Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow computer/malware disabling internet


  • This topic is locked This topic is locked
12 replies to this topic

#1 Himemiya

Himemiya

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:08 PM

Posted 21 May 2012 - 06:24 PM

Hi,

My computer is running abnormally slow and my internet will disconnect after the computer has been on for maybe 10 minutes. (all other computers work so it is not a connection related problem)

I have run AVG, MalwareBytes,SAS,aswMBR, and ESET and they aren't picking up anything. However, TDSSKiller will find a "suspiscious object" titled Rootkit.Win32.BackBoot.gen but fails to remove it.

Any help would be greatly appreciated!!


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Dell at 15:52:31 on 2012-05-21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.211 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\WISPTIS.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot\SDHelper.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [D-Link RangeBooster G WUA-2340] c:\program files\d-link\rangebooster g wua-2340\AirPlusCFG.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot\SDHelper.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253235873203
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} - hxxp://www.link-systems.com/sdkhtml/SDK/paste/lsiw2k.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A44BBE8E-2550-4CD2-A120-12B966207F14} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-3-12 918880]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2009-10-5 386784]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2009-10-5 57440]
S2 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-31 167264]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\d-link\rangebooster g wua-2340\jswutil\jswpsapi.exe [2009-10-5 356434]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-10-6 15656]
S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
S4 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-10-6 2789160]
.
=============== Created Last 30 ================
.
2012-05-14 03:56:31 6734704 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{d1db79cf-7f83-49ad-9e4d-76ef0bcb5e19}\mpengine.dll
.
==================== Find3M ====================
.
2012-04-19 22:15:23 98992 ----a-w- c:\windows\system32\drivers\87519833.sys
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-23 15:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 15:53:35.60 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:08 PM

Posted 26 May 2012 - 05:28 AM

Hello, Himemiya.
My name is etavares and I will be helping you with this log.

Here are some guidelines to ensure we are able to get your machine back under your control.

  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!



Step 1


Please delete your copy of TDSS Killer and download an updated copy following the instructions below. It may be updated to remove this variant, if not at least I'll be able to see what it is finding.

  • Download TDSSKiller.exe and save it to your desktop.
  • Double-click TDSSKiller.exe to run it.
  • Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  • Click Start scan and allow it to scan for Malicious objects.
  • If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
  • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents of the logfile in your next reply

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 Himemiya

Himemiya
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:08 PM

Posted 26 May 2012 - 11:08 AM

Thank you so much for your help. I ran the scan but it didn't pick up anything. The computer is still running extremely slow and will still disconnect me from the internet.

