Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by zero access


  • This topic is locked This topic is locked
40 replies to this topic

#1 Darkwood

Darkwood

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 24 May 2012 - 05:55 PM

HI!

I worked with narenxp over in this thread: http://www.bleepingcomputer.com/forums/topic454065.html

He told me what I'm infected with and sent me here for more help.

DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Robyn at 12:30:17 on 2012-05-24
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\wuojabxi\fbgvkehy.exe,
BHO: {0b0113e9-b5ec-4b74-b675-9ef64bff2464} - c:\windows\system32\wscui32.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
dRun: [AdobeUpdate] c:\documents and settings\robyn\application data\adobe\adobeupdate\Adobeupdt32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp psc 700 series\bin\hpobrt07.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264728278759
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1319130247109
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F54137C6-B863-49DB-ADA4-B0BD81AE7FB9} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\robyn\application data\mozilla\firefox\profiles\dezk9jia.default\
FF - component: c:\documents and settings\robyn\application data\mozilla\firefox\profiles\dezk9jia.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\robyn\application data\mozilla\firefox\profiles\dezk9jia.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\robyn\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\robyn\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\robyn\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-05-23 19:07:15 -------- d-----w- C:\edd8f0be92cdca469e20d3380b61
2012-05-23 00:09:58 85504 ----a-w- c:\windows\system32\mhn.dll
2012-05-23 00:04:09 -------- d-----w- c:\windows\system32\DLL Backup
2012-05-22 22:27:28 90112 ----a-w- c:\windows\DUMP7ed4.tmp
2012-05-20 19:47:54 -------- d-sh--w- C:\found.001
2012-05-18 22:14:10 -------- d-----w- c:\program files\ESET
2012-05-18 22:03:41 -------- d-----w- C:\45c9d4c7e1f78ebc12546b8f576e
2012-05-18 05:05:38 -------- d-----w- c:\documents and settings\robyn\application data\AVG2012
2012-05-18 05:04:09 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-05-18 05:03:13 -------- d-----w- c:\windows\system32\drivers\AVG
2012-05-18 05:03:13 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2012-05-17 23:50:19 -------- d-----w- c:\windows\pss
2012-05-17 22:02:14 3584 ----a-w- c:\windows\system32\regej.exe
2012-05-17 21:53:24 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-05-17 20:53:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-05-17 20:52:01 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-05-12 01:53:07 -------- d-----w- c:\documents and settings\robyn\local settings\application data\PCHealth
2012-05-09 03:11:22 4140192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-05-03 01:45:43 -------- d-sh--w- c:\documents and settings\robyn\IECompatCache
2012-05-03 00:59:28 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-25 16:13:08 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-25 16:13:02 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-04-25 16:13:02 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-05-09 03:11:24 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 11:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-26 17:00:41 112056 ----a-w- c:\windows\system32\acaptuser32.dll
2012-03-19 12:17:28 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 12:30:34.29 ===============


Thanks heaps!!!

Attached File  ark.txt   8.46KB   2 downloadsAttached File  attach.txt   11.05KB   0 downloads

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:40 AM

Posted 24 May 2012 - 07:41 PM

Hello Darkwood,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.




1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.



2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Darkwood

Darkwood
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 25 May 2012 - 12:17 PM

Thanks for your help fireman4it!

I did as you instructed. TDSSKiller ran, and I started combofix. Combofix confirmed that I was infected with Zeroaccess and went about it's business. It was taking a loooooong time, so I left it overnight. When I came back in the morning, there was a BSOD. Sorry, I didn't write it down. There is a "Combofix" in the root of the C: drive, but when I click on it, it is a shortcut to "My Computer". But I entered from the command prompt, and retrieved combofix.txt, which is incomplete. I think combofix needs to be re-run, but I thought I would not act on my own, and leave it for you to tell me.

Logs:

