c38235afad7) C:\Program Files\LSI SoftModem\agrsmsvc.exe
15:03:22.0593 1752 AgereModemAudio - ok
15:03:23.0500 1752 AgereSoftModem (7560f465f1ce69c53bf17559ee195548) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
15:03:23.0734 1752 AgereSoftModem - ok
15:03:23.0750 1752 Aha154x - ok
15:03:23.0765 1752 aic78u2 - ok
15:03:23.0765 1752 aic78xx - ok
15:03:23.0875 1752 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
15:03:23.0875 1752 Alerter - ok
15:03:24.0031 1752 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
15:03:24.0031 1752 ALG - ok
15:03:24.0046 1752 AliIde - ok
15:03:24.0171 1752 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
15:03:24.0171 1752 AmdPPM - ok
15:03:24.0187 1752 amsint - ok
15:03:24.0781 1752 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:03:24.0796 1752 Apple Mobile Device - ok
15:03:24.0812 1752 AppMgmt - ok
15:03:24.0828 1752 asc - ok
15:03:24.0843 1752 asc3350p - ok
15:03:24.0859 1752 asc3550 - ok
15:03:25.0218 1752 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:03:25.0562 1752 aspnet_state - ok
15:03:26.0046 1752 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:03:26.0109 1752 AsyncMac - ok
15:03:26.0546 1752 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:03:26.0562 1752 atapi - ok
15:03:26.0578 1752 Atdisk - ok
15:03:26.0640 1752 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:03:26.0687 1752 Atmarpc - ok
15:03:26.0875 1752 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
15:03:26.0875 1752 AudioSrv - ok
15:03:26.0937 1752 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:03:26.0968 1752 audstub - ok
15:03:35.0031 1752 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\avgidsagent.exe
15:03:38.0015 1752 AVGIDSAgent - ok
15:03:39.0750 1752 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
15:03:39.0765 1752 AVGIDSDriver - ok
15:03:39.0812 1752 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
15:03:39.0812 1752 AVGIDSFilter - ok
15:03:39.0953 1752 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
15:03:40.0000 1752 AVGIDSHX - ok
15:03:40.0093 1752 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
15:03:40.0093 1752 AVGIDSShim - ok
15:03:41.0203 1752 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
15:03:41.0218 1752 Avgldx86 - ok
15:03:41.0484 1752 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
15:03:41.0500 1752 Avgmfx86 - ok
15:03:41.0671 1752 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
15:03:41.0687 1752 Avgrkx86 - ok
15:03:41.0890 1752 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
15:03:41.0906 1752 Avgtdix - ok
15:03:43.0187 1752 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
15:03:43.0203 1752 avgwd - ok
15:03:43.0281 1752 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:03:43.0281 1752 Beep - ok
15:03:43.0578 1752 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
15:03:43.0750 1752 BITS - ok
15:03:44.0156 1752 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
15:03:44.0171 1752 Bonjour Service - ok
15:03:44.0546 1752 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
15:03:44.0546 1752 Browser - ok
15:03:44.0734 1752 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:03:44.0984 1752 cbidf2k - ok
15:03:45.0062 1752 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:03:45.0078 1752 CCDECODE - ok
15:03:45.0109 1752 cd20xrnt - ok
15:03:45.0218 1752 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:03:45.0265 1752 Cdaudio - ok
15:03:45.0687 1752 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:03:45.0703 1752 Cdfs - ok
15:03:45.0796 1752 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:03:45.0812 1752 Cdrom - ok
15:03:45.0828 1752 Changer - ok
15:03:45.0906 1752 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
15:03:45.0921 1752 CiSvc - ok
15:03:46.0234 1752 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
15:03:46.0234 1752 ClipSrv - ok
15:03:46.0515 1752 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:03:47.0359 1752 clr_optimization_v2.0.50727_32 - ok
15:03:47.0359 1752 CmdIde - ok
15:03:47.0375 1752 COMSysApp - ok
15:03:47.0421 1752 Cpqarray - ok
15:03:47.0593 1752 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
15:03:47.0593 1752 CryptSvc - ok
15:03:47.0609 1752 dac2w2k - ok
15:03:47.0625 1752 dac960nt - ok
15:03:49.0796 1752 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:03:49.0812 1752 DcomLaunch - ok
15:03:51.0921 1752 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
15:03:51.0937 1752 Dhcp - ok
15:03:52.0187 1752 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:03:52.0265 1752 Disk - ok
15:03:52.0265 1752 dmadmin - ok
15:03:53.0609 1752 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:03:53.0875 1752 dmboot - ok
15:03:54.0390 1752 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:03:54.0421 1752 dmio - ok
15:03:54.0718 1752 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:03:54.0750 1752 dmload - ok
15:03:54.0875 1752 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
15:03:54.0921 1752 dmserver - ok
15:03:55.0125 1752 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:03:55.0156 1752 DMusic - ok
15:03:55.0421 1752 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
15:03:55.0421 1752 Dnscache - ok
15:03:55.0656 1752 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
15:03:55.0734 1752 Dot3svc - ok
15:03:56.0046 1752 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
15:03:56.0156 1752 dot4 - ok
15:03:56.0296 1752 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
15:03:56.0312 1752 Dot4Print - ok
15:03:56.0421 1752 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
15:03:56.0437 1752 Dot4Scan - ok
15:03:56.0484 1752 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
15:03:56.0484 1752 dot4usb - ok
15:03:56.0500 1752 dpti2o - ok
15:03:56.0578 1752 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:03:56.0578 1752 drmkaud - ok
15:03:56.0703 1752 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
15:03:56.0718 1752 EapHost - ok
15:03:56.0796 1752 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
15:03:56.0796 1752 ERSvc - ok
15:03:56.0921 1752 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:03:56.0921 1752 Eventlog - ok
15:03:56.0984 1752 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
15:03:57.0000 1752 EventSystem - ok
15:03:57.0140 1752 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:03:57.0156 1752 Fastfat - ok
15:03:57.0218 1752 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:03:57.0250 1752 FastUserSwitchingCompatibility - ok
15:03:57.0312 1752 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
15:03:57.0312 1752 Fdc - ok
15:03:57.0343 1752 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:03:57.0343 1752 Fips - ok
15:03:57.0390 1752 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:03:57.0390 1752 Flpydisk - ok
15:03:57.0437 1752 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:03:57.0453 1752 FltMgr - ok
15:03:57.0578 1752 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:03:57.0578 1752 FontCache3.0.0.0 - ok
15:03:57.0625 1752 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:03:57.0625 1752 Fs_Rec - ok
15:03:57.0734 1752 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:03:57.0734 1752 Ftdisk - ok
15:03:57.0765 1752 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:03:57.0765 1752 GEARAspiWDM - ok
15:03:57.0812 1752 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:03:57.0812 1752 Gpc - ok
15:03:57.0875 1752 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:03:57.0875 1752 HDAudBus - ok
15:03:57.0953 1752 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:03:57.0953 1752 helpsvc - ok
15:03:58.0078 1752 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
15:03:58.0078 1752 HidServ - ok
15:03:58.0125 1752 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:03:58.0218 1752 HidUsb - ok
15:03:58.0328 1752 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
15:03:58.0343 1752 hkmsvc - ok
15:03:58.0359 1752 hpn - ok
15:03:58.0421 1752 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:03:58.0421 1752 HTTP - ok
15:03:58.0468 1752 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
15:03:58.0468 1752 HTTPFilter - ok
15:03:58.0484 1752 i2omgmt - ok
15:03:58.0500 1752 i2omp - ok
15:03:58.0562 1752 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:03:58.0562 1752 i8042prt - ok
15:03:58.0796 1752 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:03:58.0859 1752 idsvc - ok
15:03:58.0875 1752 idtvvtrh - ok
15:03:58.0921 1752 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:03:58.0937 1752 Imapi - ok
15:03:58.0984 1752 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
15:03:59.0015 1752 ImapiService - ok
15:03:59.0046 1752 ini910u - ok
15:03:59.0296 1752 IntcAzAudAddService (14b48553be78472d2bd3a518658a1710) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:03:59.0359 1752 IntcAzAudAddService - ok
15:03:59.0453 1752 IntelIde - ok
15:03:59.0609 1752 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:03:59.0656 1752 Ip6Fw - ok
15:03:59.0718 1752 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:03:59.0718 1752 IpFilterDriver - ok
15:03:59.0781 1752 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:03:59.0906 1752 IpInIp - ok
15:04:00.0015 1752 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:04:00.0093 1752 IpNat - ok
15:04:00.0406 1752 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
15:04:00.0421 1752 iPod Service - ok
15:04:00.0500 1752 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:04:00.0515 1752 IPSec - ok
15:04:00.0578 1752 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:04:00.0593 1752 IRENUM - ok
15:04:00.0671 1752 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:04:00.0671 1752 isapnp - ok
15:04:00.0796 1752 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
15:04:00.0796 1752 JavaQuickStarterService - ok
15:04:00.0859 1752 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:04:00.0859 1752 Kbdclass - ok
15:04:00.0890 1752 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:04:00.0890 1752 kbdhid - ok
15:04:00.0937 1752 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:04:00.0937 1752 kmixer - ok
15:04:01.0000 1752 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:04:01.0000 1752 KSecDD - ok
15:04:01.0046 1752 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
15:04:01.0062 1752 LanmanServer - ok
15:04:01.0109 1752 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
15:04:01.0109 1752 lanmanworkstation - ok
15:04:01.0125 1752 lbrtfdc - ok
15:04:01.0187 1752 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
15:04:01.0187 1752 LmHosts - ok
15:04:01.0234 1752 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
15:04:01.0234 1752 MBAMProtector - ok
15:04:01.0359 1752 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:04:01.0375 1752 MBAMService - ok
15:04:01.0437 1752 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
15:04:01.0437 1752 MBAMSwissArmy - ok
15:04:01.0484 1752 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
15:04:01.0500 1752 Messenger - ok
15:04:01.0562 1752 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:04:01.0562 1752 mnmdd - ok
15:04:01.0593 1752 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
15:04:01.0593 1752 mnmsrvc - ok
15:04:01.0640 1752 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:04:01.0640 1752 Modem - ok
15:04:01.0656 1752 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:04:01.0656 1752 Mouclass - ok
15:04:01.0718 1752 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:04:01.0718 1752 mouhid - ok
15:04:01.0781 1752 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:04:01.0781 1752 MountMgr - ok
15:04:01.0843 1752 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:04:01.0859 1752 MozillaMaintenance - ok
15:04:01.0875 1752 mraid35x - ok
15:04:02.0296 1752 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:04:02.0312 1752 MRxDAV - ok
15:04:02.0375 1752 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:04:02.0406 1752 MRxSmb - ok
15:04:02.0437 1752 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
15:04:02.0453 1752 MSDTC - ok
15:04:02.0500 1752 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:04:02.0500 1752 Msfs - ok
15:04:02.0500 1752 MSIServer - ok
15:04:02.0562 1752 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:04:02.0562 1752 MSKSSRV - ok
15:04:02.0625 1752 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:04:02.0625 1752 MSPCLOCK - ok
15:04:02.0687 1752 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:04:02.0687 1752 MSPQM - ok
15:04:02.0750 1752 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:04:02.0750 1752 mssmbios - ok
15:04:02.0796 1752 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:04:02.0812 1752 MSTEE - ok
15:04:02.0859 1752 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:04:02.0859 1752 Mup - ok
15:04:02.0921 1752 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:04:02.0921 1752 NABTSFEC - ok
15:04:02.0984 1752 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
15:04:03.0000 1752 Suspicious file (Forged): C:\WINDOWS\System32\qagentrt.dll. Real md5: 0102140028fad045756796e1c685d695, Fake md5: 66ee4bc25370412d1d7d506395c9e191
15:04:03.0000 1752 napagent ( ForgedFile.Multi.Generic ) - warning
15:04:03.0000 1752 napagent - detected ForgedFile.Multi.Generic (1)
15:04:03.0031 1752 NDIS (3dc12250cbddf93dd5840a70d714476d) C:\WINDOWS\system32\drivers\NDIS.sys
15:04:03.0046 1752 Suspicious file (Forged): C:\WINDOWS\system32\drivers\NDIS.sys. Real md5: 3dc12250cbddf93dd5840a70d714476d, Fake md5: 1df7f42665c94b825322fae71721130d
15:04:03.0046 1752 NDIS ( ForgedFile.Multi.Generic ) - warning
15:04:03.0046 1752 NDIS - detected ForgedFile.Multi.Generic (1)
15:04:03.0093 1752 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:04:03.0109 1752 NdisIP - ok
15:04:03.0156 1752 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:04:03.0156 1752 NdisTapi - ok
15:04:03.0203 1752 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:04:03.0203 1752 Ndisuio - ok
15:04:03.0250 1752 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:04:03.0265 1752 NdisWan - ok