11:04:43.0187 3428 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
11:04:43.0484 3428 ============================================================
11:04:43.0484 3428 Current date / time: 2012/05/26 11:04:43.0484
11:04:43.0484 3428 SystemInfo:
11:04:43.0484 3428
11:04:43.0484 3428 OS Version: 5.1.2600 ServicePack: 3.0
11:04:43.0484 3428 Product type: Workstation
11:04:43.0484 3428 ComputerName: DELL-D999CB1682
11:04:43.0484 3428 UserName: Dell
11:04:43.0484 3428 Windows directory: C:\WINDOWS
11:04:43.0484 3428 System windows directory: C:\WINDOWS
11:04:43.0484 3428 Processor architecture: Intel x86
11:04:43.0484 3428 Number of processors: 2
11:04:43.0484 3428 Page size: 0x1000
11:04:43.0484 3428 Boot type: Normal boot
11:04:43.0484 3428 ============================================================
11:04:45.0593 3428 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:04:45.0593 3428 ============================================================
11:04:45.0593 3428 \Device\Harddisk0\DR0:
11:04:45.0593 3428 MBR partitions:
11:04:45.0593 3428 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x94E7137
11:04:45.0593 3428 ============================================================
11:04:45.0656 3428 C: <-> \Device\Harddisk0\DR0\Partition0
11:04:45.0656 3428 ============================================================
11:04:45.0656 3428 Initialize success
11:04:45.0656 3428 ============================================================
11:04:46.0875 3376 ============================================================
11:04:46.0875 3376 Scan started
11:04:46.0875 3376 Mode: Manual;
11:04:46.0875 3376 ============================================================
11:04:48.0140 3376 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
11:04:48.0140 3376 !SASCORE - ok
11:04:48.0562 3376 A5AGU (304d8a51672c760f5d92d73652e8fbfc) C:\WINDOWS\system32\DRIVERS\A5AGU.sys
11:04:48.0578 3376 A5AGU - ok
11:04:48.0578 3376 Abiosdsk - ok
11:04:48.0578 3376 abp480n5 - ok
11:04:48.0687 3376 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:04:48.0687 3376 ACPI - ok
11:04:48.0734 3376 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:04:48.0734 3376 ACPIEC - ok
11:04:48.0859 3376 AdobeActiveFileMonitor6.0 (e8fe4fce23d2809bd88bcc1d0f8408ce) C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
11:04:48.0859 3376 AdobeActiveFileMonitor6.0 - ok
11:04:48.0859 3376 adpu160m - ok
11:04:48.0906 3376 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:04:48.0906 3376 aec - ok
11:04:49.0015 3376 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:04:49.0015 3376 AFD - ok
11:04:49.0031 3376 Aha154x - ok
11:04:49.0031 3376 aic78u2 - ok
11:04:49.0031 3376 aic78xx - ok
11:04:49.0078 3376 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
11:04:49.0078 3376 Alerter - ok
11:04:49.0109 3376 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
11:04:49.0109 3376 ALG - ok
11:04:49.0109 3376 AliIde - ok
11:04:49.0125 3376 amsint - ok
11:04:49.0171 3376 ANIO (920298c7aef97d8168d219d35975d295) C:\WINDOWS\system32\ANIO.SYS
11:04:49.0171 3376 ANIO - ok
11:04:49.0250 3376 ANIWZCSdService (aa3d68f26b2a27f660afc46039b061a4) C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
11:04:49.0250 3376 ANIWZCSdService - ok
11:04:49.0343 3376 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:04:49.0343 3376 Apple Mobile Device - ok
11:04:49.0343 3376 AppMgmt - ok
11:04:49.0359 3376 asc - ok
11:04:49.0359 3376 asc3350p - ok
11:04:49.0359 3376 asc3550 - ok
11:04:49.0578 3376 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:04:49.0578 3376 aspnet_state - ok
11:04:49.0609 3376 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:04:49.0609 3376 AsyncMac - ok
11:04:49.0671 3376 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:04:49.0671 3376 atapi - ok
11:04:49.0687 3376 Atdisk - ok
11:04:49.0703 3376 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:04:49.0703 3376 Atmarpc - ok
11:04:49.0765 3376 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
11:04:49.0765 3376 AudioSrv - ok
11:04:49.0828 3376 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:04:49.0828 3376 audstub - ok
11:04:50.0078 3376 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
11:04:50.0078 3376 AVG Security Toolbar Service - ok
11:04:53.0437 3376 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
11:04:53.0484 3376 AVGIDSAgent - ok
11:04:53.0953 3376 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
11:04:53.0953 3376 AVGIDSDriver - ok
11:04:54.0031 3376 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
11:04:54.0046 3376 AVGIDSEH - ok
11:04:54.0125 3376 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
11:04:54.0125 3376 AVGIDSFilter - ok
11:04:54.0203 3376 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
11:04:54.0203 3376 AVGIDSShim - ok
11:04:54.0343 3376 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
11:04:54.0343 3376 Avgldx86 - ok
11:04:54.0390 3376 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
11:04:54.0390 3376 Avgmfx86 - ok
11:04:54.0437 3376 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
11:04:54.0437 3376 Avgrkx86 - ok