21:31:44.0774 2904 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
21:31:45.0508 2904 ============================================================
21:31:45.0508 2904 Current date / time: 2012/05/24 21:31:45.0508
21:31:45.0508 2904 SystemInfo:
21:31:45.0508 2904
21:31:45.0508 2904 OS Version: 5.1.2600 ServicePack: 3.0
21:31:45.0508 2904 Product type: Workstation
21:31:45.0508 2904 ComputerName: COMQRAP
21:31:45.0524 2904 UserName: Robyn
21:31:45.0524 2904 Windows directory: C:\WINDOWS
21:31:45.0524 2904 System windows directory: C:\WINDOWS
21:31:45.0524 2904 Processor architecture: Intel x86
21:31:45.0524 2904 Number of processors: 1
21:31:45.0524 2904 Page size: 0x1000
21:31:45.0524 2904 Boot type: Normal boot
21:31:45.0524 2904 ============================================================
21:31:46.0790 2904 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:31:46.0821 2904 Drive \Device\Harddisk1\DR10 - Size: 0xEFBFFE00 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:31:46.0837 2904 ============================================================
21:31:46.0837 2904 \Device\Harddisk0\DR0:
21:31:46.0837 2904 MBR partitions:
21:31:46.0837 2904 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF8F8C1
21:31:46.0837 2904 \Device\Harddisk1\DR10:
21:31:46.0837 2904 MBR partitions:
21:31:46.0837 2904 \Device\Harddisk1\DR10\Partition0: MBR, Type 0xB, StartLBA 0x26, BlocksNum 0x779FC2
21:31:46.0837 2904 ============================================================
21:31:46.0883 2904 C: <-> \Device\Harddisk0\DR0\Partition0
21:31:46.0883 2904 ============================================================
21:31:46.0883 2904 Initialize success
21:31:46.0883 2904 ============================================================
21:32:14.0680 0660 ============================================================
21:32:14.0680 0660 Scan started
21:32:14.0680 0660 Mode: Manual;
21:32:14.0680 0660 ============================================================
21:32:15.0071 0660 Abiosdsk - ok
21:32:15.0087 0660 abp480n5 - ok
21:32:15.0212 0660 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:32:15.0212 0660 ACPI - ok
21:32:15.0274 0660 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:32:15.0274 0660 ACPIEC - ok
21:32:15.0462 0660 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:32:15.0462 0660 AdobeFlashPlayerUpdateSvc - ok
21:32:15.0477 0660 adpu160m - ok
21:32:15.0555 0660 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:32:15.0571 0660 aec - ok
21:32:15.0649 0660 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:32:15.0649 0660 AFD - ok
21:32:15.0727 0660 AgereModemAudio (6416f9b6b220f0a890525c38235afad7) C:\Program Files\LSI SoftModem\agrsmsvc.exe
21:32:15.0743 0660 AgereModemAudio - ok
21:32:16.0087 0660 AgereSoftModem (7560f465f1ce69c53bf17559ee195548) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
21:32:16.0102 0660 AgereSoftModem - ok
21:32:16.0118 0660 Aha154x - ok
21:32:16.0133 0660 aic78u2 - ok
21:32:16.0149 0660 aic78xx - ok
21:32:16.0196 0660 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:32:16.0196 0660 Alerter - ok
21:32:16.0243 0660 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:32:16.0258 0660 ALG - ok
21:32:16.0274 0660 AliIde - ok
21:32:16.0337 0660 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
21:32:16.0337 0660 AmdPPM - ok
21:32:16.0337 0660 amsint - ok
21:32:16.0462 0660 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:32:16.0477 0660 Apple Mobile Device - ok
21:32:16.0555 0660 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
21:32:16.0571 0660 AppMgmt - ok
21:32:16.0571 0660 asc - ok
21:32:16.0587 0660 asc3350p - ok
21:32:16.0602 0660 asc3550 - ok
21:32:17.0165 0660 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:32:17.0165 0660 aspnet_state - ok
21:32:17.0243 0660 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:32:17.0243 0660 AsyncMac - ok
21:32:17.0321 0660 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:32:17.0321 0660 atapi - ok
21:32:17.0337 0660 Atdisk - ok
21:32:17.0415 0660 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:32:17.0415 0660 Atmarpc - ok
21:32:17.0477 0660 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:32:17.0493 0660 AudioSrv - ok
21:32:17.0540 0660 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:32:17.0540 0660 audstub - ok
21:32:18.0962 0660 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\avgidsagent.exe
21:32:20.0274 0660 AVGIDSAgent - ok
21:32:20.0555 0660 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
21:32:20.0571 0660 AVGIDSDriver - ok
21:32:20.0618 0660 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
21:32:20.0618 0660 AVGIDSFilter - ok
21:32:20.0665 0660 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
21:32:20.0665 0660 AVGIDSHX - ok
21:32:20.0727 0660 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
21:32:20.0727 0660 AVGIDSShim - ok
21:32:20.0852 0660 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
21:32:20.0852 0660 Avgldx86 - ok
21:32:20.0899 0660 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
21:32:20.0899 0660 Avgmfx86 - ok
21:32:20.0915 0660 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
21:32:20.0915 0660 Avgrkx86 - ok
21:32:21.0008 0660 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
21:32:21.0024 0660 Avgtdix - ok
21:32:21.0196 0660 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
21:32:21.0243 0660 avgwd - ok
21:32:21.0290 0660 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:32:21.0290 0660 Beep - ok
21:32:21.0446 0660 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:32:21.0462 0660 BITS - ok
21:32:21.0633 0660 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:32:21.0633 0660 Bonjour Service - ok
21:32:21.0712 0660 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:32:21.0727 0660 Browser - ok
21:32:21.0790 0660 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:32:21.0790 0660 cbidf2k - ok