15:04:03.0312 1752 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:04:03.0312 1752 NDProxy - ok
15:04:03.0375 1752 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:04:03.0375 1752 NetBIOS - ok
15:04:03.0406 1752 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:04:03.0421 1752 NetBT - ok
15:04:03.0468 1752 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:04:03.0484 1752 NetDDE - ok
15:04:03.0500 1752 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:04:03.0500 1752 NetDDEdsdm - ok
15:04:03.0546 1752 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:04:03.0546 1752 Netlogon - ok
15:04:03.0593 1752 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
15:04:03.0609 1752 Suspicious file (Forged): C:\WINDOWS\System32\netman.dll. Real md5: 13e67b55b3abd7bf3fe7aae5a0f9a9de, Fake md5: e21e0c421738b3c382f4caaa8f7d8fd5
15:04:03.0609 1752 Netman ( ForgedFile.Multi.Generic ) - warning
15:04:03.0609 1752 Netman - detected ForgedFile.Multi.Generic (1)
15:04:03.0718 1752 NetTcpPortSharing (557c76ff17a71c4f046f3225a5c65a1c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:04:03.0734 1752 Suspicious file (Forged): c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe. Real md5: 557c76ff17a71c4f046f3225a5c65a1c, Fake md5: d34612c5d02d026535b3095d620626ae
15:04:03.0734 1752 NetTcpPortSharing ( ForgedFile.Multi.Generic ) - warning
15:04:03.0734 1752 NetTcpPortSharing - detected ForgedFile.Multi.Generic (1)
15:04:03.0781 1752 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
15:04:03.0781 1752 Nla - ok
15:04:03.0843 1752 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys
15:04:03.0843 1752 NPF - ok
15:04:03.0890 1752 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:04:03.0890 1752 Npfs - ok
15:04:03.0968 1752 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:04:03.0984 1752 Ntfs - ok
15:04:04.0000 1752 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:04:04.0000 1752 NtLmSsp - ok
15:04:04.0062 1752 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
15:04:04.0109 1752 NtmsSvc - ok
15:04:04.0140 1752 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:04:04.0140 1752 Null - ok
15:04:04.0312 1752 nv (642a87877f83313eb5302749cd479024) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:04:04.0421 1752 nv - ok
15:04:04.0531 1752 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
15:04:04.0531 1752 NVENETFD - ok
15:04:04.0578 1752 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
15:04:04.0578 1752 nvnetbus - ok
15:04:04.0640 1752 NVSvc (b0903c021bfcd6055c053a569ef98aef) C:\WINDOWS\system32\nvsvc32.exe
15:04:04.0640 1752 NVSvc - ok
15:04:04.0703 1752 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:04:04.0703 1752 NwlnkFlt - ok
15:04:04.0734 1752 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:04:04.0734 1752 NwlnkFwd - ok
15:04:04.0781 1752 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
15:04:04.0796 1752 Parport - ok
15:04:04.0828 1752 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:04:04.0843 1752 PartMgr - ok
15:04:04.0890 1752 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:04:04.0906 1752 ParVdm - ok
15:04:04.0953 1752 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:04:04.0953 1752 PCI - ok
15:04:04.0968 1752 PCIDump - ok
15:04:05.0015 1752 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:04:05.0015 1752 PCIIde - ok
15:04:05.0078 1752 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:04:05.0093 1752 Pcmcia - ok
15:04:05.0109 1752 PDCOMP - ok
15:04:05.0109 1752 PDFRAME - ok
15:04:05.0125 1752 PDRELI - ok
15:04:05.0140 1752 PDRFRAME - ok
15:04:05.0156 1752 perc2 - ok
15:04:05.0171 1752 perc2hib - ok
15:04:05.0250 1752 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:04:05.0250 1752 PlugPlay - ok
15:04:05.0281 1752 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:04:05.0281 1752 PolicyAgent - ok
15:04:05.0343 1752 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:04:05.0343 1752 PptpMiniport - ok
15:04:05.0390 1752 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
15:04:05.0390 1752 Processor - ok
15:04:05.0406 1752 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:04:05.0406 1752 ProtectedStorage - ok
15:04:05.0437 1752 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:04:05.0437 1752 PSched - ok
15:04:05.0468 1752 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:04:05.0484 1752 Ptilink - ok
15:04:05.0500 1752 ql1080 - ok
15:04:05.0515 1752 Ql10wnt - ok
15:04:05.0531 1752 ql12160 - ok
15:04:05.0546 1752 ql1240 - ok
15:04:05.0562 1752 ql1280 - ok
15:04:05.0593 1752 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:04:05.0593 1752 RasAcd - ok
15:04:05.0640 1752 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
15:04:05.0656 1752 RasAuto - ok
15:04:05.0687 1752 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:04:05.0703 1752 Rasl2tp - ok
15:04:05.0734 1752 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
15:04:05.0734 1752 RasMan - ok
15:04:05.0750 1752 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:04:05.0765 1752 RasPppoe - ok
15:04:05.0765 1752 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:04:05.0781 1752 Raspti - ok
15:04:05.0828 1752 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:04:05.0828 1752 Rdbss - ok
15:04:05.0859 1752 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:04:05.0859 1752 RDPCDD - ok
15:04:05.0921 1752 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
15:04:05.0921 1752 RDPWD - ok
15:04:05.0984 1752 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
15:04:06.0000 1752 RDSessMgr - ok
15:04:06.0046 1752 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:04:06.0046 1752 redbook - ok
15:04:06.0093 1752 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
15:04:06.0109 1752 RemoteAccess - ok
15:04:06.0140 1752 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
15:04:06.0156 1752 RpcLocator - ok
15:04:06.0187 1752 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:04:06.0203 1752 RpcSs - ok
15:04:06.0250 1752 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
15:04:06.0265 1752 RSVP - ok
15:04:06.0296 1752 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:04:06.0296 1752 SamSs - ok
15:04:06.0359 1752 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
15:04:06.0359 1752 SCardSvr - ok
15:04:06.0421 1752 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
15:04:06.0437 1752 Schedule - ok
15:04:06.0500 1752 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:04:06.0500 1752 Secdrv - ok
15:04:06.0578 1752 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
15:04:06.0578 1752 seclogon - ok
15:04:06.0593 1752 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
15:04:06.0609 1752 SENS - ok
15:04:06.0640 1752 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
15:04:06.0656 1752 Serial - ok
15:04:06.0718 1752 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:04:06.0718 1752 Sfloppy - ok
15:04:06.0796 1752 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
15:04:06.0812 1752 SharedAccess - ok
15:04:06.0859 1752 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:04:06.0875 1752 ShellHWDetection - ok
15:04:06.0890 1752 Simbad - ok
15:04:06.0968 1752 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
15:04:06.0968 1752 SkypeUpdate - ok
15:04:07.0031 1752 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:04:07.0031 1752 SLIP - ok
15:04:07.0046 1752 Sparrow - ok
15:04:07.0109 1752 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:04:07.0125 1752 splitter - ok
15:04:07.0171 1752 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:04:07.0171 1752 Spooler - ok
15:04:07.0218 1752 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:04:07.0218 1752 sr - ok
15:04:07.0265 1752 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
15:04:07.0281 1752 srservice - ok
15:04:07.0375 1752 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:04:07.0390 1752 Srv - ok
15:04:07.0421 1752 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
15:04:07.0421 1752 SSDPSRV - ok
15:04:07.0468 1752 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
15:04:07.0468 1752 StillCam - ok
15:04:07.0546 1752 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
15:04:07.0562 1752 stisvc - ok
15:04:07.0625 1752 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:04:07.0625 1752 streamip - ok
15:04:07.0671 1752 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:04:07.0671 1752 swenum - ok
15:04:07.0718 1752 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:04:07.0718 1752 swmidi - ok
15:04:07.0734 1752 SwPrv - ok
15:04:07.0750 1752 symc810 - ok
15:04:07.0765 1752 symc8xx - ok
15:04:07.0781 1752 sym_hi - ok
15:04:07.0781 1752 sym_u3 - ok
15:04:07.0843 1752 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:04:07.0843 1752 sysaudio - ok
15:04:07.0906 1752 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
15:04:07.0906 1752 SysmonLog - ok
15:04:07.0953 1752 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
15:04:07.0953 1752 TapiSrv - ok
15:04:08.0015 1752 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:04:08.0031 1752 Tcpip - ok
15:04:08.0078 1752 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:04:08.0093 1752 TDPIPE - ok
15:04:08.0140 1752 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:04:08.0140 1752 TDTCP - ok
15:04:08.0203 1752 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:04:08.0203 1752 TermDD - ok
15:04:08.0234 1752 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
15:04:08.0250 1752 TermService - ok
15:04:08.0296 1752 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:04:08.0312 1752 Themes - ok
15:04:08.0328 1752 TosIde - ok
15:04:08.0421 1752 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
15:04:08.0421 1752 TrkWks - ok
15:04:08.0515 1752 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:04:08.0515 1752 Udfs - ok
15:04:08.0515 1752 ultra - ok
15:04:08.0593 1752 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:04:08.0609 1752 Update - ok
15:04:08.0671 1752 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
15:04:08.0687 1752 upnphost - ok
15:04:08.0734 1752 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
15:04:08.0734 1752 UPS - ok
15:04:08.0796 1752 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:04:08.0796 1752 USBAAPL - ok
15:04:08.0843 1752 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
15:04:08.0859 1752 usbaudio - ok
15:04:08.0906 1752 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:04:08.0906 1752 usbccgp - ok
15:04:08.0953 1752 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:04:08.0953 1752 usbehci - ok
15:04:09.0000 1752 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:04:09.0000 1752 usbhub - ok
15:04:09.0031 1752 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:04:09.0031 1752 usbohci - ok
15:04:09.0078 1752 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:04:09.0093 1752 usbprint - ok
15:04:09.0156 1752 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:04:09.0156 1752 usbscan - ok
15:04:09.0234 1752 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:04:09.0234 1752 USBSTOR - ok
15:04:09.0296 1752 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
15:04:09.0296 1752 usbvideo - ok
15:04:09.0343 1752 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:04:09.0343 1752 VgaSave - ok
15:04:09.0359 1752 ViaIde - ok
15:04:09.0421 1752 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:04:09.0421 1752 VolSnap - ok
15:04:09.0484 1752 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
15:04:09.0500 1752 VSS - ok
15:04:09.0546 1752 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
15:04:09.0562 1752 W32Time - ok
15:04:09.0609 1752 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:04:09.0609 1752 Wanarp - ok
15:04:09.0625 1752 WDICA - ok
15:04:09.0671 1752 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:04:09.0687 1752 wdmaud - ok
15:04:09.0734 1752 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
15:04:09.0734 1752 WebClient - ok
15:04:09.0828 1752 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:04:09.0843 1752 winmgmt - ok
15:04:09.0906 1752 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
15:04:09.0921 1752 WmdmPmSN - ok
15:04:09.0968 1752 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:04:09.0984 1752 WmiApSrv - ok
15:04:10.0125 1752 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
15:04:10.0156 1752 WMPNetworkSvc - ok
15:04:10.0203 1752 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
15:04:10.0218 1752 wscsvc - ok
15:04:10.0281 1752 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:04:10.0281 1752 WSTCODEC - ok
15:04:10.0343 1752 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
15:04:10.0343 1752 wuauserv - ok
15:04:10.0406 1752 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:04:10.0406 1752 WudfPf - ok
15:04:10.0421 1752 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:04:10.0437 1752 WudfRd - ok
15:04:10.0468 1752 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
15:04:10.0484 1752 WudfSvc - ok
15:04:10.0546 1752 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
15:04:10.0578 1752 WZCSVC - ok
15:04:10.0625 1752 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
15:04:10.0656 1752 xmlprov - ok
15:04:10.0703 1752 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:04:11.0203 1752 \Device\Harddisk0\DR0 - ok
15:04:11.0218 1752 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
15:04:11.0687 1752 \Device\Harddisk1\DR2 - ok
15:04:11.0718 1752 Boot (0x1200) (08ee772c61b9e053912b71c9147f4a56) \Device\Harddisk0\DR0\Partition0
15:04:11.0718 1752 \Device\Harddisk0\DR0\Partition0 - ok
15:04:11.0734 1752 Boot (0x1200) (6b45c2e0e7f032ff572fc7a4804192a0) \Device\Harddisk1\DR2\Partition0
15:04:11.0734 1752 \Device\Harddisk1\DR2\Partition0 - ok
15:04:11.0750 1752 ============================================================
15:04:11.0750 1752 Scan finished
15:04:11.0750 1752 ============================================================
15:04:11.0765 0548 Detected object count: 4
15:04:11.0765 0548 Actual detected object count: 4


