Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

bad mail from my wifes computer


  • Please log in to reply
7 replies to this topic

#1 donel

donel

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 25 May 2012 - 11:54 PM

Just finished a bad experience with Zero Access on my daughters computer, (not on my network). Now today my wife goes to an internet site because of an article by a regular columnist in our local paper urging readers to go to this site. My wife went there looked around for a minute and left. Later today she went to her mailbox and found several emails that could not be delivered. These were old out dated addresses. She sent none of them. The emails all said the same thing: "Hello, This is crazy go to this site -------(not shown for obvious reasons) The site was the one she went to from the newspaper article. My email inbox showed 2 emails from her with the same info. We ran a Scan with "Malwarebytes, and System mechanic but found nothing. What happened? What damage was done? And what can we do about it?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,537 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:15 AM

Posted 29 May 2012 - 01:19 PM

Hello, Probably an infected script on that web page. You should tell the newspaper about the problem so they can contacy the webmaster.

Now I would say scan your machine. Probably a good idea to change your email password after.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 donel

donel
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 30 May 2012 - 12:10 AM

Thanks for answering me. I just spent a month trying (with the help of Sweet Tech) to remove the Zero Access Rootkit from my daughter and son-in-law's computer. I kind of panicked Awter posting and thinking about it I did most of the steps you suggested.

1. I changed her email password from another computer. We don't keep passwords on the computer but we checked from another computer all the places where she uses passwords and changed them as well.
2. I ran System Mechanic's Virus checker and nothing was found. I ran the stand alone scanning program Malwarebytes and it was clear, But I also downloaded and ran Ad-Aware. This scan is painfully slow but it found some indication of fake security Trojans. I eliminated them and ran another scan, this one was clean.
3. I downloaded and ran Mini Tool Box. The results follow:


MiniToolBox by Farbar Version: 14-01-2012
Ran by Janet (administrator) on 29-05-2012 at 21:45:31
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Atheros L2 Fast Ethernet 10/100Base-T Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.1.64 metric=1 publish=Yes
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Janet-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Atheros L2 Fast Ethernet 10/100Base-T Controller
Physical Address. . . . . . . . . : 00-1B-FC-AA-12-CC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::ac7e:fcfd:ce70:c0ea%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.64(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, May 29, 2012 1:19:45 PM
Lease Expires . . . . . . . . . . : Wednesday, May 30, 2012 1:19:44 PM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 234888188
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-47-32-D0-00-1B-FC-AA-12-CC
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:1490:1e0c:9ca7:3b8b(Preferred)
Link-local IPv6 Address . . . . . : fe80::1490:1e0c:9ca7:3b8b%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: homeportal
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.239.9
74.125.239.14
74.125.239.0
74.125.239.1
74.125.239.2
74.125.239.3
74.125.239.4
74.125.239.5
74.125.239.6
74.125.239.7
74.125.239.8


Pinging google.com [74.125.224.226] with 32 bytes of data:
Reply from 74.125.224.226: bytes=32 time=27ms TTL=52
Reply from 74.125.224.226: bytes=32 time=25ms TTL=52

Ping statistics for 74.125.224.226:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 25ms, Maximum = 27ms, Average = 26ms
Server: homeportal
Address: 192.168.1.254

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=41ms TTL=49
Reply from 72.30.38.140: bytes=32 time=50ms TTL=49

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 41ms, Maximum = 50ms, Average = 45ms
Server: homeportal
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...00 1b fc aa 12 cc ......Atheros L2 Fast Ethernet 10/100Base-T Controller
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 192.168.1.64 21
169.254.255.255 255.255.255.255 On-link 192.168.1.64 276
192.168.1.0 255.255.255.0 On-link 192.168.1.64 276
192.168.1.64 255.255.255.255 On-link 192.168.1.64 276
192.168.1.255 255.255.255.255 On-link 192.168.1.64 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.64 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.64 276
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
169.254.0.0 255.255.0.0 192.168.1.64 1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:5ef5:79fd:1490:1e0c:9ca7:3b8b/128
On-link
10 276 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::1490:1e0c:9ca7:3b8b/128
On-link
10 276 fe80::ac7e:fcfd:ce70:c0ea/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\iavlsp.dll [118784] (iolo technologies, LLC)
Catalog9 02 C:\Windows\system32\iavlsp.dll [118784] (iolo technologies, LLC)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\iavlsp.dll [118784] (iolo technologies, LLC)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/26/2012 03:12:52 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: eec

Start Time: 01cd3b8c9bef79f7

Termination Time: 185

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (05/25/2012 11:56:12 AM) (Source: MsiInstaller) (User: Janet)Janet
Description: Product: OpenOffice.org 3.4 -- Please exit OpenOffice.org 3.4 and the OpenOffice.org 3.4 Quickstarter before you continue. If you are using a multi-user system, also make sure that no other user has OpenOffice.org 3.4 open.