21:32:21.0852 0660 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:32:21.0852 0660 CCDECODE - ok
21:32:21.0868 0660 cd20xrnt - ok
21:32:21.0930 0660 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:32:21.0930 0660 Cdaudio - ok
21:32:21.0993 0660 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:32:21.0993 0660 Cdfs - ok
21:32:22.0055 0660 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:32:22.0055 0660 Cdrom - ok
21:32:22.0071 0660 Changer - ok
21:32:22.0133 0660 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:32:22.0133 0660 CiSvc - ok
21:32:22.0180 0660 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:32:22.0180 0660 ClipSrv - ok
21:32:22.0337 0660 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:32:22.0352 0660 clr_optimization_v2.0.50727_32 - ok
21:32:22.0368 0660 CmdIde - ok
21:32:22.0383 0660 COMSysApp - ok
21:32:22.0399 0660 Cpqarray - ok
21:32:22.0477 0660 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:32:22.0477 0660 CryptSvc - ok
21:32:22.0493 0660 dac2w2k - ok
21:32:22.0508 0660 dac960nt - ok
21:32:22.0649 0660 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:32:22.0665 0660 DcomLaunch - ok
21:32:22.0743 0660 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:32:22.0743 0660 Dhcp - ok
21:32:22.0805 0660 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:32:22.0805 0660 Disk - ok
21:32:22.0821 0660 dmadmin - ok
21:32:23.0087 0660 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:32:23.0087 0660 dmboot - ok
21:32:23.0212 0660 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:32:23.0212 0660 dmio - ok
21:32:23.0305 0660 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:32:23.0305 0660 dmload - ok
21:32:23.0352 0660 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:32:23.0352 0660 dmserver - ok
21:32:23.0399 0660 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:32:23.0399 0660 DMusic - ok
21:32:23.0462 0660 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
21:32:23.0462 0660 Dnscache - ok
21:32:23.0540 0660 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:32:23.0587 0660 Dot3svc - ok
21:32:23.0696 0660 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
21:32:23.0712 0660 dot4 - ok
21:32:23.0774 0660 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
21:32:23.0774 0660 Dot4Print - ok
21:32:23.0852 0660 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
21:32:23.0852 0660 Dot4Scan - ok
21:32:23.0883 0660 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
21:32:23.0883 0660 dot4usb - ok
21:32:23.0899 0660 dpti2o - ok
21:32:23.0946 0660 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:32:23.0946 0660 drmkaud - ok
21:32:24.0008 0660 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:32:24.0008 0660 EapHost - ok
21:32:24.0055 0660 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:32:24.0055 0660 ERSvc - ok
21:32:24.0149 0660 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:32:24.0149 0660 Eventlog - ok
21:32:24.0243 0660 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
21:32:24.0258 0660 EventSystem - ok
21:32:24.0337 0660 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:32:24.0337 0660 Fastfat - ok
21:32:24.0415 0660 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:32:24.0430 0660 FastUserSwitchingCompatibility - ok
21:32:24.0493 0660 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:32:24.0493 0660 Fdc - ok
21:32:24.0540 0660 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:32:24.0540 0660 Fips - ok
21:32:24.0571 0660 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:32:24.0571 0660 Flpydisk - ok
21:32:24.0649 0660 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:32:24.0649 0660 FltMgr - ok
21:32:24.0790 0660 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:32:24.0805 0660 FontCache3.0.0.0 - ok
21:32:24.0852 0660 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:32:24.0852 0660 Fs_Rec - ok
21:32:24.0930 0660 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:32:24.0930 0660 Ftdisk - ok
21:32:24.0977 0660 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:32:24.0977 0660 GEARAspiWDM - ok
21:32:25.0040 0660 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:32:25.0040 0660 Gpc - ok
21:32:25.0133 0660 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:32:25.0133 0660 HDAudBus - ok
21:32:25.0227 0660 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:32:25.0227 0660 helpsvc - ok
21:32:25.0290 0660 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
21:32:25.0290 0660 HidServ - ok
21:32:25.0337 0660 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:32:25.0337 0660 HidUsb - ok
21:32:25.0399 0660 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:32:25.0415 0660 hkmsvc - ok
21:32:25.0430 0660 hpn - ok
21:32:25.0555 0660 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:32:25.0555 0660 HTTP - ok
21:32:25.0618 0660 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:32:25.0618 0660 HTTPFilter - ok
21:32:25.0633 0660 i2omgmt - ok
21:32:25.0649 0660 i2omp - ok
21:32:25.0712 0660 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:32:25.0712 0660 i8042prt - ok
21:32:26.0040 0660 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:32:26.0321 0660 idsvc - ok
21:32:26.0337 0660 idtvvtrh - ok
21:32:26.0399 0660 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:32:26.0399 0660 Imapi - ok
21:32:26.0493 0660 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:32:26.0540 0660 ImapiService - ok
21:32:26.0555 0660 ini910u - ok
21:32:27.0962 0660 IntcAzAudAddService (14b48553be78472d2bd3a518658a1710) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:32:28.0008 0660 IntcAzAudAddService - ok
21:32:28.0243 0660 IntelIde - ok
21:32:28.0305 0660 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:32:28.0305 0660 Ip6Fw - ok
21:32:28.0399 0660 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:32:28.0399 0660 IpFilterDriver - ok