11:04:54.0703 3376 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
11:04:54.0703 3376 Avgtdix - ok
11:04:54.0921 3376 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files\AVG\AVG10\avgwdsvc.exe
11:04:54.0921 3376 avgwd - ok
11:04:54.0953 3376 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:04:54.0953 3376 Beep - ok
11:04:55.0171 3376 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
11:04:55.0171 3376 BITS - ok
11:04:55.0343 3376 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
11:04:55.0343 3376 Bonjour Service - ok
11:04:55.0421 3376 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
11:04:55.0421 3376 Browser - ok
11:04:55.0484 3376 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:04:55.0484 3376 cbidf2k - ok
11:04:55.0515 3376 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:04:55.0515 3376 CCDECODE - ok
11:04:55.0515 3376 cd20xrnt - ok
11:04:55.0546 3376 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:04:55.0546 3376 Cdaudio - ok
11:04:55.0718 3376 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:04:55.0718 3376 Cdfs - ok
11:04:55.0750 3376 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:04:55.0750 3376 Cdrom - ok
11:04:55.0765 3376 Changer - ok
11:04:55.0812 3376 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
11:04:55.0812 3376 CiSvc - ok
11:04:55.0875 3376 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
11:04:55.0875 3376 ClipSrv - ok
11:04:56.0078 3376 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:04:56.0093 3376 clr_optimization_v2.0.50727_32 - ok
11:04:56.0093 3376 CmdIde - ok
11:04:56.0093 3376 COMSysApp - ok
11:04:56.0109 3376 Cpqarray - ok
11:04:56.0140 3376 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
11:04:56.0140 3376 CryptSvc - ok
11:04:56.0156 3376 dac2w2k - ok
11:04:56.0156 3376 dac960nt - ok
11:04:56.0312 3376 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
11:04:56.0312 3376 DcomLaunch - ok
11:04:56.0406 3376 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
11:04:56.0406 3376 Dhcp - ok
11:04:56.0468 3376 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:04:56.0468 3376 Disk - ok
11:04:56.0468 3376 dmadmin - ok
11:04:56.0843 3376 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:04:56.0859 3376 dmboot - ok
11:04:56.0921 3376 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:04:56.0921 3376 dmio - ok
11:04:56.0953 3376 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:04:56.0953 3376 dmload - ok
11:04:57.0000 3376 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
11:04:57.0000 3376 dmserver - ok
11:04:57.0078 3376 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:04:57.0093 3376 DMusic - ok
11:04:57.0140 3376 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
11:04:57.0140 3376 Dnscache - ok
11:04:57.0312 3376 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
11:04:57.0312 3376 Dot3svc - ok
11:04:57.0312 3376 dpti2o - ok
11:04:57.0343 3376 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:04:57.0343 3376 drmkaud - ok
11:04:57.0468 3376 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
11:04:57.0468 3376 e1express - ok
11:04:57.0531 3376 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
11:04:57.0531 3376 EapHost - ok
11:04:57.0703 3376 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
11:04:57.0703 3376 ERSvc - ok
11:04:57.0750 3376 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:04:57.0750 3376 Eventlog - ok
11:04:57.0859 3376 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
11:04:57.0859 3376 EventSystem - ok
11:04:57.0921 3376 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:04:57.0921 3376 Fastfat - ok
11:04:57.0984 3376 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:04:57.0984 3376 FastUserSwitchingCompatibility - ok
11:04:58.0000 3376 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:04:58.0000 3376 Fdc - ok
11:04:58.0046 3376 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:04:58.0062 3376 Fips - ok
11:04:58.0375 3376 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:04:58.0375 3376 FLEXnet Licensing Service - ok
11:04:58.0390 3376 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:04:58.0390 3376 Flpydisk - ok
11:04:58.0484 3376 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:04:58.0484 3376 FltMgr - ok
11:04:58.0781 3376 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:04:58.0781 3376 FontCache3.0.0.0 - ok
11:04:58.0828 3376 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:04:58.0828 3376 Fs_Rec - ok
11:04:58.0890 3376 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:04:58.0890 3376 Ftdisk - ok
11:04:58.0937 3376 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:04:58.0937 3376 GEARAspiWDM - ok
11:04:58.0953 3376 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:04:58.0953 3376 Gpc - ok
11:04:59.0015 3376 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:04:59.0015 3376 HDAudBus - ok
11:04:59.0187 3376 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:04:59.0187 3376 helpsvc - ok
11:04:59.0218 3376 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
11:04:59.0218 3376 HidServ - ok