Error: (05/23/2012 04:41:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16421, time stamp: 0x4d76255d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xfffffffe
Faulting process id: 0x980
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (05/14/2012 05:32:35 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (05/10/2012 07:44:00 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (05/10/2012 07:43:59 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (05/10/2012 07:41:53 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (05/10/2012 07:41:52 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (05/10/2012 07:41:49 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (05/10/2012 07:41:49 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.


System errors:
=============
Error: (05/29/2012 01:19:55 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
FileDisk

Error: (05/29/2012 11:23:38 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
FileDisk

Error: (05/29/2012 09:49:20 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
FileDisk

Error: (05/26/2012 03:11:36 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
FileDisk

Error: (05/26/2012 09:07:17 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
FileDisk

Error: (05/26/2012 06:44:37 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
FileDisk

Error: (05/25/2012 09:36:44 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
FileDisk

Error: (05/24/2012 09:00:44 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
FileDisk

Error: (05/23/2012 10:54:03 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
FileDisk

Error: (05/22/2012 08:03:19 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
FileDisk


Microsoft Office Sessions:
=========================
Error: (05/26/2012 03:12:52 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.16421eec01cd3b8c9bef79f7185C:\Program Files\Internet Explorer\iexplore.exe

Error: (05/25/2012 11:56:12 AM) (Source: MsiInstaller)(User: Janet)Janet
Description: Product: OpenOffice.org 3.4 -- Please exit OpenOffice.org 3.4 and the OpenOffice.org 3.4 Quickstarter before you continue. If you are using a multi-user system, also make sure that no other user has OpenOffice.org 3.4 open.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/23/2012 04:41:19 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164214d76255dunknown0.0.0.000000000c0000005fffffffe98001cd3939776bd5b2C:\Program Files\Internet Explorer\iexplore.exeunknowncb1181f0-a530-11e1-ac2e-001bfcaa12cc

Error: (05/14/2012 05:32:35 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (05/10/2012 07:44:00 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (05/10/2012 07:43:59 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (05/10/2012 07:41:53 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (05/10/2012 07:41:52 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (05/10/2012 07:41:49 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (05/10/2012 07:41:49 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.


=========================== Installed Programs ============================

Ad-Aware Antivirus (Version: 10.1.211.3382)
Ad-Aware Browsing Protection (Version: 0.9.0.2)
Adobe AIR (Version: 3.0.0.4080)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.62)
Adobe Reader X (10.1.3) (Version: 10.1.3)
AVSDK5 (Version: 5.3.10)
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon MP Navigator EX 4.1
Canon MX410 series MP Drivers
Canon MX410 series User Registration
Canon My Printer
Canon Solution Menu EX
Coupon Printer for Windows (Version: 5.0.0.1)
Driver Manager (Version: 7)
FileHippo.com Update Checker
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
GoToMeeting 4.8.0.723 (Version: 4.8.0.723)
HP Photosmart A530 Series (Version: 130.0.389.000)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)
iolo technologies' System Mechanic Professional (Version: 10.8.5)
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 7 Update 4 (Version: 7.0.40)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.4518.1014)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
OpenOffice.org 3.3 (Version: 3.3.9567)
Spybot - Search & Destroy (Version: 1.6.2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
USB Sharing
WOT for Internet Explorer (Version: 11.11.7.0)
XnView 1.98.2 (Version: 1.98.2)

========================= Memory info: ===================================

Percentage of memory in use: 51%
Total physical RAM: 1015.24 MB
Available physical RAM: 492.79 MB
Total Pagefile: 2039.24 MB
Available Pagefile: 1026.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.03 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:753.24 GB) (Free:713.82 GB) NTFS
4 Drive e: () (Fixed) (Total:63.67 GB) (Free:31.5 GB) NTFS
5 Drive f: () (Removable) (Total:3.82 GB) (Free:3.5 GB) FAT32

========================= Users: ========================================

User accounts for \\JANET-PC

Administrator Guest Janet


**** End of log ****


The real irony of the tale is that I had added WOT to her and my computers that add-on clearly indicated that the site in the email was not to be trusted. My wife had been there just minutes before I added the program.
Please let me know if you find anything else wrong.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,537 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:15 AM

Posted 30 May 2012 - 02:26 PM

Ok... We need to fix a couple loopholes first then run another tool and see if we get it.

Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.



Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
    64-bit OS users, should read: Which Java download should I choose for my 64-bit Windows operating system?
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u4-windows-i586.exe (or jre-7u4-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.




Next.....

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 donel

donel
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 31 May 2012 - 11:25 AM

Boopme,

Here we go. I removed and reinstalled Java. It took a long time to uninstall but other then time, no problems. Rebooted and installed and ran GooredFix. No reboot need Text follows. The installed and ran TDSSKiller per instructions. No items needed to be removed text follows.

GooredFix by jpshortstuff (03.07.10.1)
Log created at 18:32 on 30/05/2012 (Janet)
Firefox version [Unable to determine]

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(Key not found)

-=E.O.F=-


18:34:43.0366 5304 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
18:34:44.0094 5304 ============================================================
18:34:44.0094 5304 Current date / time: 2012/05/30 18:34:44.0094
18:34:44.0094 5304 SystemInfo:
18:34:44.0094 5304
18:34:44.0094 5304 OS Version: 6.1.7601 ServicePack: 1.0
18:34:44.0094 5304 Product type: Workstation
18:34:44.0094 5304 ComputerName: JANET-PC
18:34:44.0094 5304 UserName: Janet
18:34:44.0094 5304 Windows directory: C:\Windows
18:34:44.0094 5304 System windows directory: C:\Windows
18:34:44.0094 5304 Processor architecture: Intel x86
18:34:44.0094 5304 Number of processors: 2
18:34:44.0094 5304 Page size: 0x1000
18:34:44.0094 5304 Boot type: Normal boot
18:34:44.0094 5304 ============================================================
18:34:46.0029 5304 Drive \Device\Harddisk1\DR1 - Size: 0xBC5584C000 (753.34 Gb), SectorSize: 0x200, Cylinders: 0x5AA07, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
18:34:46.0029 5304 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:34:46.0037 5304 Drive \Device\Harddisk3\DR3 - Size: 0xF4FD1A00 (3.83 Gb), SectorSize: 0x200, Cylinders: 0x1F3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:34:46.0038 5304 ============================================================
18:34:46.0038 5304 \Device\Harddisk1\DR1:
18:34:46.0038 5304 MBR partitions:
18:34:46.0038 5304 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:34:46.0038 5304 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x5E279000
18:34:46.0038 5304 \Device\Harddisk0\DR0:
18:34:46.0038 5304 MBR partitions:
18:34:46.0038 5304 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7F58A39
18:34:46.0038 5304 \Device\Harddisk3\DR3:
18:34:46.0039 5304 MBR partitions:
18:34:46.0039 5304 \Device\Harddisk3\DR3\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x7A7E4E
18:34:46.0039 5304 ============================================================
18:34:46.0061 5304 C: <-> \Device\Harddisk1\DR1\Partition1
18:34:46.0100 5304 E: <-> \Device\Harddisk0\DR0\Partition0
18:34:46.0100 5304 ============================================================
18:34:46.0100 5304 Initialize success
18:34:46.0100 5304 ============================================================
18:35:24.0923 5524 ============================================================
18:35:24.0923 5524 Scan started
18:35:24.0923 5524 Mode: Manual; TDLFS;
18:35:24.0923 5524 ============================================================
18:35:25.0742 5524 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:35:25.0780 5524 1394ohci - ok
18:35:25.0813 5524 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:35:25.0818 5524 ACPI - ok
18:35:25.0863 5524 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:35:25.0893 5524 AcpiPmi - ok
18:35:26.0030 5524 Ad-Aware Service (09e61047b0cef21559cfcedf4f14d216) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
18:35:26.0041 5524 Ad-Aware Service - ok
18:35:26.0083 5524 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:35:26.0099 5524 AdobeARMservice - ok
18:35:26.0185 5524 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:35:26.0238 5524 adp94xx - ok
18:35:26.0274 5524 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:35:26.0307 5524 adpahci - ok
18:35:26.0330 5524 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:35:26.0367 5524 adpu320 - ok
18:35:26.0408 5524 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
18:35:26.0409 5524 AeLookupSvc - ok
18:35:26.0453 5524 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:35:26.0537 5524 AFD - ok
18:35:26.0566 5524 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:35:26.0600 5524 agp440 - ok