ESET scanner wouldn't finish the download - Unexpected error 2002. Remember, this is not safe mode...
[edit] Tried running eset again & it is scanning now.

[edit 2]

:\Documents and Settings\Robyn\Application Data\BCCBA411A8547AA744030D8826EC8662\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
C:\Documents and Settings\Robyn\Application Data\BCCBA411A8547AA744030D8826EC8662\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
C:\Documents and Settings\Robyn\Application Data\Mozilla\Firefox\Profiles\dezk9jia.default\extensions\{411315f7-4dc1-4806-ae59-26ee8d91d458}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

[edit 3]

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-18 16:10:09
-----------------------------
16:10:09.593 OS Version: Windows 5.1.2600 Service Pack 3
16:10:09.593 Number of processors: 1 586 0x2F02
16:10:09.593 ComputerName: COMQRAP UserName: Robyn
16:10:12.562 Initialize success
16:13:48.843 AVAST engine defs: 12051801
16:13:57.468 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
16:13:57.468 Disk 0 Vendor: ST3120213AS 3.AHH Size: 114473MB BusType: 3
16:13:57.500 Disk 0 MBR read successfully
16:13:57.500 Disk 0 MBR scan
16:13:57.515 Disk 0 Windows XP default MBR code
16:13:57.531 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114463 MB offset 63
16:13:57.531 Disk 0 scanning sectors +234420480
16:13:57.656 Disk 0 scanning C:\WINDOWS\system32\drivers
16:14:17.312 Service scanning
16:14:49.234 Modules scanning
16:15:03.687 Disk 0 trace - called modules:
16:15:03.718 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
16:15:03.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88f7cab8]
16:15:04.234 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000063[0x88df02c8]
16:15:04.234 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x88ee5940]
16:15:04.656 AVAST engine scan C:\WINDOWS
16:15:21.421 AVAST engine scan C:\WINDOWS\system32
16:20:15.218 AVAST engine scan C:\WINDOWS\system32\drivers
16:20:48.968 AVAST engine scan C:\Documents and Settings\Robyn
16:52:04.312 AVAST engine scan C:\Documents and Settings\All Users
16:53:37.781 Scan finished successfully
17:24:31.171 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
17:24:31.187 The log file has been saved successfully to "E:\aswMBR.txt"

Edited by Darkwood, 18 May 2012 - 07:26 PM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:09 PM

Posted 18 May 2012 - 06:01 PM

Do not change the default options of scan results in TDSSkiller.

Run TDSSkiller once again and post the log

#5 Darkwood

Darkwood
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 19 May 2012 - 10:20 AM

Scan ran clean, but still won't start in safe mode...

Thank You Thank You Thank You Thank You Thank You Thank You Thank You Thank You Thank You Thank You Thank You Thank You Thank You Thank You Thank You

