Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Audio Ads Playing In Background


  • Please log in to reply
3 replies to this topic

#1 bannabop

bannabop

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 24 May 2012 - 11:54 PM

I am fixing my friends laptop. He had some issues that were resolved using Malware Anti-Malware Bytes as his computer was completly unprocted before. He also had browser redirects that were fixed with Hijack this. However, after resolving those issues he still has a strange problem. Random audio ads will play even when there is nothing open. I thought it was maybe simply a problem with Google Chrome but it still happens when Chrome is not open. Is there any way to resolve this?

I actually just ran a MAMB scan. The last time I did so there were 0 objects infected this time there were six. I allowed MAMB to fix them. I have the log saved if posting it is required.

Edited by bannabop, 25 May 2012 - 12:00 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:19 PM

Posted 25 May 2012 - 10:57 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 bannabop

bannabop
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 27 May 2012 - 11:47 PM

22:48:30.0859 0332 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
22:48:31.0311 0332 ============================================================
22:48:31.0311 0332 Current date / time: 2012/05/27 22:48:31.0311
22:48:31.0311 0332 SystemInfo:
22:48:31.0311 0332
22:48:31.0311 0332 OS Version: 6.0.6002 ServicePack: 2.0
22:48:31.0311 0332 Product type: Workstation
22:48:31.0311 0332 ComputerName: USER-PC
22:48:31.0311 0332 UserName: user
22:48:31.0311 0332 Windows directory: C:\Windows
22:48:31.0311 0332 System windows directory: C:\Windows
22:48:31.0311 0332 Processor architecture: Intel x86
22:48:31.0311 0332 Number of processors: 2
22:48:31.0311 0332 Page size: 0x1000
22:48:31.0311 0332 Boot type: Normal boot
22:48:31.0311 0332 ============================================================
22:48:31.0795 0332 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:48:31.0795 0332 ============================================================
22:48:31.0795 0332 \Device\Harddisk0\DR0:
22:48:31.0795 0332 MBR partitions:
22:48:31.0795 0332 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1B869800
22:48:31.0795 0332 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BB58000, BlocksNum 0xBC2000
22:48:31.0795 0332 ============================================================
22:48:31.0826 0332 C: <-> \Device\Harddisk0\DR0\Partition0
22:48:31.0873 0332 D: <-> \Device\Harddisk0\DR0\Partition1
22:48:31.0873 0332 ============================================================
22:48:31.0873 0332 Initialize success
22:48:31.0873 0332 ============================================================
23:00:08.0522 5456 ============================================================
23:00:08.0522 5456 Scan started
23:00:08.0522 5456 Mode: Manual;
23:00:08.0522 5456 ============================================================
23:00:10.0535 5456 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
23:00:10.0535 5456 ACPI - ok
23:00:10.0597 5456 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
23:00:10.0613 5456 adp94xx - ok
23:00:10.0659 5456 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
23:00:10.0659 5456 adpahci - ok
23:00:10.0691 5456 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
23:00:10.0691 5456 adpu160m - ok
23:00:10.0722 5456 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
23:00:10.0722 5456 adpu320 - ok
23:00:10.0784 5456 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
23:00:10.0784 5456 AeLookupSvc - ok
23:00:10.0847 5456 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
23:00:10.0847 5456 AFD - ok
23:00:10.0909 5456 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
23:00:10.0909 5456 AgereModemAudio - ok
23:00:11.0003 5456 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
23:00:11.0003 5456 AgereSoftModem - ok
23:00:11.0065 5456 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
23:00:11.0065 5456 agp440 - ok
23:00:11.0096 5456 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
23:00:11.0096 5456 aic78xx - ok
23:00:11.0143 5456 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
23:00:11.0143 5456 ALG - ok
23:00:11.0159 5456 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
23:00:11.0159 5456 aliide - ok
23:00:11.0174 5456 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
23:00:11.0174 5456 amdagp - ok
23:00:11.0190 5456 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
23:00:11.0190 5456 amdide - ok
23:00:11.0237 5456 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
23:00:11.0237 5456 AmdK7 - ok
23:00:11.0252 5456 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
23:00:11.0252 5456 AmdK8 - ok
23:00:11.0299 5456 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys
23:00:11.0299 5456 ApfiltrService - ok
23:00:11.0346 5456 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
23:00:11.0346 5456 Appinfo - ok
23:00:11.0455 5456 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:00:11.0455 5456 Apple Mobile Device - ok
23:00:11.0517 5456 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
23:00:11.0517 5456 arc - ok
23:00:11.0564 5456 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
23:00:11.0564 5456 arcsas - ok
23:00:11.0595 5456 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
23:00:11.0595 5456 AsyncMac - ok
23:00:11.0627 5456 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
23:00:11.0627 5456 atapi - ok
23:00:11.0720 5456 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
23:00:11.0720 5456 AudioEndpointBuilder - ok
23:00:11.0736 5456 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
23:00:11.0736 5456 Audiosrv - ok
23:00:11.0767 5456 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
23:00:11.0767 5456 Beep - ok
23:00:11.0954 5456 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
23:00:11.0970 5456 BITS - ok
23:00:11.0970 5456 blbdrive - ok
23:00:12.0126 5456 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe
23:00:12.0126 5456 Bonjour Service - ok
23:00:12.0188 5456 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
23:00:12.0188 5456 bowser - ok
23:00:12.0219 5456 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
23:00:12.0219 5456 BrFiltLo - ok
23:00:12.0251 5456 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
23:00:12.0251 5456 BrFiltUp - ok
23:00:12.0297 5456 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
23:00:12.0297 5456 Browser - ok
23:00:12.0313 5456 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
23:00:12.0313 5456 Brserid - ok
23:00:12.0329 5456 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
23:00:12.0329 5456 BrSerWdm - ok
23:00:12.0344 5456 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
23:00:12.0344 5456 BrUsbMdm - ok
23:00:12.0360 5456 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
23:00:12.0360 5456 BrUsbSer - ok
23:00:12.0375 5456 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
23:00:12.0375 5456 BTHMODEM - ok
23:00:12.0407 5456 ccalib8 - ok
23:00:12.0485 5456 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
23:00:12.0485 5456 cdfs - ok
23:00:12.0563 5456 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
23:00:12.0563 5456 cdrom - ok