18:35:26.0628 5524 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:35:26.0659 5524 aic78xx - ok
18:35:26.0683 5524 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
18:35:26.0709 5524 ALG - ok
18:35:26.0735 5524 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:35:26.0760 5524 aliide - ok
18:35:26.0781 5524 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:35:26.0809 5524 amdagp - ok
18:35:26.0835 5524 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:35:26.0861 5524 amdide - ok
18:35:26.0879 5524 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:35:26.0912 5524 AmdK8 - ok
18:35:26.0935 5524 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:35:26.0961 5524 AmdPPM - ok
18:35:26.0987 5524 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
18:35:27.0013 5524 amdsata - ok
18:35:27.0042 5524 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:35:27.0059 5524 amdsbs - ok
18:35:27.0074 5524 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
18:35:27.0108 5524 amdxata - ok
18:35:27.0159 5524 AMP (a7634ad081a97dd792ab261d80eafd84) C:\Windows\system32\Drivers\amp.sys
18:35:27.0415 5524 AMP - ok
18:35:27.0566 5524 AMPSE (839c3a79cb536a2412b4f39e50015e59) C:\Windows\system32\Drivers\ampse.sys
18:35:27.0619 5524 AMPSE - ok
18:35:27.0664 5524 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:35:27.0693 5524 AppID - ok
18:35:27.0749 5524 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
18:35:27.0781 5524 AppIDSvc - ok
18:35:27.0810 5524 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
18:35:27.0812 5524 Appinfo - ok
18:35:27.0825 5524 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:35:27.0859 5524 arc - ok
18:35:27.0866 5524 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:35:27.0894 5524 arcsas - ok
18:35:27.0928 5524 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:35:27.0954 5524 AsyncMac - ok
18:35:27.0980 5524 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:35:27.0982 5524 atapi - ok
18:35:28.0015 5524 Atc002 (ee67f3634096d49df6ed2d43ddabf290) C:\Windows\system32\DRIVERS\l260x86.sys
18:35:28.0042 5524 Atc002 - ok
18:35:28.0094 5524 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:35:28.0098 5524 AudioEndpointBuilder - ok
18:35:28.0106 5524 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:35:28.0111 5524 Audiosrv - ok
18:35:28.0127 5524 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
18:35:28.0171 5524 AxInstSV - ok
18:35:28.0192 5524 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:35:28.0221 5524 b06bdrv - ok
18:35:28.0253 5524 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:35:28.0273 5524 b57nd60x - ok
18:35:28.0312 5524 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
18:35:28.0348 5524 BDESVC - ok
18:35:28.0369 5524 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:35:28.0393 5524 Beep - ok
18:35:28.0449 5524 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
18:35:28.0454 5524 BFE - ok
18:35:28.0505 5524 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
18:35:28.0572 5524 BITS - ok
18:35:28.0596 5524 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:35:28.0624 5524 blbdrive - ok
18:35:28.0660 5524 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:35:28.0690 5524 bowser - ok
18:35:28.0711 5524 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:35:28.0759 5524 BrFiltLo - ok
18:35:28.0786 5524 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:35:28.0820 5524 BrFiltUp - ok
18:35:28.0854 5524 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
18:35:28.0856 5524 Browser - ok
18:35:28.0882 5524 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:35:28.0935 5524 Brserid - ok
18:35:28.0948 5524 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:35:28.0988 5524 BrSerWdm - ok
18:35:28.0993 5524 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:35:29.0036 5524 BrUsbMdm - ok
18:35:29.0041 5524 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:35:29.0067 5524 BrUsbSer - ok
18:35:29.0092 5524 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:35:29.0107 5524 BTHMODEM - ok
18:35:29.0141 5524 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
18:35:29.0183 5524 bthserv - ok
18:35:29.0212 5524 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:35:29.0244 5524 cdfs - ok
18:35:29.0302 5524 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
18:35:29.0335 5524 cdrom - ok
18:35:29.0366 5524 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
18:35:29.0368 5524 CertPropSvc - ok
18:35:29.0381 5524 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:35:29.0410 5524 circlass - ok