08:15:50.0875 2056 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
08:15:52.0906 2056 ============================================================
08:15:52.0906 2056 Current date / time: 2012/05/19 08:15:52.0906
08:15:52.0906 2056 SystemInfo:
08:15:52.0906 2056
08:15:52.0921 2056 OS Version: 5.1.2600 ServicePack: 3.0
08:15:52.0921 2056 Product type: Workstation
08:15:52.0921 2056 ComputerName: COMQRAP
08:15:52.0921 2056 UserName: Robyn
08:15:52.0921 2056 Windows directory: C:\WINDOWS
08:15:52.0921 2056 System windows directory: C:\WINDOWS
08:15:52.0921 2056 Processor architecture: Intel x86
08:15:52.0921 2056 Number of processors: 1
08:15:52.0921 2056 Page size: 0x1000
08:15:52.0921 2056 Boot type: Normal boot
08:15:52.0921 2056 ============================================================
08:15:58.0859 2056 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:15:58.0937 2056 Drive \Device\Harddisk1\DR2 - Size: 0xEFBFFE00 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:15:58.0937 2056 ============================================================
08:15:58.0937 2056 \Device\Harddisk0\DR0:
08:15:58.0953 2056 MBR partitions:
08:15:58.0953 2056 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF8F8C1
08:15:58.0953 2056 \Device\Harddisk1\DR2:
08:15:58.0953 2056 MBR partitions:
08:15:58.0953 2056 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xB, StartLBA 0x26, BlocksNum 0x779FC2
08:15:58.0953 2056 ============================================================
08:15:59.0000 2056 C: <-> \Device\Harddisk0\DR0\Partition0
08:15:59.0000 2056 ============================================================
08:15:59.0000 2056 Initialize success
08:15:59.0000 2056 ============================================================
08:16:09.0437 3076 ============================================================
08:16:09.0437 3076 Scan started
08:16:09.0437 3076 Mode: Manual;
08:16:09.0437 3076 ============================================================
08:16:10.0421 3076 Abiosdsk - ok
08:16:10.0468 3076 abp480n5 - ok
08:16:11.0000 3076 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:16:11.0125 3076 ACPI - ok
08:16:11.0218 3076 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:16:11.0296 3076 ACPIEC - ok
08:16:11.0578 3076 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:16:11.0578 3076 AdobeFlashPlayerUpdateSvc - ok
08:16:11.0593 3076 adpu160m - ok
08:16:11.0750 3076 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:16:11.0750 3076 aec - ok
08:16:11.0953 3076 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:16:12.0062 3076 AFD - ok
08:16:12.0203 3076 AgereModemAudio (6416f9b6b220f0a890525c38235afad7) C:\Program Files\LSI SoftModem\agrsmsvc.exe
08:16:12.0203 3076 AgereModemAudio - ok
08:16:12.0640 3076 AgereSoftModem (7560f465f1ce69c53bf17559ee195548) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
08:16:13.0250 3076 AgereSoftModem - ok
08:16:13.0265 3076 Aha154x - ok
08:16:13.0265 3076 aic78u2 - ok
08:16:13.0312 3076 aic78xx - ok
08:16:13.0453 3076 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
08:16:13.0500 3076 Alerter - ok
08:16:13.0578 3076 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
08:16:13.0578 3076 ALG - ok
08:16:13.0593 3076 AliIde - ok
08:16:13.0750 3076 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
08:16:13.0828 3076 AmdPPM - ok
08:16:13.0828 3076 amsint - ok
08:16:14.0171 3076 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:16:14.0171 3076 Apple Mobile Device - ok
08:16:14.0203 3076 AppMgmt - ok
08:16:14.0218 3076 asc - ok
08:16:14.0234 3076 asc3350p - ok
08:16:14.0250 3076 asc3550 - ok
08:16:14.0968 3076 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:16:15.0109 3076 aspnet_state - ok
08:16:15.0250 3076 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:16:15.0281 3076 AsyncMac - ok
08:16:15.0359 3076 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:16:15.0359 3076 atapi - ok
08:16:15.0375 3076 Atdisk - ok
08:16:15.0437 3076 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:16:15.0453 3076 Atmarpc - ok
08:16:15.0531 3076 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
08:16:15.0531 3076 AudioSrv - ok
08:16:15.0578 3076 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:16:15.0593 3076 audstub - ok
08:16:16.0078 3076 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\avgidsagent.exe
08:16:16.0125 3076 AVGIDSAgent - ok
08:16:16.0218 3076 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
08:16:16.0218 3076 AVGIDSDriver - ok
08:16:16.0265 3076 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
08:16:16.0265 3076 AVGIDSFilter - ok
08:16:16.0296 3076 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
08:16:16.0328 3076 AVGIDSHX - ok
08:16:16.0406 3076 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
08:16:16.0406 3076 AVGIDSShim - ok
08:16:16.0453 3076 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
08:16:16.0484 3076 Avgldx86 - ok
08:16:16.0515 3076 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
08:16:16.0546 3076 Avgmfx86 - ok
08:16:16.0593 3076 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
08:16:16.0609 3076 Avgrkx86 - ok
08:16:16.0687 3076 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
08:16:16.0718 3076 Avgtdix - ok
08:16:16.0921 3076 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
08:16:16.0921 3076 avgwd - ok
08:16:16.0984 3076 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:16:17.0000 3076 Beep - ok
08:16:17.0078 3076 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
08:16:17.0125 3076 BITS - ok
08:16:17.0390 3076 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
08:16:17.0406 3076 Bonjour Service - ok
08:16:17.0468 3076 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
08:16:17.0468 3076 Browser - ok
08:16:17.0531 3076 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:16:17.0546 3076 cbidf2k - ok
08:16:17.0609 3076 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:16:17.0625 3076 CCDECODE - ok
08:16:17.0640 3076 cd20xrnt - ok
08:16:17.0718 3076 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:16:17.0734 3076 Cdaudio - ok
08:16:17.0781 3076 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:16:17.0812 3076 Cdfs - ok
08:16:17.0875 3076 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:16:17.0890 3076 Cdrom - ok
08:16:17.0906 3076 Changer - ok
08:16:17.0968 3076 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
08:16:17.0968 3076 CiSvc - ok
08:16:18.0000 3076 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
08:16:18.0015 3076 ClipSrv - ok
08:16:18.0140 3076 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:16:18.0296 3076 clr_optimization_v2.0.50727_32 - ok
08:16:18.0312 3076 CmdIde - ok
08:16:18.0328 3076 COMSysApp - ok
08:16:18.0359 3076 Cpqarray - ok
08:16:18.0406 3076 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
08:16:18.0406 3076 CryptSvc - ok
08:16:18.0421 3076 dac2w2k - ok
08:16:18.0437 3076 dac960nt - ok
08:16:18.0500 3076 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
08:16:18.0500 3076 DcomLaunch - ok
08:16:18.0578 3076 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
08:16:18.0578 3076 Dhcp - ok
08:16:18.0625 3076 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:16:18.0640 3076 Disk - ok
08:16:18.0656 3076 dmadmin - ok
08:16:18.0750 3076 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:16:18.0843 3076 dmboot - ok
08:16:18.0921 3076 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:16:18.0953 3076 dmio - ok
08:16:19.0031 3076 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:16:19.0046 3076 dmload - ok
08:16:19.0109 3076 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
08:16:19.0109 3076 dmserver - ok
08:16:19.0156 3076 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:16:19.0156 3076 DMusic - ok
08:16:19.0203 3076 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
08:16:19.0203 3076 Dnscache - ok
08:16:19.0265 3076 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
08:16:19.0312 3076 Dot3svc - ok
08:16:19.0375 3076 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
08:16:19.0406 3076 dot4 - ok
08:16:19.0437 3076 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
08:16:19.0453 3076 Dot4Print - ok
08:16:19.0515 3076 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
08:16:19.0531 3076 Dot4Scan - ok
08:16:19.0578 3076 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
08:16:19.0609 3076 dot4usb - ok
08:16:19.0609 3076 dpti2o - ok
08:16:19.0671 3076 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:16:19.0671 3076 drmkaud - ok
08:16:19.0718 3076 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
08:16:19.0734 3076 EapHost - ok
08:16:19.0765 3076 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
08:16:19.0765 3076 ERSvc - ok
08:16:19.0812 3076 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:16:19.0828 3076 Eventlog - ok
08:16:19.0890 3076 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
08:16:19.0890 3076 EventSystem - ok
08:16:19.0953 3076 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:16:19.0968 3076 Fastfat - ok
08:16:20.0031 3076 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:16:20.0031 3076 FastUserSwitchingCompatibility - ok
08:16:20.0093 3076 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
08:16:20.0109 3076 Fdc - ok
08:16:20.0140 3076 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:16:20.0156 3076 Fips - ok
08:16:20.0203 3076 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
08:16:20.0218 3076 Flpydisk - ok
08:16:20.0281 3076 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
08:16:20.0312 3076 FltMgr - ok
08:16:20.0453 3076 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:16:20.0468 3076 FontCache3.0.0.0 - ok
08:16:20.0500 3076 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:16:20.0515 3076 Fs_Rec - ok
08:16:20.0546 3076 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:16:20.0578 3076 Ftdisk - ok