21:32:28.0446 0660 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:32:28.0446 0660 IpInIp - ok
21:32:28.0555 0660 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:32:28.0555 0660 IpNat - ok
21:32:28.0852 0660 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
21:32:29.0055 0660 iPod Service - ok
21:32:29.0118 0660 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:32:29.0118 0660 IPSec - ok
21:32:29.0212 0660 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:32:29.0212 0660 IRENUM - ok
21:32:29.0274 0660 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:32:29.0274 0660 isapnp - ok
21:32:29.0383 0660 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
21:32:29.0430 0660 JavaQuickStarterService - ok
21:32:29.0477 0660 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:32:29.0477 0660 Kbdclass - ok
21:32:29.0540 0660 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:32:29.0540 0660 kbdhid - ok
21:32:29.0618 0660 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:32:29.0633 0660 kmixer - ok
21:32:29.0696 0660 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:32:29.0696 0660 KSecDD - ok
21:32:29.0774 0660 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:32:29.0790 0660 LanmanServer - ok
21:32:29.0868 0660 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:32:29.0883 0660 lanmanworkstation - ok
21:32:29.0899 0660 lbrtfdc - ok
21:32:29.0977 0660 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:32:29.0977 0660 LmHosts - ok
21:32:30.0024 0660 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
21:32:30.0024 0660 MBAMProtector - ok
21:32:30.0274 0660 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:32:30.0462 0660 MBAMService - ok
21:32:30.0524 0660 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:32:30.0540 0660 Messenger - ok
21:32:30.0571 0660 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:32:30.0571 0660 mnmdd - ok
21:32:30.0633 0660 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
21:32:30.0649 0660 mnmsrvc - ok
21:32:30.0712 0660 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:32:30.0712 0660 Modem - ok
21:32:30.0743 0660 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:32:30.0743 0660 Mouclass - ok
21:32:30.0805 0660 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:32:30.0805 0660 mouhid - ok
21:32:30.0883 0660 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:32:30.0883 0660 MountMgr - ok
21:32:30.0993 0660 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:32:31.0040 0660 MozillaMaintenance - ok
21:32:31.0055 0660 mraid35x - ok
21:32:31.0133 0660 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:32:31.0149 0660 MRxDAV - ok
21:32:31.0321 0660 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:32:31.0337 0660 MRxSmb - ok
21:32:31.0368 0660 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
21:32:31.0368 0660 MSDTC - ok
21:32:31.0415 0660 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:32:31.0415 0660 Msfs - ok
21:32:31.0430 0660 MSIServer - ok
21:32:31.0493 0660 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:32:31.0493 0660 MSKSSRV - ok
21:32:31.0524 0660 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:32:31.0524 0660 MSPCLOCK - ok
21:32:31.0587 0660 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:32:31.0587 0660 MSPQM - ok
21:32:31.0649 0660 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:32:31.0649 0660 mssmbios - ok
21:32:31.0712 0660 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:32:31.0727 0660 MSTEE - ok
21:32:31.0805 0660 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:32:31.0805 0660 Mup - ok
21:32:31.0868 0660 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:32:31.0883 0660 NABTSFEC - ok
21:32:32.0008 0660 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:32:32.0102 0660 napagent - ok
21:32:32.0180 0660 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:32:32.0180 0660 NDIS - ok
21:32:32.0227 0660 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:32:32.0227 0660 NdisIP - ok
21:32:32.0290 0660 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:32:32.0290 0660 NdisTapi - ok
21:32:32.0352 0660 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:32:32.0352 0660 Ndisuio - ok
21:32:32.0430 0660 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:32:32.0430 0660 NdisWan - ok
21:32:32.0493 0660 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:32:32.0493 0660 NDProxy - ok
21:32:32.0555 0660 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:32:32.0555 0660 NetBIOS - ok
21:32:32.0618 0660 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:32:32.0618 0660 NetBT - ok
21:32:32.0696 0660 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:32:32.0727 0660 NetDDE - ok
21:32:32.0743 0660 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:32:32.0743 0660 NetDDEdsdm - ok
21:32:32.0790 0660 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:32:32.0790 0660 Netlogon - ok
21:32:32.0883 0660 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:32:32.0883 0660 Netman - ok
21:32:33.0040 0660 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:32:33.0071 0660 NetTcpPortSharing - ok
21:32:33.0196 0660 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
21:32:33.0212 0660 Nla - ok
21:32:33.0305 0660 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys
21:32:33.0305 0660 NPF - ok
21:32:33.0352 0660 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:32:33.0352 0660 Npfs - ok
21:32:33.0540 0660 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:32:33.0555 0660 Ntfs - ok
21:32:33.0571 0660 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:32:33.0571 0660 NtLmSsp - ok
21:32:33.0727 0660 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:32:33.0852 0660 NtmsSvc - ok
21:32:33.0899 0660 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:32:33.0899 0660 Null - ok
21:32:34.0899 0660 nv (642a87877f83313eb5302749cd479024) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:32:34.0946 0660 nv - ok