23:00:12.0594 5456 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
23:00:12.0594 5456 CertPropSvc - ok
23:00:12.0641 5456 CFSvcs (c82162949bba6cc5d006c7bd008f3cf1) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
23:00:12.0656 5456 CFSvcs - ok
23:00:12.0687 5456 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
23:00:12.0687 5456 circlass - ok
23:00:12.0734 5456 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
23:00:12.0734 5456 CLFS - ok
23:00:12.0765 5456 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:00:12.0765 5456 clr_optimization_v2.0.50727_32 - ok
23:00:12.0828 5456 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:00:12.0828 5456 clr_optimization_v4.0.30319_32 - ok
23:00:12.0875 5456 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
23:00:12.0875 5456 CmBatt - ok
23:00:12.0921 5456 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
23:00:12.0921 5456 cmdide - ok
23:00:12.0953 5456 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
23:00:12.0953 5456 Compbatt - ok
23:00:12.0953 5456 COMSysApp - ok
23:00:12.0968 5456 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
23:00:12.0968 5456 crcdisk - ok
23:00:12.0984 5456 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
23:00:12.0999 5456 Crusoe - ok
23:00:13.0077 5456 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
23:00:13.0077 5456 CryptSvc - ok
23:00:13.0155 5456 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
23:00:13.0171 5456 DcomLaunch - ok
23:00:13.0202 5456 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
23:00:13.0218 5456 DfsC - ok
23:00:13.0467 5456 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
23:00:13.0545 5456 DFSR - ok
23:00:13.0764 5456 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
23:00:13.0764 5456 Dhcp - ok
23:00:13.0842 5456 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
23:00:13.0842 5456 disk - ok
23:00:13.0873 5456 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
23:00:13.0873 5456 Dnscache - ok
23:00:13.0951 5456 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
23:00:13.0951 5456 dot3svc - ok
23:00:13.0998 5456 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
23:00:13.0998 5456 Dot4 - ok
23:00:14.0045 5456 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:00:14.0045 5456 Dot4Print - ok
23:00:14.0060 5456 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
23:00:14.0060 5456 dot4usb - ok
23:00:14.0107 5456 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
23:00:14.0107 5456 DPS - ok
23:00:14.0154 5456 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
23:00:14.0154 5456 drmkaud - ok
23:00:14.0216 5456 dsiarhwprog (f35b5d0cc142b87e687fc504baa69d82) C:\Windows\system32\Drivers\dsiarhwprog.sys
23:00:14.0216 5456 dsiarhwprog - ok
23:00:14.0279 5456 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
23:00:14.0279 5456 DXGKrnl - ok
23:00:14.0341 5456 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
23:00:14.0341 5456 E1G60 - ok
23:00:14.0388 5456 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
23:00:14.0388 5456 EapHost - ok
23:00:14.0450 5456 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
23:00:14.0450 5456 Ecache - ok
23:00:14.0528 5456 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
23:00:14.0544 5456 ehRecvr - ok
23:00:14.0591 5456 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
23:00:14.0591 5456 ehSched - ok
23:00:14.0637 5456 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
23:00:14.0637 5456 ehstart - ok
23:00:14.0715 5456 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
23:00:14.0731 5456 elxstor - ok
23:00:14.0793 5456 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
23:00:14.0793 5456 EMDMgmt - ok
23:00:14.0887 5456 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
23:00:14.0887 5456 EventSystem - ok
23:00:15.0043 5456 EvtEng (298c8f404968a600d1c298d43783bdb8) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
23:00:15.0043 5456 EvtEng - ok
23:00:15.0121 5456 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
23:00:15.0137 5456 exfat - ok
23:00:15.0183 5456 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
23:00:15.0183 5456 fastfat - ok
23:00:15.0277 5456 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
23:00:15.0277 5456 fdc - ok
23:00:15.0527 5456 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
23:00:15.0527 5456 fdPHost - ok
23:00:15.0558 5456 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
23:00:15.0558 5456 FDResPub - ok
23:00:15.0605 5456 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
23:00:15.0605 5456 FileInfo - ok
23:00:15.0636 5456 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
23:00:15.0636 5456 Filetrace - ok
23:00:15.0651 5456 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
23:00:15.0651 5456 flpydisk - ok
23:00:15.0729 5456 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
23:00:15.0729 5456 FltMgr - ok
23:00:15.0885 5456 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
23:00:15.0885 5456 FontCache - ok
23:00:15.0979 5456 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:00:15.0979 5456 FontCache3.0.0.0 - ok
23:00:15.0995 5456 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
23:00:16.0010 5456 fssfltr - ok
23:00:16.0135 5456 fsssvc (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
23:00:16.0151 5456 fsssvc - ok
23:00:16.0197 5456 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
23:00:16.0197 5456 Fs_Rec - ok
23:00:16.0229 5456 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
23:00:16.0229 5456 gagp30kx - ok
23:00:16.0275 5456 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
23:00:16.0275 5456 GEARAspiWDM - ok
23:00:16.0338 5456 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
23:00:16.0353 5456 gpsvc - ok
23:00:16.0457 5456 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
23:00:16.0457 5456 gupdate - ok
23:00:16.0487 5456 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
23:00:16.0487 5456 gupdatem - ok
23:00:16.0577 5456 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
23:00:16.0587 5456 HdAudAddService - ok
23:00:16.0657 5456 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:00:16.0667 5456 HDAudBus - ok
23:00:16.0697 5456 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
23:00:16.0697 5456 HidBth - ok
23:00:16.0737 5456 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
23:00:16.0747 5456 HidIr - ok
23:00:16.0777 5456 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
23:00:16.0777 5456 hidserv - ok
23:00:16.0837 5456 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
23:00:16.0847 5456 HidUsb - ok
23:00:16.0887 5456 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
23:00:16.0887 5456 hkmsvc - ok
23:00:16.0937 5456 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
23:00:16.0937 5456 HpCISSs - ok
23:00:17.0047 5456 hpqcxs08 (f50f7984fdd151edd8a70a8dbd9e2a44) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
23:00:17.0047 5456 hpqcxs08 - ok
23:00:17.0097 5456 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
23:00:17.0097 5456 hpqddsvc - ok
23:00:17.0167 5456 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
23:00:17.0167 5456 HTTP - ok
23:00:17.0217 5456 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
23:00:17.0217 5456 i2omp - ok
23:00:17.0297 5456 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
23:00:17.0297 5456 i8042prt - ok