11:04:59.0234 3376 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:04:59.0234 3376 hidusb - ok
11:04:59.0281 3376 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
11:04:59.0281 3376 hkmsvc - ok
11:04:59.0281 3376 hpn - ok
11:04:59.0343 3376 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:04:59.0343 3376 HPZid412 - ok
11:04:59.0375 3376 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:04:59.0375 3376 HPZipr12 - ok
11:04:59.0390 3376 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:04:59.0390 3376 HPZius12 - ok
11:04:59.0531 3376 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:04:59.0531 3376 HTTP - ok
11:04:59.0703 3376 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
11:04:59.0703 3376 HTTPFilter - ok
11:04:59.0703 3376 i2omgmt - ok
11:04:59.0703 3376 i2omp - ok
11:04:59.0734 3376 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
11:04:59.0734 3376 i8042prt - ok
11:05:01.0828 3376 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
11:05:01.0859 3376 ialm - ok
11:05:02.0390 3376 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:05:02.0390 3376 idsvc - ok
11:05:02.0640 3376 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:05:02.0640 3376 Imapi - ok
11:05:02.0734 3376 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
11:05:02.0750 3376 ImapiService - ok
11:05:02.0750 3376 ini910u - ok
11:05:04.0218 3376 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:05:04.0250 3376 IntcAzAudAddService - ok
11:05:04.0468 3376 IntelIde - ok
11:05:04.0531 3376 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:05:04.0531 3376 intelppm - ok
11:05:04.0562 3376 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:05:04.0562 3376 Ip6Fw - ok
11:05:04.0640 3376 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:05:04.0640 3376 IpFilterDriver - ok
11:05:04.0656 3376 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:05:04.0656 3376 IpInIp - ok
11:05:04.0718 3376 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:05:04.0718 3376 IpNat - ok
11:05:05.0109 3376 iPod Service (9033d67b7112d23eded6789bacded128) C:\Program Files\iPod\bin\iPodService.exe
11:05:05.0109 3376 iPod Service - ok
11:05:05.0140 3376 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:05:05.0140 3376 IPSec - ok
11:05:05.0203 3376 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:05:05.0203 3376 IRENUM - ok
11:05:05.0234 3376 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:05:05.0250 3376 isapnp - ok
11:05:05.0375 3376 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
11:05:05.0375 3376 JavaQuickStarterService - ok
11:05:05.0593 3376 jswpsapi (40cbc82e0080eccc227399e503c05504) C:\Program Files\D-Link\RangeBooster G WUA-2340\JSWUtil\jswpsapi.exe
11:05:05.0593 3376 jswpsapi - ok
11:05:05.0671 3376 JSWSCIMD (335a35f4c6c3eee724201eafcd6ffc46) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
11:05:05.0671 3376 JSWSCIMD - ok
11:05:05.0687 3376 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:05:05.0687 3376 Kbdclass - ok
11:05:05.0703 3376 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:05:05.0703 3376 kbdhid - ok
11:05:05.0812 3376 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:05:05.0812 3376 kmixer - ok
11:05:05.0859 3376 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:05:05.0875 3376 KSecDD - ok
11:05:05.0937 3376 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
11:05:05.0937 3376 lanmanserver - ok
11:05:06.0031 3376 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
11:05:06.0031 3376 lanmanworkstation - ok
11:05:06.0046 3376 lbrtfdc - ok
11:05:06.0078 3376 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
11:05:06.0078 3376 LmHosts - ok
11:05:06.0109 3376 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
11:05:06.0109 3376 Messenger - ok
11:05:06.0281 3376 MFE_RR - ok
11:05:06.0328 3376 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:05:06.0328 3376 mnmdd - ok
11:05:06.0390 3376 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
11:05:06.0390 3376 mnmsrvc - ok
11:05:06.0453 3376 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:05:06.0453 3376 Modem - ok
11:05:06.0468 3376 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:05:06.0468 3376 Mouclass - ok
11:05:06.0515 3376 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:05:06.0515 3376 mouhid - ok
11:05:06.0531 3376 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:05:06.0531 3376 MountMgr - ok
11:05:06.0531 3376 mraid35x - ok
11:05:06.0593 3376 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:05:06.0593 3376 MRxDAV - ok
11:05:06.0781 3376 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:05:06.0781 3376 MRxSmb - ok
11:05:07.0046 3376 MSCamSvc (641199534871783dd74138fe0bcfdae7) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
11:05:07.0046 3376 MSCamSvc - ok
11:05:07.0093 3376 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
11:05:07.0093 3376 MSDTC - ok
11:05:07.0140 3376 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:05:07.0140 3376 Msfs - ok
11:05:07.0140 3376 MSIServer - ok
11:05:07.0187 3376 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:05:07.0187 3376 MSKSSRV - ok