21:32:35.0196 0660 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
21:32:35.0196 0660 NVENETFD - ok
21:32:35.0258 0660 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
21:32:35.0258 0660 nvnetbus - ok
21:32:35.0352 0660 NVSvc (b0903c021bfcd6055c053a569ef98aef) C:\WINDOWS\system32\nvsvc32.exe
21:32:35.0383 0660 NVSvc - ok
21:32:35.0446 0660 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:32:35.0446 0660 NwlnkFlt - ok
21:32:35.0477 0660 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:32:35.0477 0660 NwlnkFwd - ok
21:32:35.0555 0660 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
21:32:35.0555 0660 Parport - ok
21:32:35.0602 0660 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:32:35.0602 0660 PartMgr - ok
21:32:35.0665 0660 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:32:35.0665 0660 ParVdm - ok
21:32:35.0743 0660 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:32:35.0743 0660 PCI - ok
21:32:35.0758 0660 PCIDump - ok
21:32:35.0805 0660 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:32:35.0805 0660 PCIIde - ok
21:32:35.0915 0660 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:32:35.0915 0660 Pcmcia - ok
21:32:35.0930 0660 PDCOMP - ok
21:32:35.0946 0660 PDFRAME - ok
21:32:35.0962 0660 PDRELI - ok
21:32:35.0977 0660 PDRFRAME - ok
21:32:35.0993 0660 perc2 - ok
21:32:36.0008 0660 perc2hib - ok
21:32:36.0118 0660 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:32:36.0118 0660 PlugPlay - ok
21:32:36.0180 0660 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:32:36.0180 0660 PolicyAgent - ok
21:32:36.0258 0660 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:32:36.0258 0660 PptpMiniport - ok
21:32:36.0321 0660 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
21:32:36.0321 0660 Processor - ok
21:32:36.0337 0660 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:32:36.0337 0660 ProtectedStorage - ok
21:32:36.0383 0660 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:32:36.0383 0660 PSched - ok
21:32:36.0430 0660 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:32:36.0430 0660 Ptilink - ok
21:32:36.0446 0660 ql1080 - ok
21:32:36.0446 0660 Ql10wnt - ok
21:32:36.0462 0660 ql12160 - ok
21:32:36.0477 0660 ql1240 - ok
21:32:36.0493 0660 ql1280 - ok
21:32:36.0555 0660 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:32:36.0555 0660 RasAcd - ok
21:32:36.0618 0660 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:32:36.0649 0660 RasAuto - ok
21:32:36.0712 0660 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:32:36.0712 0660 Rasl2tp - ok
21:32:36.0790 0660 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:32:36.0837 0660 RasMan - ok
21:32:36.0868 0660 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:32:36.0868 0660 RasPppoe - ok
21:32:36.0883 0660 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:32:36.0883 0660 Raspti - ok
21:32:36.0977 0660 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:32:36.0977 0660 Rdbss - ok
21:32:36.0993 0660 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:32:36.0993 0660 RDPCDD - ok
21:32:37.0087 0660 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
21:32:37.0087 0660 RDPWD - ok
21:32:37.0212 0660 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:32:37.0243 0660 RDSessMgr - ok
21:32:37.0305 0660 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:32:37.0305 0660 redbook - ok
21:32:37.0352 0660 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:32:37.0368 0660 RemoteAccess - ok
21:32:37.0430 0660 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
21:32:37.0446 0660 RpcLocator - ok
21:32:37.0602 0660 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:32:37.0602 0660 RpcSs - ok
21:32:37.0696 0660 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:32:37.0743 0660 RSVP - ok
21:32:37.0790 0660 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:32:37.0790 0660 SamSs - ok
21:32:37.0868 0660 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:32:37.0899 0660 SCardSvr - ok
21:32:37.0993 0660 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:32:38.0055 0660 Schedule - ok
21:32:38.0118 0660 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:32:38.0118 0660 Secdrv - ok
21:32:38.0196 0660 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:32:38.0212 0660 seclogon - ok
21:32:38.0227 0660 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
21:32:38.0258 0660 SENS - ok
21:32:38.0477 0660 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
21:32:38.0477 0660 Serial - ok
21:32:38.0540 0660 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:32:38.0540 0660 Sfloppy - ok
21:32:38.0665 0660 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
21:32:38.0680 0660 SharedAccess - ok
21:32:38.0758 0660 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:32:38.0758 0660 ShellHWDetection - ok
21:32:38.0774 0660 Simbad - ok
21:32:38.0883 0660 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
21:32:38.0883 0660 SkypeUpdate - ok
21:32:38.0946 0660 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:32:38.0946 0660 SLIP - ok
21:32:38.0962 0660 Sparrow - ok
21:32:39.0024 0660 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:32:39.0024 0660 splitter - ok
21:32:39.0087 0660 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:32:39.0087 0660 Spooler - ok
21:32:39.0180 0660 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:32:39.0180 0660 sr - ok
21:32:39.0258 0660 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:32:39.0274 0660 srservice - ok
21:32:39.0399 0660 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:32:39.0415 0660 Srv - ok
21:32:39.0477 0660 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:32:39.0493 0660 SSDPSRV - ok
21:32:39.0540 0660 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
21:32:39.0540 0660 StillCam - ok