23:00:17.0377 5456 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
23:00:17.0387 5456 iaStor - ok
23:00:17.0417 5456 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
23:00:17.0417 5456 iaStorV - ok
23:00:17.0587 5456 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:00:17.0607 5456 idsvc - ok
23:00:17.0807 5456 igfx (038815297078d236d8cc064c295a74c6) C:\Windows\system32\DRIVERS\igdkmd32.sys
23:00:17.0817 5456 igfx - ok
23:00:17.0977 5456 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
23:00:17.0977 5456 iirsp - ok
23:00:18.0057 5456 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
23:00:18.0067 5456 IKEEXT - ok
23:00:18.0257 5456 IntcAzAudAddService (0f16d98c3af2138fabfa20adde4e01fe) C:\Windows\system32\drivers\RTKVHDA.sys
23:00:18.0277 5456 IntcAzAudAddService - ok
23:00:18.0417 5456 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
23:00:18.0417 5456 intelide - ok
23:00:18.0447 5456 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
23:00:18.0447 5456 intelppm - ok
23:00:18.0477 5456 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
23:00:18.0477 5456 IPBusEnum - ok
23:00:18.0517 5456 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:00:18.0517 5456 IpFilterDriver - ok
23:00:18.0527 5456 IpInIp - ok
23:00:18.0567 5456 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
23:00:18.0567 5456 IPMIDRV - ok
23:00:18.0617 5456 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
23:00:18.0617 5456 IPNAT - ok
23:00:18.0777 5456 iPod Service (3a6d4d8abacf64292d060c9e06d2050d) C:\Program Files\iPod\bin\iPodService.exe
23:00:18.0787 5456 iPod Service - ok
23:00:18.0837 5456 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
23:00:18.0837 5456 IRENUM - ok
23:00:18.0857 5456 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
23:00:18.0867 5456 isapnp - ok
23:00:18.0907 5456 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
23:00:18.0907 5456 iScsiPrt - ok
23:00:18.0927 5456 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
23:00:18.0927 5456 iteatapi - ok
23:00:18.0957 5456 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
23:00:18.0957 5456 iteraid - ok
23:00:19.0017 5456 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:00:19.0017 5456 kbdclass - ok
23:00:19.0057 5456 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
23:00:19.0057 5456 kbdhid - ok
23:00:19.0097 5456 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:00:19.0097 5456 KeyIso - ok
23:00:19.0137 5456 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
23:00:19.0137 5456 KSecDD - ok
23:00:19.0207 5456 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
23:00:19.0207 5456 KtmRm - ok
23:00:19.0257 5456 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
23:00:19.0257 5456 LanmanServer - ok
23:00:19.0327 5456 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
23:00:19.0327 5456 LanmanWorkstation - ok
23:00:19.0357 5456 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
23:00:19.0367 5456 lltdio - ok
23:00:19.0407 5456 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
23:00:19.0407 5456 lltdsvc - ok
23:00:19.0457 5456 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
23:00:19.0457 5456 lmhosts - ok
23:00:19.0527 5456 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys
23:00:19.0527 5456 LPCFilter - ok
23:00:19.0607 5456 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
23:00:19.0607 5456 LSI_FC - ok
23:00:19.0647 5456 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
23:00:19.0647 5456 LSI_SAS - ok
23:00:19.0707 5456 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
23:00:19.0707 5456 LSI_SCSI - ok
23:00:19.0737 5456 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
23:00:19.0737 5456 luafv - ok
23:00:19.0823 5456 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
23:00:19.0823 5456 MBAMProtector - ok
23:00:19.0947 5456 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware1\mbamservice.exe
23:00:19.0963 5456 MBAMService - ok
23:00:19.0994 5456 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
23:00:20.0010 5456 Mcx2Svc - ok
23:00:20.0057 5456 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
23:00:20.0057 5456 megasas - ok
23:00:20.0088 5456 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
23:00:20.0088 5456 MMCSS - ok
23:00:20.0135 5456 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
23:00:20.0135 5456 Modem - ok
23:00:20.0181 5456 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
23:00:20.0181 5456 monitor - ok
23:00:20.0228 5456 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
23:00:20.0228 5456 mouclass - ok
23:00:20.0259 5456 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
23:00:20.0259 5456 mouhid - ok
23:00:20.0291 5456 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
23:00:20.0291 5456 MountMgr - ok
23:00:20.0337 5456 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
23:00:20.0337 5456 mpio - ok
23:00:20.0384 5456 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
23:00:20.0384 5456 mpsdrv - ok
23:00:20.0431 5456 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
23:00:20.0431 5456 Mraid35x - ok
23:00:20.0462 5456 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
23:00:20.0462 5456 MRxDAV - ok
23:00:20.0509 5456 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:00:20.0509 5456 mrxsmb - ok
23:00:20.0556 5456 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:00:20.0556 5456 mrxsmb10 - ok
23:00:20.0665 5456 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:00:20.0665 5456 mrxsmb20 - ok
23:00:20.0852 5456 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
23:00:20.0852 5456 msahci - ok
23:00:20.0883 5456 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
23:00:20.0883 5456 msdsm - ok
23:00:20.0930 5456 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
23:00:20.0930 5456 MSDTC - ok
23:00:20.0977 5456 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
23:00:20.0977 5456 Msfs - ok
23:00:21.0008 5456 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
23:00:21.0008 5456 msisadrv - ok
23:00:21.0071 5456 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
23:00:21.0071 5456 MSiSCSI - ok
23:00:21.0086 5456 msiserver - ok
23:00:21.0149 5456 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
23:00:21.0149 5456 MSKSSRV - ok
23:00:21.0164 5456 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
23:00:21.0164 5456 MSPCLOCK - ok
23:00:21.0211 5456 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
23:00:21.0211 5456 MSPQM - ok
23:00:21.0258 5456 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
23:00:21.0258 5456 MsRPC - ok
23:00:21.0336 5456 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
23:00:21.0336 5456 mssmbios - ok
23:00:21.0351 5456 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
23:00:21.0351 5456 MSTEE - ok
23:00:21.0398 5456 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
23:00:21.0398 5456 Mup - ok
23:00:21.0445 5456 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
23:00:21.0461 5456 napagent - ok
23:00:21.0523 5456 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
23:00:21.0523 5456 NativeWifiP - ok
23:00:21.0585 5456 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
23:00:21.0601 5456 NDIS - ok
23:00:21.0648 5456 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
23:00:21.0648 5456 NdisTapi - ok