11:05:07.0250 3376 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:05:07.0250 3376 MSPCLOCK - ok
11:05:07.0343 3376 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:05:07.0343 3376 MSPQM - ok
11:05:07.0421 3376 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:05:07.0421 3376 mssmbios - ok
11:05:07.0453 3376 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:05:07.0453 3376 MSTEE - ok
11:05:07.0500 3376 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:05:07.0500 3376 Mup - ok
11:05:07.0562 3376 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:05:07.0562 3376 NABTSFEC - ok
11:05:07.0687 3376 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
11:05:07.0703 3376 napagent - ok
11:05:07.0750 3376 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:05:07.0750 3376 NDIS - ok
11:05:07.0765 3376 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:05:07.0765 3376 NdisIP - ok
11:05:07.0812 3376 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:05:07.0812 3376 NdisTapi - ok
11:05:07.0859 3376 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:05:07.0859 3376 Ndisuio - ok
11:05:07.0890 3376 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:05:07.0890 3376 NdisWan - ok
11:05:07.0953 3376 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:05:07.0953 3376 NDProxy - ok
11:05:07.0984 3376 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:05:08.0000 3376 NetBIOS - ok
11:05:08.0078 3376 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:05:08.0078 3376 NetBT - ok
11:05:08.0156 3376 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:05:08.0156 3376 NetDDE - ok
11:05:08.0171 3376 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:05:08.0171 3376 NetDDEdsdm - ok
11:05:08.0203 3376 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:05:08.0203 3376 Netlogon - ok
11:05:08.0312 3376 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
11:05:08.0312 3376 Netman - ok
11:05:08.0531 3376 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:05:08.0546 3376 NetTcpPortSharing - ok
11:05:08.0656 3376 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
11:05:08.0656 3376 Nla - ok
11:05:08.0718 3376 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:05:08.0718 3376 Npfs - ok
11:05:08.0906 3376 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:05:08.0906 3376 Ntfs - ok
11:05:08.0906 3376 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:05:08.0906 3376 NtLmSsp - ok
11:05:09.0109 3376 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
11:05:09.0125 3376 NtmsSvc - ok
11:05:09.0156 3376 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:05:09.0156 3376 Null - ok
11:05:09.0218 3376 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:05:09.0218 3376 NwlnkFlt - ok
11:05:09.0234 3376 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:05:09.0234 3376 NwlnkFwd - ok
11:05:09.0546 3376 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:05:09.0546 3376 odserv - ok
11:05:09.0656 3376 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:05:09.0656 3376 ose - ok
11:05:09.0734 3376 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
11:05:09.0750 3376 Parport - ok
11:05:09.0750 3376 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:05:09.0750 3376 PartMgr - ok
11:05:09.0781 3376 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:05:09.0781 3376 ParVdm - ok
11:05:09.0812 3376 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:05:09.0812 3376 PCI - ok
11:05:09.0812 3376 PCIDump - ok
11:05:09.0828 3376 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:05:09.0828 3376 PCIIde - ok
11:05:09.0890 3376 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:05:09.0890 3376 Pcmcia - ok
11:05:09.0890 3376 PDCOMP - ok
11:05:09.0906 3376 PDFRAME - ok
11:05:09.0906 3376 PDRELI - ok
11:05:09.0906 3376 PDRFRAME - ok
11:05:09.0921 3376 perc2 - ok
11:05:09.0921 3376 perc2hib - ok
11:05:10.0000 3376 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:05:10.0000 3376 PlugPlay - ok
11:05:10.0062 3376 Pml Driver HPZ12 (a38b3ce68e7f126190cde4aa3fdf050f) C:\WINDOWS\system32\HPZipm12.exe
11:05:10.0062 3376 Pml Driver HPZ12 - ok
11:05:10.0093 3376 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:05:10.0093 3376 PolicyAgent - ok
11:05:10.0140 3376 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:05:10.0140 3376 PptpMiniport - ok
11:05:10.0140 3376 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:05:10.0156 3376 ProtectedStorage - ok
11:05:10.0250 3376 ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\WINDOWS\system32\PSIService.exe
11:05:10.0250 3376 ProtexisLicensing - ok
11:05:10.0281 3376 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:05:10.0281 3376 PSched - ok
11:05:10.0296 3376 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:05:10.0296 3376 Ptilink - ok
11:05:10.0328 3376 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:05:10.0343 3376 PxHelp20 - ok
11:05:10.0343 3376 ql1080 - ok
11:05:10.0343 3376 Ql10wnt - ok
11:05:10.0343 3376 ql12160 - ok
11:05:10.0359 3376 ql1240 - ok
11:05:10.0359 3376 ql1280 - ok
11:05:10.0375 3376 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:05:10.0375 3376 RasAcd - ok