21:32:39.0680 0660 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:32:39.0790 0660 stisvc - ok
21:32:39.0868 0660 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:32:39.0868 0660 streamip - ok
21:32:39.0946 0660 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:32:39.0946 0660 swenum - ok
21:32:40.0008 0660 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:32:40.0008 0660 swmidi - ok
21:32:40.0024 0660 SwPrv - ok
21:32:40.0040 0660 symc810 - ok
21:32:40.0055 0660 symc8xx - ok
21:32:40.0071 0660 sym_hi - ok
21:32:40.0087 0660 sym_u3 - ok
21:32:40.0165 0660 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:32:40.0165 0660 sysaudio - ok
21:32:40.0243 0660 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:32:40.0274 0660 SysmonLog - ok
21:32:40.0352 0660 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:32:40.0446 0660 TapiSrv - ok
21:32:40.0602 0660 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:32:40.0602 0660 Tcpip - ok
21:32:40.0649 0660 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:32:40.0649 0660 TDPIPE - ok
21:32:40.0680 0660 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:32:40.0680 0660 TDTCP - ok
21:32:40.0758 0660 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:32:40.0758 0660 TermDD - ok
21:32:40.0883 0660 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:32:40.0883 0660 TermService - ok
21:32:40.0962 0660 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:32:40.0962 0660 Themes - ok
21:32:40.0977 0660 TosIde - ok
21:32:41.0055 0660 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:32:41.0087 0660 TrkWks - ok
21:32:41.0180 0660 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:32:41.0180 0660 Udfs - ok
21:32:41.0196 0660 ultra - ok
21:32:41.0321 0660 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:32:41.0321 0660 Update - ok
21:32:41.0399 0660 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:32:41.0493 0660 upnphost - ok
21:32:41.0540 0660 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:32:41.0555 0660 UPS - ok
21:32:41.0633 0660 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:32:41.0633 0660 USBAAPL - ok
21:32:41.0712 0660 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:32:41.0712 0660 usbaudio - ok
21:32:41.0758 0660 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:32:41.0774 0660 usbccgp - ok
21:32:41.0821 0660 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:32:41.0821 0660 usbehci - ok
21:32:41.0883 0660 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:32:41.0883 0660 usbhub - ok
21:32:41.0899 0660 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:32:41.0899 0660 usbohci - ok
21:32:41.0977 0660 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:32:41.0977 0660 usbprint - ok
21:32:42.0040 0660 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:32:42.0040 0660 usbscan - ok
21:32:42.0087 0660 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:32:42.0087 0660 USBSTOR - ok
21:32:42.0180 0660 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:32:42.0180 0660 usbvideo - ok
21:32:42.0243 0660 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:32:42.0243 0660 VgaSave - ok
21:32:42.0258 0660 ViaIde - ok
21:32:42.0305 0660 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:32:42.0305 0660 VolSnap - ok
21:32:42.0446 0660 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:32:42.0524 0660 VSS - ok
21:32:42.0618 0660 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
21:32:42.0665 0660 W32Time - ok
21:32:42.0727 0660 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:32:42.0727 0660 Wanarp - ok
21:32:42.0743 0660 WDICA - ok
21:32:42.0821 0660 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:32:42.0821 0660 wdmaud - ok
21:32:42.0883 0660 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:32:42.0899 0660 WebClient - ok
21:32:43.0040 0660 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:32:43.0040 0660 winmgmt - ok
21:32:43.0118 0660 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:32:43.0118 0660 WmdmPmSN - ok
21:32:43.0243 0660 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:32:43.0243 0660 WmiApSrv - ok
21:32:43.0602 0660 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:32:43.0837 0660 WMPNetworkSvc - ok
21:32:43.0899 0660 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
21:32:43.0915 0660 wscsvc - ok
21:32:43.0993 0660 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:32:43.0993 0660 WSTCODEC - ok
21:32:44.0055 0660 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
21:32:44.0055 0660 wuauserv - ok
21:32:44.0149 0660 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:32:44.0149 0660 WudfPf - ok
21:32:44.0196 0660 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:32:44.0196 0660 WudfRd - ok
21:32:44.0243 0660 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:32:44.0258 0660 WudfSvc - ok
21:32:44.0430 0660 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:32:44.0446 0660 WZCSVC - ok
21:32:44.0508 0660 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:32:44.0524 0660 xmlprov - ok
21:32:44.0571 0660 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:32:44.0977 0660 \Device\Harddisk0\DR0 - ok
21:32:44.0993 0660 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR10
21:32:45.0008 0660 \Device\Harddisk1\DR10 - ok
21:32:45.0040 0660 Boot (0x1200) (08ee772c61b9e053912b71c9147f4a56) \Device\Harddisk0\DR0\Partition0
21:32:45.0040 0660 \Device\Harddisk0\DR0\Partition0 - ok
21:32:45.0040 0660 Boot (0x1200) (94bd224d85e9403f1661f149f51fbb3f) \Device\Harddisk1\DR10\Partition0
21:32:45.0055 0660 \Device\Harddisk1\DR10\Partition0 - ok
21:32:45.0055 0660 ============================================================
21:32:45.0055 0660 Scan finished
21:32:45.0055 0660 ============================================================
21:32:45.0071 2604 Detected object count: 0
21:32:45.0071 2604 Actual detected object count: 0
21:34:05.0555 3684 Deinitialize success