23:00:21.0723 5456 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
23:00:21.0723 5456 Ndisuio - ok
23:00:21.0833 5456 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:00:21.0833 5456 NdisWan - ok
23:00:21.0913 5456 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
23:00:21.0913 5456 NDProxy - ok
23:00:21.0983 5456 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\Windows\system32\HPZinw12.dll
23:00:21.0983 5456 Net Driver HPZ12 - ok
23:00:22.0013 5456 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
23:00:22.0013 5456 NetBIOS - ok
23:00:22.0093 5456 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
23:00:22.0093 5456 netbt - ok
23:00:22.0165 5456 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:00:22.0165 5456 Netlogon - ok
23:00:22.0243 5456 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
23:00:22.0243 5456 Netman - ok
23:00:22.0289 5456 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
23:00:22.0305 5456 netprofm - ok
23:00:22.0399 5456 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:00:22.0414 5456 NetTcpPortSharing - ok
23:00:22.0773 5456 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
23:00:22.0789 5456 NETw4v32 - ok
23:00:22.0991 5456 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
23:00:22.0991 5456 nfrd960 - ok
23:00:23.0054 5456 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
23:00:23.0054 5456 NlaSvc - ok
23:00:23.0101 5456 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
23:00:23.0101 5456 Npfs - ok
23:00:23.0116 5456 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
23:00:23.0132 5456 nsi - ok
23:00:23.0147 5456 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
23:00:23.0147 5456 nsiproxy - ok
23:00:23.0335 5456 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
23:00:23.0350 5456 Ntfs - ok
23:00:23.0381 5456 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
23:00:23.0381 5456 ntrigdigi - ok
23:00:23.0428 5456 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
23:00:23.0428 5456 Null - ok
23:00:23.0459 5456 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
23:00:23.0459 5456 nvraid - ok
23:00:23.0475 5456 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
23:00:23.0491 5456 nvstor - ok
23:00:23.0491 5456 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
23:00:23.0506 5456 nv_agp - ok
23:00:23.0506 5456 NwlnkFlt - ok
23:00:23.0506 5456 NwlnkFwd - ok
23:00:23.0771 5456 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:00:23.0771 5456 odserv - ok
23:00:23.0881 5456 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
23:00:23.0881 5456 ohci1394 - ok
23:00:23.0927 5456 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:00:23.0943 5456 ose - ok
23:00:24.0083 5456 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:00:24.0130 5456 p2pimsvc - ok
23:00:24.0130 5456 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:00:24.0146 5456 p2psvc - ok
23:00:24.0193 5456 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
23:00:24.0193 5456 Parport - ok
23:00:24.0255 5456 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
23:00:24.0255 5456 partmgr - ok
23:00:24.0317 5456 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
23:00:24.0317 5456 Parvdm - ok
23:00:24.0349 5456 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
23:00:24.0349 5456 PcaSvc - ok
23:00:24.0380 5456 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
23:00:24.0380 5456 pci - ok
23:00:24.0411 5456 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
23:00:24.0411 5456 pciide - ok
23:00:24.0458 5456 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
23:00:24.0458 5456 pcmcia - ok
23:00:24.0629 5456 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
23:00:24.0645 5456 PEAUTH - ok
23:00:25.0019 5456 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
23:00:25.0051 5456 pla - ok
23:00:25.0222 5456 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
23:00:25.0238 5456 PlugPlay - ok
23:00:25.0285 5456 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\Windows\system32\HPZipm12.dll
23:00:25.0285 5456 Pml Driver HPZ12 - ok
23:00:25.0394 5456 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:00:25.0394 5456 PNRPAutoReg - ok
23:00:25.0409 5456 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:00:25.0409 5456 PNRPsvc - ok
23:00:25.0675 5456 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
23:00:25.0690 5456 PolicyAgent - ok
23:00:25.0753 5456 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
23:00:25.0753 5456 PptpMiniport - ok
23:00:25.0784 5456 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
23:00:25.0784 5456 Processor - ok
23:00:25.0831 5456 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
23:00:25.0831 5456 ProfSvc - ok
23:00:25.0862 5456 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:00:25.0877 5456 ProtectedStorage - ok
23:00:25.0909 5456 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
23:00:25.0909 5456 PSched - ok
23:00:26.0033 5456 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
23:00:26.0049 5456 ql2300 - ok
23:00:26.0065 5456 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
23:00:26.0065 5456 ql40xx - ok
23:00:26.0111 5456 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
23:00:26.0127 5456 QWAVE - ok
23:00:26.0158 5456 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
23:00:26.0158 5456 QWAVEdrv - ok
23:00:26.0174 5456 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
23:00:26.0174 5456 RasAcd - ok
23:00:26.0205 5456 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
23:00:26.0205 5456 RasAuto - ok
23:00:26.0236 5456 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:00:26.0236 5456 Rasl2tp - ok
23:00:26.0299 5456 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
23:00:26.0299 5456 RasMan - ok
23:00:26.0345 5456 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
23:00:26.0345 5456 RasPppoe - ok
23:00:26.0392 5456 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
23:00:26.0392 5456 RasSstp - ok
23:00:26.0439 5456 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
23:00:26.0439 5456 rdbss - ok
23:00:26.0486 5456 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:00:26.0486 5456 RDPCDD - ok
23:00:26.0533 5456 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
23:00:26.0533 5456 rdpdr - ok
23:00:26.0548 5456 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
23:00:26.0548 5456 RDPENCDD - ok
23:00:26.0611 5456 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
23:00:26.0611 5456 RDPWD - ok
23:00:26.0829 5456 RegSrvc (83a5d92ace4465c667d1d55fcdab2658) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
23:00:26.0829 5456 RegSrvc - ok
23:00:26.0891 5456 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
23:00:26.0891 5456 RemoteAccess - ok
23:00:26.0938 5456 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
23:00:26.0938 5456 RemoteRegistry - ok
23:00:26.0969 5456 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
23:00:26.0969 5456 RpcLocator - ok
23:00:27.0063 5456 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
23:00:27.0079 5456 RpcSs - ok
23:00:27.0125 5456 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
23:00:27.0125 5456 rspndr - ok
23:00:27.0188 5456 RTL8169 (125c504a34d0a2e152517e342e7e432c) C:\Windows\system32\DRIVERS\Rtlh86.sys
23:00:27.0188 5456 RTL8169 - ok
23:00:27.0250 5456 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:00:27.0250 5456 SamSs - ok