08:16:20.0625 3076 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:16:20.0640 3076 GEARAspiWDM - ok
08:16:20.0687 3076 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:16:20.0703 3076 Gpc - ok
08:16:20.0750 3076 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:16:20.0765 3076 HDAudBus - ok
08:16:20.0859 3076 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:16:20.0859 3076 helpsvc - ok
08:16:20.0890 3076 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
08:16:20.0890 3076 HidServ - ok
08:16:20.0953 3076 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:16:20.0968 3076 HidUsb - ok
08:16:21.0031 3076 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
08:16:21.0046 3076 hkmsvc - ok
08:16:21.0062 3076 hpn - ok
08:16:21.0109 3076 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:16:21.0125 3076 HTTP - ok
08:16:21.0156 3076 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
08:16:21.0171 3076 HTTPFilter - ok
08:16:21.0187 3076 i2omgmt - ok
08:16:21.0203 3076 i2omp - ok
08:16:21.0718 3076 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:16:21.0750 3076 i8042prt - ok
08:16:21.0906 3076 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:16:22.0078 3076 idsvc - ok
08:16:22.0093 3076 idtvvtrh - ok
08:16:22.0156 3076 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:16:22.0187 3076 Imapi - ok
08:16:22.0234 3076 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
08:16:22.0265 3076 ImapiService - ok
08:16:22.0296 3076 ini910u - ok
08:16:22.0500 3076 IntcAzAudAddService (14b48553be78472d2bd3a518658a1710) C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:16:22.0578 3076 IntcAzAudAddService - ok
08:16:22.0625 3076 IntelIde - ok
08:16:22.0703 3076 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
08:16:22.0718 3076 Ip6Fw - ok
08:16:22.0781 3076 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:16:22.0781 3076 IpFilterDriver - ok
08:16:22.0859 3076 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:16:22.0875 3076 IpInIp - ok
08:16:22.0937 3076 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:16:22.0968 3076 IpNat - ok
08:16:23.0093 3076 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
08:16:23.0093 3076 iPod Service - ok
08:16:23.0156 3076 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:16:23.0187 3076 IPSec - ok
08:16:23.0234 3076 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:16:23.0250 3076 IRENUM - ok
08:16:23.0312 3076 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:16:23.0328 3076 isapnp - ok
08:16:23.0421 3076 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
08:16:23.0421 3076 JavaQuickStarterService - ok
08:16:23.0484 3076 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:16:23.0500 3076 Kbdclass - ok
08:16:23.0531 3076 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:16:23.0546 3076 kbdhid - ok
08:16:23.0593 3076 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:16:23.0609 3076 kmixer - ok
08:16:23.0656 3076 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:16:23.0687 3076 KSecDD - ok
08:16:23.0734 3076 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
08:16:23.0750 3076 LanmanServer - ok
08:16:23.0796 3076 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
08:16:23.0796 3076 lanmanworkstation - ok
08:16:23.0812 3076 lbrtfdc - ok
08:16:23.0890 3076 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
08:16:23.0890 3076 LmHosts - ok
08:16:23.0921 3076 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
08:16:23.0921 3076 MBAMProtector - ok
08:16:24.0078 3076 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
08:16:24.0093 3076 MBAMService - ok
08:16:24.0140 3076 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
08:16:24.0156 3076 MBAMSwissArmy - ok
08:16:24.0187 3076 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
08:16:24.0203 3076 Messenger - ok
08:16:24.0250 3076 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:16:24.0265 3076 mnmdd - ok
08:16:24.0296 3076 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
08:16:24.0312 3076 mnmsrvc - ok
08:16:24.0375 3076 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:16:24.0390 3076 Modem - ok
08:16:24.0406 3076 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:16:24.0421 3076 Mouclass - ok
08:16:24.0468 3076 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:16:24.0500 3076 mouhid - ok
08:16:24.0546 3076 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:16:24.0562 3076 MountMgr - ok
08:16:24.0609 3076 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:16:24.0656 3076 MozillaMaintenance - ok
08:16:24.0671 3076 mraid35x - ok
08:16:24.0703 3076 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:16:24.0703 3076 MRxDAV - ok
08:16:24.0781 3076 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:16:24.0828 3076 MRxSmb - ok
08:16:24.0875 3076 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
08:16:24.0890 3076 MSDTC - ok
08:16:24.0937 3076 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:16:24.0953 3076 Msfs - ok
08:16:24.0953 3076 MSIServer - ok
08:16:25.0015 3076 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:16:25.0031 3076 MSKSSRV - ok
08:16:25.0093 3076 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:16:25.0109 3076 MSPCLOCK - ok
08:16:25.0125 3076 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:16:25.0140 3076 MSPQM - ok
08:16:25.0187 3076 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:16:25.0203 3076 mssmbios - ok
08:16:25.0265 3076 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
08:16:25.0281 3076 MSTEE - ok
08:16:25.0343 3076 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:16:25.0359 3076 Mup - ok
08:16:25.0421 3076 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:16:25.0437 3076 NABTSFEC - ok
08:16:26.0265 3076 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
08:16:26.0453 3076 napagent - ok
08:16:26.0750 3076 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:16:26.0812 3076 NDIS - ok
08:16:26.0875 3076 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:16:26.0890 3076 NdisIP - ok
08:16:27.0000 3076 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:16:27.0031 3076 NdisTapi - ok
08:16:27.0203 3076 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:16:27.0234 3076 Ndisuio - ok
08:16:27.0750 3076 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:16:27.0859 3076 NdisWan - ok
08:16:28.0093 3076 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:16:28.0171 3076 NDProxy - ok
08:16:28.0281 3076 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:16:28.0296 3076 NetBIOS - ok
08:16:28.0593 3076 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:16:28.0656 3076 NetBT - ok
08:16:29.0078 3076 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:16:29.0187 3076 NetDDE - ok
08:16:29.0218 3076 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:16:29.0234 3076 NetDDEdsdm - ok
08:16:29.0343 3076 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:16:29.0343 3076 Netlogon - ok
08:16:29.0765 3076 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
08:16:29.0765 3076 Netman - ok
08:16:30.0171 3076 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:16:30.0250 3076 NetTcpPortSharing - ok
08:16:30.0921 3076 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
08:16:30.0921 3076 Nla - ok
08:16:31.0281 3076 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys
08:16:31.0312 3076 NPF - ok
08:16:31.0375 3076 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:16:31.0406 3076 Npfs - ok
08:16:31.0687 3076 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:16:31.0781 3076 Ntfs - ok
08:16:31.0796 3076 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:16:31.0843 3076 NtLmSsp - ok
08:16:32.0062 3076 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
08:16:32.0312 3076 NtmsSvc - ok
08:16:32.0406 3076 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:16:32.0484 3076 Null - ok
08:16:34.0671 3076 nv (642a87877f83313eb5302749cd479024) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:16:35.0906 3076 nv - ok
08:16:36.0843 3076 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
08:16:36.0875 3076 NVENETFD - ok
08:16:37.0000 3076 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
08:16:37.0031 3076 nvnetbus - ok
08:16:37.0453 3076 NVSvc (b0903c021bfcd6055c053a569ef98aef) C:\WINDOWS\system32\nvsvc32.exe
08:16:37.0453 3076 NVSvc - ok
08:16:37.0625 3076 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:16:37.0640 3076 NwlnkFlt - ok
08:16:37.0906 3076 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:16:37.0937 3076 NwlnkFwd - ok
08:16:38.0046 3076 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
08:16:38.0046 3076 Parport - ok
08:16:38.0109 3076 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:16:38.0140 3076 PartMgr - ok
08:16:38.0296 3076 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:16:38.0328 3076 ParVdm - ok
08:16:38.0593 3076 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:16:38.0687 3076 PCI - ok
08:16:38.0703 3076 PCIDump - ok
08:16:38.0781 3076 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:16:38.0796 3076 PCIIde - ok
08:16:39.0406 3076 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:16:39.0437 3076 Pcmcia - ok
08:16:39.0453 3076 PDCOMP - ok
08:16:39.0468 3076 PDFRAME - ok
08:16:39.0484 3076 PDRELI - ok
08:16:39.0500 3076 PDRFRAME - ok
08:16:39.0515 3076 perc2 - ok
08:16:39.0531 3076 perc2hib - ok
08:16:40.0140 3076 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:16:40.0140 3076 PlugPlay - ok
08:16:40.0218 3076 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:16:40.0234 3076 PolicyAgent - ok
08:16:40.0562 3076 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:16:40.0609 3076 PptpMiniport - ok
08:16:40.0812 3076 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
08:16:40.0890 3076 Processor - ok
08:16:40.0906 3076 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:16:40.0906 3076 ProtectedStorage - ok