11:05:10.0421 3376 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
11:05:10.0421 3376 RasAuto - ok
11:05:10.0468 3376 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:05:10.0468 3376 Rasl2tp - ok
11:05:10.0578 3376 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
11:05:10.0578 3376 RasMan - ok
11:05:10.0593 3376 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:05:10.0593 3376 RasPppoe - ok
11:05:10.0609 3376 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:05:10.0625 3376 Raspti - ok
11:05:10.0687 3376 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:05:10.0687 3376 Rdbss - ok
11:05:10.0687 3376 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:05:10.0687 3376 RDPCDD - ok
11:05:10.0781 3376 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
11:05:10.0781 3376 RDPWD - ok
11:05:10.0843 3376 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
11:05:10.0843 3376 RDSessMgr - ok
11:05:10.0890 3376 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:05:10.0890 3376 redbook - ok
11:05:10.0953 3376 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
11:05:10.0953 3376 RemoteAccess - ok
11:05:11.0015 3376 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
11:05:11.0015 3376 RpcLocator - ok
11:05:11.0187 3376 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
11:05:11.0203 3376 RpcSs - ok
11:05:11.0296 3376 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
11:05:11.0296 3376 RSVP - ok
11:05:11.0312 3376 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:05:11.0312 3376 SamSs - ok
11:05:11.0453 3376 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:05:11.0453 3376 SASDIFSV - ok
11:05:11.0484 3376 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
11:05:11.0484 3376 SASKUTIL - ok
11:05:11.0546 3376 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
11:05:11.0546 3376 SCardSvr - ok
11:05:11.0656 3376 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
11:05:11.0656 3376 Schedule - ok
11:05:11.0718 3376 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:05:11.0718 3376 Secdrv - ok
11:05:11.0781 3376 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
11:05:11.0781 3376 seclogon - ok
11:05:11.0812 3376 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
11:05:11.0812 3376 SENS - ok
11:05:11.0875 3376 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
11:05:11.0875 3376 Serial - ok
11:05:11.0890 3376 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:05:11.0890 3376 Sfloppy - ok
11:05:12.0062 3376 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
11:05:12.0062 3376 SharedAccess - ok
11:05:12.0156 3376 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:05:12.0156 3376 ShellHWDetection - ok
11:05:12.0156 3376 Simbad - ok
11:05:12.0234 3376 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:05:12.0234 3376 SLIP - ok
11:05:12.0265 3376 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
11:05:12.0265 3376 SONYPVU1 - ok
11:05:12.0265 3376 Sparrow - ok
11:05:12.0312 3376 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:05:12.0312 3376 splitter - ok
11:05:12.0359 3376 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
11:05:12.0359 3376 Spooler - ok
11:05:12.0484 3376 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:05:12.0484 3376 sr - ok
11:05:12.0687 3376 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
11:05:12.0687 3376 srservice - ok
11:05:12.0828 3376 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:05:12.0828 3376 Srv - ok
11:05:12.0859 3376 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
11:05:12.0859 3376 SSDPSRV - ok
11:05:12.0984 3376 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
11:05:12.0984 3376 stisvc - ok
11:05:13.0093 3376 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
11:05:13.0093 3376 stllssvr - ok
11:05:13.0140 3376 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:05:13.0140 3376 streamip - ok
11:05:13.0171 3376 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:05:13.0171 3376 swenum - ok
11:05:13.0187 3376 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:05:13.0203 3376 swmidi - ok
11:05:13.0203 3376 SwPrv - ok
11:05:13.0203 3376 symc810 - ok
11:05:13.0218 3376 symc8xx - ok
11:05:13.0218 3376 sym_hi - ok
11:05:13.0218 3376 sym_u3 - ok
11:05:13.0265 3376 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:05:13.0265 3376 sysaudio - ok
11:05:13.0328 3376 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
11:05:13.0328 3376 SysmonLog - ok
11:05:14.0281 3376 TabletServicePen (1d24fb5843047e3fa9a3d17be2c6e5b7) C:\WINDOWS\system32\Pen_Tablet.exe
11:05:14.0296 3376 TabletServicePen - ok
11:05:14.0609 3376 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
11:05:14.0609 3376 TapiSrv - ok
11:05:14.0796 3376 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:05:14.0796 3376 Tcpip - ok
11:05:14.0843 3376 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:05:14.0843 3376 TDPIPE - ok
11:05:14.0859 3376 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:05:14.0875 3376 TDTCP - ok
11:05:14.0921 3376 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:05:14.0921 3376 TermDD - ok
11:05:15.0062 3376 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