23:00:27.0281 5456 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
23:00:27.0281 5456 sbp2port - ok
23:00:27.0344 5456 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
23:00:27.0344 5456 SCardSvr - ok
23:00:27.0422 5456 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
23:00:27.0422 5456 Schedule - ok
23:00:27.0437 5456 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
23:00:27.0437 5456 SCPolicySvc - ok
23:00:27.0469 5456 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
23:00:27.0469 5456 sdbus - ok
23:00:27.0531 5456 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
23:00:27.0531 5456 SDRSVC - ok
23:00:27.0547 5456 sebuugfw - ok
23:00:27.0578 5456 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
23:00:27.0578 5456 seclogon - ok
23:00:27.0609 5456 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
23:00:27.0609 5456 SENS - ok
23:00:27.0640 5456 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
23:00:27.0640 5456 Serenum - ok
23:00:27.0656 5456 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
23:00:27.0656 5456 Serial - ok
23:00:27.0718 5456 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
23:00:27.0734 5456 sermouse - ok
23:00:27.0905 5456 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
23:00:27.0905 5456 SessionEnv - ok
23:00:27.0937 5456 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
23:00:27.0937 5456 sffdisk - ok
23:00:27.0968 5456 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
23:00:27.0968 5456 sffp_mmc - ok
23:00:27.0999 5456 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:00:27.0999 5456 sffp_sd - ok
23:00:28.0061 5456 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
23:00:28.0061 5456 sfloppy - ok
23:00:28.0124 5456 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
23:00:28.0124 5456 ShellHWDetection - ok
23:00:28.0155 5456 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
23:00:28.0155 5456 sisagp - ok
23:00:28.0186 5456 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
23:00:28.0186 5456 SiSRaid2 - ok
23:00:28.0217 5456 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
23:00:28.0217 5456 SiSRaid4 - ok
23:00:28.0607 5456 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
23:00:28.0623 5456 slsvc - ok
23:00:29.0046 5456 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
23:00:29.0046 5456 SLUINotify - ok
23:00:29.0116 5456 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
23:00:29.0116 5456 Smb - ok
23:00:29.0156 5456 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
23:00:29.0156 5456 SNMPTRAP - ok
23:00:29.0196 5456 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
23:00:29.0206 5456 spldr - ok
23:00:29.0256 5456 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
23:00:29.0256 5456 Spooler - ok
23:00:29.0316 5456 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
23:00:29.0316 5456 srv - ok
23:00:29.0366 5456 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
23:00:29.0376 5456 srv2 - ok
23:00:29.0396 5456 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
23:00:29.0396 5456 srvnet - ok
23:00:29.0426 5456 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
23:00:29.0426 5456 SSDPSRV - ok
23:00:29.0486 5456 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
23:00:29.0486 5456 SstpSvc - ok
23:00:29.0516 5456 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
23:00:29.0526 5456 StillCam - ok
23:00:29.0586 5456 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
23:00:29.0596 5456 stisvc - ok
23:00:29.0616 5456 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
23:00:29.0616 5456 swenum - ok
23:00:29.0666 5456 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
23:00:29.0676 5456 swprv - ok
23:00:29.0736 5456 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
23:00:29.0736 5456 Symc8xx - ok
23:00:29.0776 5456 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
23:00:29.0796 5456 Sym_hi - ok
23:00:29.0846 5456 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
23:00:29.0866 5456 Sym_u3 - ok
23:00:30.0086 5456 SynTP (964524a9edcce945e82419abe9db94ee) C:\Windows\system32\DRIVERS\SynTP.sys
23:00:30.0086 5456 SynTP - ok
23:00:30.0166 5456 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
23:00:30.0176 5456 SysMain - ok
23:00:30.0226 5456 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
23:00:30.0236 5456 TabletInputService - ok
23:00:30.0286 5456 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
23:00:30.0296 5456 TapiSrv - ok
23:00:30.0356 5456 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
23:00:30.0356 5456 TBS - ok
23:00:30.0846 5456 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
23:00:30.0846 5456 Tcpip - ok
23:00:30.0886 5456 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
23:00:30.0896 5456 Tcpip6 - ok
23:00:30.0946 5456 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
23:00:30.0946 5456 tcpipreg - ok
23:00:30.0996 5456 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
23:00:30.0996 5456 tdcmdpst - ok
23:00:31.0026 5456 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
23:00:31.0026 5456 TDPIPE - ok
23:00:31.0056 5456 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
23:00:31.0056 5456 TDTCP - ok
23:00:31.0096 5456 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
23:00:31.0096 5456 tdx - ok
23:00:31.0126 5456 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
23:00:31.0126 5456 TermDD - ok
23:00:31.0256 5456 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
23:00:31.0266 5456 TermService - ok
23:00:31.0356 5456 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
23:00:31.0356 5456 Themes - ok
23:00:31.0456 5456 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
23:00:31.0456 5456 THREADORDER - ok
23:00:31.0526 5456 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys
23:00:31.0526 5456 tifm21 - ok
23:00:31.0656 5456 TNaviSrv (b351aa72eae95c4447a3c5329977f064) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
23:00:31.0656 5456 TNaviSrv - ok
23:00:31.0696 5456 TODDSrv (d540858e65bfa6fded41ad2495ece344) C:\Windows\system32\TODDSrv.exe
23:00:31.0706 5456 TODDSrv - ok
23:00:31.0856 5456 TosCoSrv (6a54c28b53c6b50d333c8ee974c6b208) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
23:00:31.0856 5456 TosCoSrv - ok
23:00:31.0906 5456 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
23:00:31.0906 5456 tos_sps32 - ok
23:00:31.0906 5456 TpChoice - ok
23:00:32.0156 5456 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
23:00:32.0176 5456 TrkWks - ok
23:00:32.0306 5456 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
23:00:32.0306 5456 TrustedInstaller - ok
23:00:32.0366 5456 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:00:32.0366 5456 tssecsrv - ok
23:00:32.0406 5456 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
23:00:32.0406 5456 tunmp - ok
23:00:32.0456 5456 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
23:00:32.0456 5456 tunnel - ok
23:00:32.0506 5456 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
23:00:32.0506 5456 TVALZ - ok
23:00:32.0556 5456 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
23:00:32.0556 5456 uagp35 - ok
23:00:32.0616 5456 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
23:00:32.0616 5456 udfs - ok
23:00:32.0676 5456 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