08:16:41.0000 3076 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:16:41.0109 3076 PSched - ok
08:16:41.0218 3076 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:16:41.0265 3076 Ptilink - ok
08:16:41.0281 3076 ql1080 - ok
08:16:41.0296 3076 Ql10wnt - ok
08:16:41.0312 3076 ql12160 - ok
08:16:41.0328 3076 ql1240 - ok
08:16:41.0343 3076 ql1280 - ok
08:16:41.0390 3076 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:16:41.0421 3076 RasAcd - ok
08:16:41.0468 3076 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
08:16:41.0500 3076 RasAuto - ok
08:16:41.0546 3076 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:16:41.0578 3076 Rasl2tp - ok
08:16:41.0609 3076 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
08:16:41.0609 3076 RasMan - ok
08:16:41.0640 3076 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:16:41.0656 3076 RasPppoe - ok
08:16:41.0718 3076 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:16:41.0750 3076 Raspti - ok
08:16:42.0421 3076 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:16:42.0562 3076 Rdbss - ok
08:16:42.0593 3076 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:16:42.0609 3076 RDPCDD - ok
08:16:43.0359 3076 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
08:16:43.0421 3076 RDPWD - ok
08:16:43.0578 3076 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
08:16:43.0609 3076 RDSessMgr - ok
08:16:43.0640 3076 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:16:43.0671 3076 redbook - ok
08:16:43.0765 3076 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
08:16:43.0796 3076 RemoteAccess - ok
08:16:43.0875 3076 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
08:16:43.0890 3076 RpcLocator - ok
08:16:44.0000 3076 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
08:16:44.0000 3076 RpcSs - ok
08:16:44.0140 3076 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
08:16:44.0187 3076 RSVP - ok
08:16:44.0250 3076 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:16:44.0250 3076 SamSs - ok
08:16:44.0421 3076 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
08:16:44.0453 3076 SCardSvr - ok
08:16:44.0500 3076 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
08:16:44.0515 3076 Schedule - ok
08:16:44.0640 3076 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:16:44.0640 3076 Secdrv - ok
08:16:44.0718 3076 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
08:16:44.0718 3076 seclogon - ok
08:16:44.0734 3076 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
08:16:44.0750 3076 SENS - ok
08:16:44.0796 3076 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
08:16:44.0812 3076 Serial - ok
08:16:44.0890 3076 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:16:44.0906 3076 Sfloppy - ok
08:16:45.0031 3076 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
08:16:45.0031 3076 SharedAccess - ok
08:16:45.0328 3076 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:16:45.0328 3076 ShellHWDetection - ok
08:16:45.0343 3076 Simbad - ok
08:16:45.0562 3076 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
08:16:45.0578 3076 SkypeUpdate - ok
08:16:45.0718 3076 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:16:45.0734 3076 SLIP - ok
08:16:45.0750 3076 Sparrow - ok
08:16:45.0828 3076 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:16:45.0828 3076 splitter - ok
08:16:46.0000 3076 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
08:16:46.0000 3076 Spooler - ok
08:16:46.0078 3076 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:16:46.0156 3076 sr - ok
08:16:46.0218 3076 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
08:16:46.0218 3076 srservice - ok
08:16:46.0296 3076 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:16:46.0328 3076 Srv - ok
08:16:46.0406 3076 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
08:16:46.0406 3076 SSDPSRV - ok
08:16:46.0453 3076 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
08:16:46.0500 3076 StillCam - ok
08:16:46.0562 3076 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
08:16:46.0562 3076 stisvc - ok
08:16:46.0640 3076 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:16:46.0671 3076 streamip - ok
08:16:46.0718 3076 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:16:46.0781 3076 swenum - ok
08:16:46.0828 3076 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:16:46.0828 3076 swmidi - ok
08:16:46.0843 3076 SwPrv - ok
08:16:46.0859 3076 symc810 - ok
08:16:46.0875 3076 symc8xx - ok
08:16:46.0890 3076 sym_hi - ok
08:16:46.0906 3076 sym_u3 - ok
08:16:46.0968 3076 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:16:46.0984 3076 sysaudio - ok
08:16:47.0031 3076 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
08:16:47.0062 3076 SysmonLog - ok
08:16:47.0109 3076 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
08:16:47.0125 3076 TapiSrv - ok
08:16:47.0187 3076 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:16:47.0234 3076 Tcpip - ok
08:16:47.0281 3076 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:16:47.0296 3076 TDPIPE - ok
08:16:47.0343 3076 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:16:47.0359 3076 TDTCP - ok
08:16:47.0421 3076 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:16:47.0453 3076 TermDD - ok
08:16:47.0500 3076 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
08:16:47.0500 3076 TermService - ok
08:16:47.0562 3076 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:16:47.0562 3076 Themes - ok
08:16:47.0578 3076 TosIde - ok
08:16:47.0625 3076 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
08:16:47.0625 3076 TrkWks - ok
08:16:47.0703 3076 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:16:47.0718 3076 Udfs - ok
08:16:47.0734 3076 ultra - ok
08:16:47.0812 3076 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:16:47.0859 3076 Update - ok
08:16:47.0921 3076 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
08:16:47.0953 3076 upnphost - ok
08:16:48.0015 3076 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
08:16:48.0031 3076 UPS - ok
08:16:48.0078 3076 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
08:16:48.0093 3076 USBAAPL - ok
08:16:48.0156 3076 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
08:16:48.0171 3076 usbaudio - ok
08:16:48.0218 3076 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:16:48.0234 3076 usbccgp - ok
08:16:48.0281 3076 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:16:48.0296 3076 usbehci - ok
08:16:48.0343 3076 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:16:48.0359 3076 usbhub - ok
08:16:48.0390 3076 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:16:48.0406 3076 usbohci - ok
08:16:48.0468 3076 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:16:48.0484 3076 usbprint - ok
08:16:48.0531 3076 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:16:48.0562 3076 usbscan - ok
08:16:48.0640 3076 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:16:48.0640 3076 USBSTOR - ok
08:16:48.0703 3076 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
08:16:48.0718 3076 usbvideo - ok
08:16:48.0781 3076 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:16:48.0796 3076 VgaSave - ok
08:16:48.0812 3076 ViaIde - ok
08:16:48.0859 3076 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:16:48.0875 3076 VolSnap - ok
08:16:48.0921 3076 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
08:16:48.0968 3076 VSS - ok
08:16:49.0015 3076 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
08:16:49.0015 3076 W32Time - ok
08:16:49.0062 3076 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:16:49.0078 3076 Wanarp - ok
08:16:49.0093 3076 WDICA - ok
08:16:49.0140 3076 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:16:49.0140 3076 wdmaud - ok
08:16:49.0187 3076 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
08:16:49.0187 3076 WebClient - ok
08:16:49.0296 3076 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
08:16:49.0296 3076 winmgmt - ok
08:16:49.0375 3076 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
08:16:49.0390 3076 WmdmPmSN - ok
08:16:49.0453 3076 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:16:49.0484 3076 WmiApSrv - ok
08:16:49.0625 3076 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
08:16:49.0718 3076 WMPNetworkSvc - ok
08:16:49.0781 3076 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
08:16:49.0781 3076 wscsvc - ok
08:16:49.0859 3076 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:16:49.0859 3076 WSTCODEC - ok
08:16:49.0921 3076 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
08:16:49.0937 3076 wuauserv - ok
08:16:49.0984 3076 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:16:50.0015 3076 WudfPf - ok
08:16:50.0031 3076 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:16:50.0062 3076 WudfRd - ok
08:16:50.0109 3076 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
08:16:50.0140 3076 WudfSvc - ok
08:16:50.0203 3076 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
08:16:50.0218 3076 WZCSVC - ok
08:16:50.0265 3076 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
08:16:50.0312 3076 xmlprov - ok
08:16:50.0343 3076 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
08:16:50.0765 3076 \Device\Harddisk0\DR0 - ok
08:16:50.0781 3076 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
08:16:50.0796 3076 \Device\Harddisk1\DR2 - ok
08:16:50.0812 3076 Boot (0x1200) (08ee772c61b9e053912b71c9147f4a56) \Device\Harddisk0\DR0\Partition0
08:16:50.0812 3076 \Device\Harddisk0\DR0\Partition0 - ok
08:16:50.0828 3076 Boot (0x1200) (f30082015d297bfdb0b9e345aa4d7c4b) \Device\Harddisk1\DR2\Partition0
08:16:50.0843 3076 \Device\Harddisk1\DR2\Partition0 - ok
08:16:50.0843 3076 ============================================================
08:16:50.0843 3076 Scan finished
08:16:50.0843 3076 ============================================================
08:16:50.0859 3376 Detected object count: 0
08:16:50.0859 3376 Actual detected object count: 0