ComboFix 12-05-24.03 - Robyn 05/24/2012 21:47:54.1.1 - x86
Running from: C:\Documents and Settings\Robyn\Desktop\ComboFix.exe



That's it....

Thanks again for your help.

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:40 AM

Posted 25 May 2012 - 05:26 PM

Hello,

Yes please re run Combofix. You may need to delete the copy you have and download a fresh copy. Don't leave the machine unattented.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:40 AM

Posted 27 May 2012 - 11:56 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 Darkwood

Darkwood
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 28 May 2012 - 12:20 PM

Yes, I am still here. It's just really hard for me to get time on weekends.

I have had many problems attempting to run combofix.

I ran it & it said there was a new version and asked if I would like to download it. I said yes. After it installed it said that the install was corrupted and said I might have another virus. It said I should download a clean version & run it again. I did.

It hung during the install, and I had to re-boot.

Then I got a box saying:

Error Decompressing Data!
Corrupted Installer?
and an OK box, that teminated the install.

So I re-booted & tried again, and got the message:
"Freeware implimentation of REG.EXE encountered a problem and needs to close. Send error report?"

Then "The system is shutting down. Windows must now restart because the Remopte Procedure Call System (RPC) terminated unexpectedly" with a count down timer to restart. After the time ran out & the box disappeared, I restared manually & tried again.

During the install, I got the message
"Error opening file for writing:
C:\32788R22FW\license\mtee.txt"

And for another file, then the info box:

Error Win32 Only

Incompatible OS. ... Only works on 2000 & XP

But this is XP....