11:05:15.0062 3376 TermService - ok
11:05:15.0140 3376 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:05:15.0140 3376 Themes - ok
11:05:15.0156 3376 TosIde - ok
11:05:15.0234 3376 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
11:05:15.0234 3376 TrkWks - ok
11:05:15.0281 3376 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:05:15.0281 3376 Udfs - ok
11:05:15.0296 3376 ultra - ok
11:05:15.0453 3376 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:05:15.0453 3376 Update - ok
11:05:15.0562 3376 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
11:05:15.0562 3376 upnphost - ok
11:05:15.0625 3376 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
11:05:15.0625 3376 UPS - ok
11:05:15.0703 3376 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
11:05:15.0703 3376 USBAAPL - ok
11:05:15.0781 3376 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
11:05:15.0781 3376 usbaudio - ok
11:05:15.0843 3376 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:05:15.0843 3376 usbccgp - ok
11:05:15.0875 3376 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:05:15.0875 3376 usbehci - ok
11:05:15.0921 3376 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:05:15.0921 3376 usbhub - ok
11:05:15.0968 3376 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:05:15.0968 3376 usbprint - ok
11:05:16.0015 3376 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:05:16.0015 3376 usbscan - ok
11:05:16.0062 3376 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:05:16.0062 3376 USBSTOR - ok
11:05:16.0093 3376 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:05:16.0093 3376 usbuhci - ok
11:05:16.0109 3376 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:05:16.0109 3376 VgaSave - ok
11:05:16.0109 3376 ViaIde - ok
11:05:16.0187 3376 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:05:16.0187 3376 VolSnap - ok
11:05:16.0328 3376 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
11:05:16.0328 3376 VSS - ok
11:05:16.0765 3376 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
11:05:16.0765 3376 vToolbarUpdater10.2.0 - ok
11:05:17.0406 3376 VX3000 (13acfed0e6adca97440169dfd127ebcf) C:\WINDOWS\system32\DRIVERS\VX3000.sys
11:05:17.0421 3376 VX3000 - ok
11:05:17.0796 3376 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
11:05:17.0796 3376 W32Time - ok
11:05:17.0875 3376 wacmoumonitor (9a03558c37e919b9d6a50864aea0a168) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
11:05:17.0875 3376 wacmoumonitor - ok
11:05:17.0937 3376 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
11:05:17.0937 3376 wacommousefilter - ok
11:05:18.0000 3376 wacomvhid (d412d2cc82c3d469415758cab44875a4) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
11:05:18.0000 3376 wacomvhid - ok
11:05:18.0015 3376 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
11:05:18.0015 3376 WacomVKHid - ok
11:05:18.0062 3376 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:05:18.0062 3376 Wanarp - ok
11:05:18.0062 3376 WDICA - ok
11:05:18.0140 3376 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:05:18.0140 3376 wdmaud - ok
11:05:18.0203 3376 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
11:05:18.0203 3376 WebClient - ok
11:05:18.0265 3376 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe
11:05:18.0265 3376 WinDefend - ok
11:05:18.0359 3376 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:05:18.0359 3376 winmgmt - ok
11:05:18.0390 3376 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
11:05:18.0390 3376 WmdmPmSN - ok
11:05:18.0468 3376 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:05:18.0468 3376 WmiApSrv - ok
11:05:18.0859 3376 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
11:05:18.0875 3376 WMPNetworkSvc - ok
11:05:18.0953 3376 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
11:05:18.0953 3376 wscsvc - ok
11:05:19.0093 3376 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:05:19.0093 3376 WSTCODEC - ok
11:05:19.0125 3376 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
11:05:19.0125 3376 wuauserv - ok
11:05:19.0203 3376 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:05:19.0203 3376 WudfPf - ok
11:05:19.0265 3376 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:05:19.0265 3376 WudfRd - ok
11:05:19.0328 3376 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
11:05:19.0328 3376 WudfSvc - ok
11:05:19.0515 3376 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
11:05:19.0515 3376 WZCSVC - ok
11:05:19.0593 3376 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
11:05:19.0593 3376 xmlprov - ok
11:05:19.0609 3376 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:05:20.0109 3376 \Device\Harddisk0\DR0 - ok
11:05:20.0109 3376 Boot (0x1200) (b9ecf3597343bbe0bfb40ff770cd581e) \Device\Harddisk0\DR0\Partition0
11:05:20.0109 3376 \Device\Harddisk0\DR0\Partition0 - ok
11:05:20.0109 3376 ============================================================
11:05:20.0109 3376 Scan finished
11:05:20.0109 3376 ============================================================
11:05:20.0125 0972 Detected object count: 0
11:05:20.0125 0972 Actual detected object count: 0