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:09 PM

Posted 19 May 2012 - 10:32 AM

Press Windows+R key and type

cmd and click ok and run this command

chkdsk /r


press ENTER

Click Y to allow to schedule chkdsk on next restart

Restart the PC and allow chkdsk to run,now try to start the PC in safemode

good luck

Edited by narenxp, 19 May 2012 - 10:32 AM.


#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:09 PM

Posted 19 May 2012 - 10:43 AM

If chkdsk doesnt work,try this

Download

safeboot repair

Run it,and try to boot into safemode

good luck

#8 Darkwood

Darkwood
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 19 May 2012 - 07:07 PM

I got it to boot in safe mode with networking, then ran the eset scanner again:

C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\5\732ba9c5-4fcb95b2 a variant of Java/Agent.DU trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\9\40f525c9-5200c6f4 a variant of Java/Agent.DU trojan deleted - quarantined

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:09 PM

Posted 19 May 2012 - 09:08 PM

Boot into normal mode and run ESET online scanner again

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#10 Darkwood

Darkwood
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 22 May 2012 - 02:46 PM

All this activity, especially the safe boot repair, seems to have done a number on the file system. I attempted to boot to follow your latest instructions, and the computer hung during an automatic check disk. I removed the drive & ran chkdsk /r on another computer & it found A TON of errors. I replaced the drive in the comp and attempted to boot and got a STOP 0x0E NO_USER_MODE_CONTEXT. I removed the drive & re-mounted it in the other comp (this one btw) to check if the photos etc are ok (they seems to be there). When I re-install it in the other computer, I am now getting:

STOP: c000021a {Fatal System Error}
The Windows Logon Process system process terminated unexpectedly with a status of 0xc0000135 (0x00000000 0x00000000).
The system has been shut down.

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:09 PM

Posted 22 May 2012 - 10:38 PM

Does this happen in safemode or normal mode?

Do you have your XP OS CD with you?

#12 Darkwood

Darkwood
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 22 May 2012 - 11:48 PM

Both modes. Yes I have my cd...

Thanks

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:09 PM

Posted 23 May 2012 - 01:34 AM

Try to repair using XP CD

http://en.kioskea.net/faq/516-repairing-windows-xp-using-cd-installation

#14 Darkwood

Darkwood
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 24 May 2012 - 11:57 AM

OK, I fixed the OS making a backup of the dll files in \windows\system32, then copying all the DLL's from a different computer into the \windows\system32, then copying the backup I made over top. Works.

Ran MBAM It found one item, cleaned it, then ran clean after a re-boot.

Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE (Trojan.Agent) -> No action taken.

GMER:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-24 00:09:35
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 ST3120213AS rev.3.AHH
Running: u49dftdi.exe; Driver: C:\DOCUME~1\Robyn\LOCALS~1\Temp\kwddqpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xB5317004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xB53170D4]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB5316D76]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB5316E1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB5316EBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB5316F56]

---- Kernel code sections - GMER 1.0.15 ----

? bntgp.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9A6C360, 0x20574D, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\CONF.©XE@ C:\P?ogram F?les\Net?eeting\?onf.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\CONF.©XE@Path C:\P?ogram F?les\Net?eeting;
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\HELPCsR.EXE@ ?:\WINDO?S\PCHea?th\Help?tr\Bina?ies\Hel?Ctr.exe
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB2481109\File 1@Flags
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB2481109\File 1@New File
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB2481109\File 1@New Link Date
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB2481109\File 1@Old Link Date
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB2544893-v2\File 1@Flags
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB2544893-v2\File 1@New File
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB2544893-v2\File 1@New Link Date
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB2544893-v2\File 1@Old Link Date
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\North Asia East Standard Time\Dynamic DST@FirstEntry 2010
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\North Asia East Standard Time\Dynamic DST@LastEntry 2011
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\North Asia Standard Time\Dynamic DST@FirstEntry 2010
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\North Asia Standard Time\Dynamic DST@LastEntry 2011
Reg HKLM\SOFTWARE\Classes\.vbs\PersistentHandler@ ?5e941d8?-bf96-1?cd-b579?08002b3?bfeb}
Reg HKLM\SOFTWARE\Classes\Interface\{061C6E30-E622-11D2-9493-00C04F72D980}\NumMethods@ 26