23:00:32.0676 5456 UI0Detect - ok
23:00:32.0736 5456 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
23:00:32.0746 5456 UleadBurningHelper - ok
23:00:32.0766 5456 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
23:00:32.0766 5456 uliagpkx - ok
23:00:33.0086 5456 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
23:00:33.0126 5456 uliahci - ok
23:00:33.0196 5456 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
23:00:33.0206 5456 UlSata - ok
23:00:33.0246 5456 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
23:00:33.0256 5456 ulsata2 - ok
23:00:33.0306 5456 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
23:00:33.0306 5456 umbus - ok
23:00:33.0356 5456 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
23:00:33.0366 5456 upnphost - ok
23:00:33.0426 5456 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
23:00:33.0426 5456 USBAAPL - ok
23:00:33.0486 5456 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
23:00:33.0486 5456 usbccgp - ok
23:00:33.0516 5456 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
23:00:33.0526 5456 usbcir - ok
23:00:33.0596 5456 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
23:00:33.0596 5456 usbehci - ok
23:00:33.0626 5456 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
23:00:33.0626 5456 usbhub - ok
23:00:33.0676 5456 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
23:00:33.0676 5456 usbohci - ok
23:00:33.0716 5456 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
23:00:33.0716 5456 usbprint - ok
23:00:33.0766 5456 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
23:00:33.0766 5456 usbscan - ok
23:00:33.0876 5456 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:00:33.0876 5456 USBSTOR - ok
23:00:33.0966 5456 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
23:00:33.0966 5456 usbuhci - ok
23:00:34.0016 5456 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
23:00:34.0016 5456 usbvideo - ok
23:00:34.0036 5456 UVCFTR (3b929a72aaea96dc0150d3a6da268c89) C:\Windows\system32\Drivers\UVCFTR_S.SYS
23:00:34.0036 5456 UVCFTR - ok
23:00:34.0106 5456 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
23:00:34.0106 5456 UxSms - ok
23:00:34.0156 5456 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
23:00:34.0166 5456 vds - ok
23:00:34.0196 5456 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
23:00:34.0196 5456 vga - ok
23:00:34.0226 5456 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
23:00:34.0226 5456 VgaSave - ok
23:00:34.0246 5456 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
23:00:34.0246 5456 viaagp - ok
23:00:34.0286 5456 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
23:00:34.0286 5456 ViaC7 - ok
23:00:34.0306 5456 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
23:00:34.0316 5456 viaide - ok
23:00:34.0346 5456 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
23:00:34.0356 5456 volmgr - ok
23:00:34.0426 5456 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
23:00:34.0426 5456 volmgrx - ok
23:00:34.0476 5456 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
23:00:34.0476 5456 volsnap - ok
23:00:34.0526 5456 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
23:00:34.0526 5456 vsmraid - ok
23:00:34.0661 5456 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
23:00:34.0677 5456 VSS - ok
23:00:34.0739 5456 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
23:00:34.0755 5456 W32Time - ok
23:00:34.0801 5456 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
23:00:34.0801 5456 WacomPen - ok
23:00:34.0848 5456 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:00:34.0864 5456 Wanarp - ok
23:00:34.0864 5456 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:00:34.0864 5456 Wanarpv6 - ok
23:00:35.0550 5456 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
23:00:35.0566 5456 wcncsvc - ok
23:00:35.0613 5456 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
23:00:35.0613 5456 WcsPlugInService - ok
23:00:35.0628 5456 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
23:00:35.0628 5456 Wd - ok
23:00:35.0691 5456 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
23:00:35.0691 5456 Wdf01000 - ok
23:00:35.0753 5456 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
23:00:35.0753 5456 WdiServiceHost - ok
23:00:35.0753 5456 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
23:00:35.0753 5456 WdiSystemHost - ok
23:00:35.0893 5456 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
23:00:35.0893 5456 WebClient - ok
23:00:36.0034 5456 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
23:00:36.0049 5456 Wecsvc - ok
23:00:36.0081 5456 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
23:00:36.0096 5456 wercplsupport - ok
23:00:36.0143 5456 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
23:00:36.0143 5456 WerSvc - ok
23:00:36.0159 5456 WinHttpAutoProxySvc - ok
23:00:36.0221 5456 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
23:00:36.0221 5456 Winmgmt - ok
23:00:36.0346 5456 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
23:00:36.0361 5456 WinRM - ok
23:00:36.0455 5456 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
23:00:36.0455 5456 Wlansvc - ok
23:00:36.0673 5456 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:00:36.0689 5456 wlidsvc - ok
23:00:37.0251 5456 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
23:00:37.0251 5456 WmiAcpi - ok
23:00:37.0360 5456 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
23:00:37.0360 5456 wmiApSrv - ok
23:00:37.0502 5456 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
23:00:37.0512 5456 WMPNetworkSvc - ok
23:00:37.0562 5456 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
23:00:37.0562 5456 WPCSvc - ok
23:00:37.0642 5456 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
23:00:37.0642 5456 WPDBusEnum - ok
23:00:37.0742 5456 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
23:00:37.0742 5456 WpdUsb - ok
23:00:38.0192 5456 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:00:38.0202 5456 WPFFontCache_v0400 - ok
23:00:38.0262 5456 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
23:00:38.0262 5456 ws2ifsl - ok
23:00:38.0262 5456 WSearch - ok
23:00:38.0442 5456 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
23:00:38.0462 5456 wuauserv - ok
23:00:38.0642 5456 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:00:38.0642 5456 WUDFRd - ok
23:00:38.0682 5456 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
23:00:38.0682 5456 wudfsvc - ok
23:00:38.0752 5456 ysusb32 (3f2a964306349863cd73775e9ba6565c) C:\Windows\system32\drivers\ysusb32.sys
23:00:38.0752 5456 ysusb32 - ok
23:00:38.0802 5456 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
23:00:39.0432 5456 \Device\Harddisk0\DR0 - ok
23:00:39.0442 5456 Boot (0x1200) (fb8a4c8a9d7df6203d64550640130fbe) \Device\Harddisk0\DR0\Partition0
23:00:39.0452 5456 \Device\Harddisk0\DR0\Partition0 - ok
23:00:39.0472 5456 Boot (0x1200) (328e62d3ec83f73927b3e6c3dad77cee) \Device\Harddisk0\DR0\Partition1
23:00:39.0472 5456 \Device\Harddisk0\DR0\Partition1 - ok
23:00:39.0472 5456 ============================================================
23:00:39.0472 5456 Scan finished
23:00:39.0472 5456 ============================================================
23:00:39.0492 5628 Detected object count: 0
23:00:39.0492 5628 Actual detected object count: 0
23:11:05.0961 7496 Deinitialize success