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:08 PM

Posted 27 May 2012 - 05:28 AM

Hello, Himemiya.


Step 1



Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.



Step 2

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 Himemiya

Himemiya
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:08 PM

Posted 27 May 2012 - 07:07 PM

When I tried to run ComboFix everything seemed to be running fine until it got to the "Deleting Folders" Stage. It froze after it listed that it was deleting folders from "C:\WINDOWS\system32\Cache". It has been stuck there for several hours and I wanted to check to see if I should just manually restart the computer or not. Thanks!

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:08 PM

Posted 28 May 2012 - 10:38 AM

You can kill it...it shouldn't take that long. Please look for C:\combofix.txt and post it if it is there.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 Himemiya

Himemiya
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:08 PM

Posted 28 May 2012 - 10:52 AM

Tried it again and it worked this time. The internet disconnecting problem seems to have stopped but the computer is still lagging. When I restart the computer it seems to freeze up once it gets to the Windows startup screen and takes a long time to load now.

I have attatched the logs of both scans. Thank you!

Attached Files



#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:08 PM

Posted 29 May 2012 - 07:45 PM

Hi Himemiya,

Sorry for the delay...the time I can spend researching and helping others switches on work days versus weekends and holidays.

Nothing really untoward in those logs. It looks like TDSSKiller or your antivirus removed it. With that...when you boot into Safe Mode, does it load instantly or hang at that point?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 Himemiya

Himemiya
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:08 PM

Posted 30 May 2012 - 12:20 AM

No worries about the delay. I really appreciate your help. When I boot into Safe Mode it loads instantly. When I try to startup in normal mode it takes a good 10 minutes and it didn't start doing this until a couple of weeks ago. It used to load instantly.

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:08 PM

Posted 30 May 2012 - 07:32 PM

OK, let's diagnose it.

  • Click Start -> Run and type msconfig, and then click OK.
  • In the dialog box that opens, click the General tab, and then click Selective Startup.
  • Click to clear the Process SYSTEM.INI File check box.
  • Click to clear the Process WIN.INI File check box.
  • Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.
  • Click the Services tab.
  • Click to select the Hide All Microsoft Services check box.
  • Click Disable All, and then click OK.
  • When prompted, click Restart to restart the computer.
  • Reboot into Windows. Pay attention....does it boot up right away, or is it still slow?
  • You should receive a message that the startup was modified. Select the option to launch the System Configuration Utility then click OK. It should launch the same screen as the first step above. If not, follow the first step to open it.
  • Only do these sub bullet point if it still took 10 minutes to boot even after disabling those items:
    • Click the General tab, click to clear the Load System Services check box, and then click OK.
    • When you are prompted, click Restart to restart the computer. During the restart, see if it boots much faster or still takes 10 minutes.
  • If the first step booted quick, or after doing the subsection above if needed, follow these instruction to restore it back for now.
    • Click the General tab, click Normal Startup - load all device drivers and services, and then click OK.
    • When you are prompted, click Restart to restart the computer. It will boot slow, but we can then narrow it down.

Reply back and let me know if the first steps booted quicker, if you had to do the subsection because the first part didn't improve boot time and confirm that you restored it back to normal startup.

Based on your answers, that will tell us where to focus to find the culprit.

Edited by etavares, 30 May 2012 - 07:33 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 Himemiya

Himemiya
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:08 PM

Posted 30 May 2012 - 10:44 PM

With the first boot it still took a long time to load and when I had to do the subsection everything loaded much faster.

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:08 PM

Posted 31 May 2012 - 07:57 PM

Hello, Himemiya.

OK, with that, we'll start by looking for patched drivers.

Step 1

Try this please. You will need a blank USB flash drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net/downloads/driver.sh to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert back in your working computer and navigate to report.txt

    Please note - all text entries are case sensitive
Copy and paste the report.txt for my review

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:08 PM

Posted 30 June 2012 - 08:04 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users