Sounds like something doesn't want me running combofix. Perhaps safe mode?

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:40 AM

Posted 28 May 2012 - 12:59 PM

Hello,

Delete the copy you have then download a fresh copy and do the following. Also make sure to try and run it in Safemode.

Download and Rename Combofix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below. You must rename it 1234.scr before saving it to your desktop.

Link 1
Link 2


Posted Image


Posted Image
--------------------------------------------------------------------
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on 1234.scr & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 Darkwood

Darkwood
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 29 May 2012 - 12:40 PM

I tried running the renamed combofix a couple of times in safe mode. I continue to get BSOD's. One was a IRQL_NOT_LESS_OR_EQUAL and the other was with KS.SYS PAGE_FAULT_IN_NON_PAGE_AREA.

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:40 AM

Posted 29 May 2012 - 01:30 PM

Hello,

We will try another method.


1.
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 Darkwood

Darkwood
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 29 May 2012 - 02:03 PM

Thanks for your ongoing help with this!!

RogueKiller V7.5.1 [05/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Robyn [Admin rights]
Mode: Scan -- Date: 05/29/2012 12:00:06

Bad processes: 0

Registry Entries: 6
[SUSP PATH] HKUS\.DEFAULT[...]\Run : AdobeUpdate (C:\Documents and Settings\Robyn\Application Data\Adobe\AdobeUpdate\Adobeupdt32.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-18[...]\Run : AdobeUpdate (C:\Documents and Settings\Robyn\Application Data\Adobe\AdobeUpdate\Adobeupdt32.exe) -> FOUND
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[] HKLM\[...]\Windows : () -> ACCESS DENIED

Particular Files / Folders:
[FOLDER] plugs : c:\documents and settings\robyn\application data\adobe\plugs --> FOUND
[FOLDER] shed : c:\documents and settings\robyn\application data\adobe\shed --> FOUND

Driver: [LOADED]
SSDT[111] : NtNotifyChangeKey @ 0x8061CDD0 -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0xB0595004)
SSDT[112] : NtNotifyChangeMultipleKeys @ 0x8061BA04 -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0xB05950D4)
SSDT[122] : NtOpenProcess @ 0x805C13E2 -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0xB0594D76)
SSDT[257] : NtTerminateProcess @ 0x805C866A -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0xB0594E1E)
SSDT[258] : NtTerminateThread @ 0x805C8864 -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0xB0594EBA)
SSDT[277] : NtWriteVirtualMemory @ 0x805A994E -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0xB0594F56)
S_SSDT[383] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0xB059559E)
S_SSDT[414] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0xB059550A)
S_SSDT[416] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0xB059554A)
S_SSDT[549] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0xB059549C)

Infection :

HOSTS File:


MBR Check:

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 3e668aefffea284b40d24b9213277630
[BSP] 02be4e29c13ca98116e57d99b53da0e6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114463 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] f9fea5fa2c02941e7b8826eb1f747bd8
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 38 | Size: 3827 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:40 AM

Posted 29 May 2012 - 02:38 PM

1.
Uninstall Combofix
  • Make sure that Combofix.exe that you downloaded is on your Desktop but Do not run it!
    o *If it is not on your Desktop, the below will not work.
  • Click on Posted Image then Run....
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    Posted Image

    <Notice the space between the "x" and "/".> <--- It needs to be there
    Windows Vista users: Press the Windows Key + R to bring the Run... Command and then from there you can add in the Combofix /Uninstall

  • Please advise if this step is missed for any reason as it performs some important actions:
    "This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
    It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore".

2.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


3.
  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    c:\windows\*. /SL
    c:\windows\*. /RP 
    netsvcs
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav 
    %systemroot%\system32\drivers\*.sys /90
    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized


Things to include in your next reply::
MBAM log
OTl.txt
Extra.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 Darkwood

Darkwood
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 30 May 2012 - 02:32 PM

MBAM blue screens during scan, and OTL terminates (send report yes/no).

#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:40 AM

Posted 30 May 2012 - 07:12 PM

Hello,

Please try both of them again in Safemode.

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.
Please see here for additional details.

Edited by fireman4it, 30 May 2012 - 07:12 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 Darkwood

Darkwood
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 31 May 2012 - 12:42 AM

Thanks again for all your help fireman4it!

I am sad to report that it is the same in safe mode without networking.

MBAM blue screens during the scan and OTL terminates & wants to send the data to Microsoft.

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:40 AM

Posted 31 May 2012 - 02:41 PM

Are you able to burn CD's and have a USB Flash Drive?

Edited by fireman4it, 31 May 2012 - 02:42 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users