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-28 00:21:57
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.BBFO
Running: lmffsric.exe; Driver: C:\Users\user\AppData\Local\Temp\kwldapob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8A74F000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8A798000, 0x510, 0x40000040]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\explorer.exe[5868] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [73A47817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5868] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [73A8B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5868] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73A4BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5868] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73A3F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5868] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [73A475E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5868] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73A3E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5868] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73A773F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5868] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [73A4DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5868] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [73A3FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5868] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [73A3FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5868] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [73A371CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5868] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [73ACCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5868] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [73A6C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5868] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73A3D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5868] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [73A36853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5868] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [73A3687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5868] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73A42AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB44451$\2120197514 0 bytes
File C:\Windows\$NtUninstallKB44451$\58044118 0 bytes
File C:\Windows\$NtUninstallKB44451$\58044118\@ 2048 bytes
File C:\Windows\$NtUninstallKB44451$\58044118\cfg.ini 301 bytes
File C:\Windows\$NtUninstallKB44451$\58044118\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB44451$\58044118\L 0 bytes
File C:\Windows\$NtUninstallKB44451$\58044118\L\qnbwvoto 72192 bytes
File C:\Windows\$NtUninstallKB44451$\58044118\oemid 116 bytes
File C:\Windows\$NtUninstallKB44451$\58044118\U 0 bytes
File C:\Windows\$NtUninstallKB44451$\58044118\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB44451$\58044118\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB44451$\58044118\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB44451$\58044118\U\80000000.@ 66560 bytes
File C:\Windows\$NtUninstallKB44451$\58044118\U\80000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB44451$\58044118\U\80000032.@ 115712 bytes
File C:\Windows\$NtUninstallKB44451$\58044118\version 1267 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C8054388-A876-11E1-A865-001EEC3CB420}.dat 4096 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C8054389-A876-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C805438A-A876-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{31DD072B-A877-11E1-A865-001EEC3CB420}.dat 23040 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D467EB08-A876-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D467EB09-A876-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D467EB0A-A876-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{31DD072C-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{31DD072E-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{31DD072F-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5B79304C-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5B79304E-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5B79304F-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5B793050-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5B793052-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5B793053-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A1E61E88-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A1E61E89-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A1E61E8A-A877-11E1-A865-001EEC3CB420}.dat 4096 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0E5F26C8-A877-11E1-A865-001EEC3CB420}.dat 3584 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0E5F26C9-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0E5F26CA-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0E5F26CB-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0E5F26CC-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0E5F26CD-A877-11E1-A865-001EEC3CB420}.dat 4096 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3DE2D908-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3DE2D909-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3DE2D90A-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3DE2D90B-A877-11E1-A865-001EEC3CB420}.dat 4096 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3DE2D90C-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3DE2D90D-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3DE2D90E-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3DE2D90F-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3DE2D910-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{678D4A6B-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{678D4A77-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AED7988E-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AED7989B-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{145C1C48-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{145C1C49-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{145C1C4A-A877-11E1-A865-001EEC3CB420}.dat 4096 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{145C1C4B-A877-11E1-A865-001EEC3CB420}.dat 3584 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{145C1C4C-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{145C1C4D-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{145C1C4E-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{145C1C4F-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{145C1C50-A877-11E1-A865-001EEC3CB420}.dat 4096 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{145C1C51-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{145C1C52-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5B79304B-A877-11E1-A865-001EEC3CB420}.dat 28672 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E0C83128-A876-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E0C83129-A876-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E0C8312A-A876-11E1-A865-001EEC3CB420}.dat 4096 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{851EDEEC-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{851EDEEE-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0E5F26CE-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0E5F26DA-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B209728-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B209729-A877-11E1-A865-001EEC3CB420}.dat 4096 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B20972A-A877-11E1-A865-001EEC3CB420}.dat 4096 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B20972B-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B20972C-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B20972D-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B20972E-A877-11E1-A865-001EEC3CB420}.dat 4096 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B20972F-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B209730-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B209731-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B209732-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D263C12B-A877-11E1-A865-001EEC3CB420}.dat 5632 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{145C1C53-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{851EDEEF-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{851EDEFC-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F988BD68-A876-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F988BD69-A876-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F988BD6A-A876-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5B793054-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5B793060-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{911B2B48-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{911B2B49-A877-11E1-A865-001EEC3CB420}.dat 4096 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{911B2B4A-A877-11E1-A865-001EEC3CB420}.dat 4096 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{911B2B4B-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{911B2B4C-A877-11E1-A865-001EEC3CB420}.dat 3584 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{911B2B4D-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{911B2B4E-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{911B2B4F-A877-11E1-A865-001EEC3CB420}.dat 4096 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B4FF66C8-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B4FF66D4-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BBA75EC8-A876-11E1-A865-001EEC3CB420}.dat 4096 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BBA75EC9-A876-11E1-A865-001EEC3CB420}.dat 4096 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BBA75ECA-A876-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{260DF4E8-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{260DF4E9-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{260DF4EA-A877-11E1-A865-001EEC3CB420}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G3RZ1E6A\errorPageStrings[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G3RZ1E6A\ErrorPageTemplate[2] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G3RZ1E6A\info_48[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G3RZ1E6A\httpErrorPagesScripts[2] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G3RZ1E6A\background_gradient[2] 0 bytes
File C:\Windows\Temp\~DF13C6.tmp 0 bytes
File C:\Windows\Temp\~DFCEE.tmp 0 bytes
File C:\Windows\Temp\~DFF017.tmp 0 bytes