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB31264$\216828211 0 bytes
File C:\WINDOWS\$NtUninstallKB31264$\216828211\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB31264$\216828211\bckfg.tmp 800 bytes
File C:\WINDOWS\$NtUninstallKB31264$\216828211\cfg.ini 392 bytes
File C:\WINDOWS\$NtUninstallKB31264$\216828211\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB31264$\216828211\keywords 0 bytes
File C:\WINDOWS\$NtUninstallKB31264$\216828211\kwrd.dll 208896 bytes
File C:\WINDOWS\$NtUninstallKB31264$\216828211\L 0 bytes
File C:\WINDOWS\$NtUninstallKB31264$\216828211\L\ofahxunw 75264 bytes
File C:\WINDOWS\$NtUninstallKB31264$\216828211\U 0 bytes
File C:\WINDOWS\$NtUninstallKB31264$\216828211\U\00000001.@ 1536 bytes
File C:\WINDOWS\$NtUninstallKB31264$\216828211\U\00000002.@ 209920 bytes
File C:\WINDOWS\$NtUninstallKB31264$\216828211\U\80000000.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB31264$\216828211\U\80000032.@ 71168 bytes
File C:\WINDOWS\$NtUninstallKB31264$\483967303 0 bytes

---- EOF - GMER 1.0.15 ----

FSS:

Farbar Service Scanner Version: 17-05-2012
Ran by Robyn (administrator) on 24-05-2012 at 00:10:47
Running from "C:\Documents and Settings\Robyn\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(12) Gpc(3) IPSec(10) NetBT(11) PSched(7) Tcpip(9)
0x0C0000000A0000000500000001000000020000000300000004000000080000000600000007000000090000000C0000000B000000


**** End of log ****

Mini Toolbox:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Robyn (administrator) on 24-05-2012 at 00:12:04
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================


WARNING: Could not obtain host information from machine: [COMQRAP]. Some commands may not be available.


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 4"

set address name="Local Area Connection 4" source=dhcp
set dns name="Local Area Connection 4" source=dhcp register=PRIMARY
set wins name="Local Area Connection 4" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : comqrap

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection 4:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

Physical Address. . . . . . . . . : 00-17-31-47-02-49

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.191

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : Wednesday, May 23, 2012 6:31:52 PM

Lease Expires . . . . . . . . . . : Thursday, May 24, 2012 6:31:52 PM

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 173.194.33.41, 173.194.33.32, 173.194.33.37, 173.194.33.35
173.194.33.33, 173.194.33.38, 173.194.33.39, 173.194.33.46, 173.194.33.34
173.194.33.40, 173.194.33.36



Pinging google.com [173.194.33.32] with 32 bytes of data:



Reply from 173.194.33.32: bytes=32 time=31ms TTL=54

Reply from 173.194.33.32: bytes=32 time=33ms TTL=54



Ping statistics for 173.194.33.32:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 31ms, Maximum = 33ms, Average = 32ms

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=68ms TTL=54

Reply from 72.30.38.140: bytes=32 time=54ms TTL=54



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 54ms, Maximum = 68ms, Average = 61ms

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 17 31 47 02 49 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.191 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.0.191 192.168.0.191 20
192.168.0.0 255.255.255.0 192.168.0.191 192.168.0.191 20
192.168.0.191 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.191 192.168.0.191 20
224.0.0.0 240.0.0.0 192.168.0.191 192.168.0.191 20
255.255.255.255 255.255.255.255 192.168.0.191 192.168.0.191 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/23/2012 06:32:11 PM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Error: (05/23/2012 03:32:34 PM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Error: (05/23/2012 00:14:11 PM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Error: (05/23/2012 00:04:12 PM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Error: (05/20/2012 11:46:01 AM) (Source: Application Error) (User: )
Description: Fault bucket -1310777763.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (05/20/2012 11:45:51 AM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 1.60.0.80, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00011203.
Processing media-specific event for [mbam.exe!ws!]

Error: (05/20/2012 10:37:03 AM) (Source: Application Error) (User: )
Description: Faulting application onlinecmdlinescanner.exe, version 0.0.0.0, faulting module esets_apiw_a.dll, version 3.0.15.0, fault address 0x00004440.
Processing media-specific event for [onlinecmdlinescanner.exe!ws!]

Error: (05/19/2012 03:20:10 PM) (Source: Application Error) (User: )
Description: Faulting application onlinecmdlinescanner.exe, version 0.0.0.0, faulting module esets_apiw_a.dll, version 3.0.15.0, fault address 0x00004440.
Processing media-specific event for [onlinecmdlinescanner.exe!ws!]

Error: (05/19/2012 01:31:15 PM) (Source: Application Error) (User: )
Description: Fault bucket -1372788085.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (05/19/2012 01:31:05 PM) (Source: Application Error) (User: )
Description: Faulting application mbamservice.exe, version 1.61.0.0, faulting module mbamservice.exe, version 1.61.0.0, fault address 0x00003a2c.
Processing media-specific event for [mbamservice.exe!ws!]


System errors:
=============
Error: (05/23/2012 08:05:06 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort2

Error: (05/20/2012 10:57:33 AM) (Source: 0) (User: )
Description: C:

Error: (05/19/2012 05:05:04 PM) (Source: DCOM) (User: Robyn)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (05/19/2012 05:05:03 PM) (Source: DCOM) (User: Robyn)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (05/19/2012 02:38:09 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AmdPPM
Avgldx86
Avgmfx86
Fips

Error: (05/19/2012 02:37:19 PM) (Source: DCOM) (User: Robyn)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (05/19/2012 02:36:57 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (05/19/2012 01:36:02 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

Error: (05/19/2012 01:30:59 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Avgldx86

Error: (05/19/2012 01:30:59 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with service-specific error 3758213657 (0xE001CA19).


Microsoft Office Sessions:
=========================
Error: (05/23/2012 06:32:11 PM) (Source: SecurityCenter)(User: )
Description:

Error: (05/23/2012 03:32:34 PM) (Source: SecurityCenter)(User: )
Description:

Error: (05/23/2012 00:14:11 PM) (Source: SecurityCenter)(User: )
Description:

Error: (05/23/2012 00:04:12 PM) (Source: SecurityCenter)(User: )
Description:

Error: (05/20/2012 11:46:01 AM) (Source: Application Error)(User: )
Description: -1310777763

Error: (05/20/2012 11:45:51 AM) (Source: Application Error)(User: )
Description: mbam.exe1.60.0.80ntdll.dll5.1.2600.605500011203

Error: (05/20/2012 10:37:03 AM) (Source: Application Error)(User: )
Description: onlinecmdlinescanner.exe0.0.0.0esets_apiw_a.dll3.0.15.000004440

Error: (05/19/2012 03:20:10 PM) (Source: Application Error)(User: )
Description: onlinecmdlinescanner.exe0.0.0.0esets_apiw_a.dll3.0.15.000004440

Error: (05/19/2012 01:31:15 PM) (Source: Application Error)(User: )
Description: -1372788085

Error: (05/19/2012 01:31:05 PM) (Source: Application Error)(User: )
Description: mbamservice.exe1.61.0.0mbamservice.exe1.61.0.000003a2c


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin (Version: 11.2.202.235)
Adobe Reader 9.4.7 (Version: 9.4.7)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
AVG 2012 (Version: 12.0.2176)
AVG 2012 (Version: 12.0.2425)
AVG 2012 (Version: 2012.0.2176)
Bonjour (Version: 3.0.0.10)
ESET Online Scanner v3
Google Talk Plugin (Version: 2.9.10.7526)
hp psc 700 series
iTunes (Version: 10.5.3.3)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
LSI PCI-SV92PP Soft Modem (Version: 2.2.98)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
NVIDIA Drivers
QuickTime (Version: 7.71.80.42)
Realtek High Definition Audio Driver
Skype Click to Call (Version: 5.10.9560)
Skype™ 5.8 (Version: 5.8.158)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB978207) (Version: 1)
Update for Windows XP (KB980182) (Version: 1)
VLC media player 1.1.9 (Version: 1.1.9)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11

========================= Memory info: ===================================

Percentage of memory in use: 42%
Total physical RAM: 1214.48 MB
Available physical RAM: 698.89 MB
Total Pagefile: 1748.12 MB
Available Pagefile: 1309.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1977.27 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:111.78 GB) (Free:43.62 GB) NTFS
3 Drive e: () (Removable) (Total:3.74 GB) (Free:0.89 GB) FAT32

========================= Users: ========================================

User accounts for \\COMQRAP

Administrator Guest HelpAssistant
Robyn SUPPORT_388945a0


**** End of log ****


Thanks for all your help!

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:09 PM

Posted 24 May 2012 - 12:47 PM

You're infected by zero access,we need advanced tools

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users