---- EOF - GMER 1.0.15 ----



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-28 00:22:08
-----------------------------
00:22:08.428 OS Version: Windows 6.0.6002 Service Pack 2
00:22:08.428 Number of processors: 2 586 0xF0D
00:22:08.428 ComputerName: USER-PC UserName: user
00:22:10.612 Initialize success
00:22:16.280 AVAST engine download error: 0
00:24:53.964 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
00:24:53.964 Disk 0 Vendor: Hitachi_ BBFO Size: 238475MB BusType: 3
00:24:53.996 Disk 0 MBR read successfully
00:24:53.996 Disk 0 MBR scan
00:24:54.011 Disk 0 Windows VISTA default MBR code
00:24:54.027 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
00:24:54.042 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 225491 MB offset 3074048
00:24:54.074 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 6020 MB offset 464879616
00:24:54.105 Disk 0 Partition 4 00 17 Hidd HPFS/NTFS NTFS 5463 MB offset 477208576
00:24:54.276 Disk 0 scanning sectors +488396800
00:24:54.479 Disk 0 scanning C:\Windows\system32\drivers
00:25:11.608 Service scanning
00:25:34.119 Modules scanning
00:25:48.081 Disk 0 trace - called modules:
00:25:48.112 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
00:25:48.112 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865b7818]
00:25:48.112 3 CLASSPNP.SYS[8a5148b3] -> nt!IofCallDriver -> [0x85529760]
00:25:48.128 5 acpi.sys[8289e6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8552b030]
00:25:48.128 Scan finished successfully
00:27:42.647 Disk 0 MBR has been saved successfully to "C:\Users\user\Documents\MBR.dat"
00:27:42.663 The log file has been saved successfully to "C:\Users\user\Documents\aswMBR.txt"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:19 PM

Posted 28 May 2012 - 04:13 AM

File C:\Windows\$NtUninstallKB44451$\2120197514 0 bytes
File C:\Windows\$NtUninstallKB44451$\58044118 0 bytes
File C:\Windows\$NtUninstallKB44451$\58044118\@ 2048 bytes
File C:\Windows\$NtUninstallKB44451$\58044118\cfg.ini 301 bytes
File C:\Windows\$NtUninstallKB44451$\58044118\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB44451$\58044118\L 0 bytes
File C:\Windows\$NtUninstallKB44451$\58044118\L\qnbwvoto 72192 bytes
File C:\Windows\$NtUninstallKB44451$\58044118\oemid 116 bytes
File C:\Windows\$NtUninstallKB44451$\58044118\U 0 bytes
File C:\Windows\$NtUninstallKB44451$\58044118\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB44451$\58044118\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB44451$\58044118\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB44451$\58044118\U\80000000.@ 66560 bytes
File C:\Windows\$NtUninstallKB44451$\58044118\U\80000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB44451$\58044118\U\80000032.@ 115712 bytes
File C:\Windows\$NtUninstallKB44451$\58044118\version 1267 bytes


You're infected by zero access.We need advanced tools

Read the guide here

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users