18:35:29.0440 5524 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:35:29.0443 5524 CLFS - ok
18:35:29.0524 5524 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:35:29.0581 5524 clr_optimization_v2.0.50727_32 - ok
18:35:29.0650 5524 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:35:29.0672 5524 clr_optimization_v4.0.30319_32 - ok
18:35:29.0684 5524 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:35:29.0739 5524 CmBatt - ok
18:35:29.0776 5524 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:35:29.0806 5524 cmdide - ok
18:35:29.0855 5524 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
18:35:29.0895 5524 CNG - ok
18:35:29.0901 5524 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:35:29.0915 5524 Compbatt - ok
18:35:29.0975 5524 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:35:30.0007 5524 CompositeBus - ok
18:35:30.0031 5524 COMSysApp - ok
18:35:30.0053 5524 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:35:30.0081 5524 crcdisk - ok
18:35:30.0137 5524 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
18:35:30.0139 5524 CryptSvc - ok
18:35:30.0201 5524 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
18:35:30.0209 5524 DcomLaunch - ok
18:35:30.0246 5524 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
18:35:30.0292 5524 defragsvc - ok
18:35:30.0328 5524 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:35:30.0356 5524 DfsC - ok
18:35:30.0426 5524 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
18:35:30.0429 5524 Dhcp - ok
18:35:30.0443 5524 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:35:30.0482 5524 discache - ok
18:35:30.0499 5524 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:35:30.0528 5524 Disk - ok
18:35:30.0572 5524 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
18:35:30.0574 5524 Dnscache - ok
18:35:30.0619 5524 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
18:35:30.0674 5524 dot3svc - ok
18:35:30.0705 5524 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
18:35:30.0708 5524 DPS - ok
18:35:30.0741 5524 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:35:30.0773 5524 drmkaud - ok
18:35:30.0841 5524 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:35:30.0896 5524 DXGKrnl - ok
18:35:30.0935 5524 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
18:35:30.0938 5524 EapHost - ok
18:35:31.0076 5524 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:35:31.0162 5524 ebdrv - ok
18:35:31.0270 5524 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
18:35:31.0273 5524 EFS - ok
18:35:31.0348 5524 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
18:35:31.0412 5524 ehRecvr - ok
18:35:31.0436 5524 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
18:35:31.0468 5524 ehSched - ok
18:35:31.0502 5524 ElRawDisk (9c64c2a950195f9bc3a09a499648b01c) C:\Windows\system32\drivers\ElRawDsk.sys
18:35:31.0540 5524 ElRawDisk - ok
18:35:31.0607 5524 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:35:31.0663 5524 elxstor - ok
18:35:31.0697 5524 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:35:31.0735 5524 ErrDev - ok
18:35:31.0793 5524 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
18:35:31.0798 5524 EventSystem - ok
18:35:31.0822 5524 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:35:31.0853 5524 exfat - ok
18:35:31.0875 5524 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:35:31.0912 5524 fastfat - ok
18:35:31.0971 5524 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
18:35:31.0977 5524 Fax - ok
18:35:31.0993 5524 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:35:32.0026 5524 fdc - ok
18:35:32.0048 5524 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
18:35:32.0075 5524 fdPHost - ok
18:35:32.0094 5524 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
18:35:32.0120 5524 FDResPub - ok
18:35:32.0141 5524 FileDisk - ok
18:35:32.0150 5524 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:35:32.0189 5524 FileInfo - ok
18:35:32.0209 5524 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:35:32.0242 5524 Filetrace - ok
18:35:32.0268 5524 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:35:32.0284 5524 flpydisk - ok
18:35:32.0325 5524 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:35:32.0363 5524 FltMgr - ok
18:35:32.0427 5524 FontCache (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll
18:35:32.0448 5524 FontCache - ok
18:35:32.0517 5524 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:35:32.0551 5524 FontCache3.0.0.0 - ok
18:35:32.0576 5524 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:35:32.0607 5524 FsDepends - ok
18:35:32.0627 5524 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
18:35:32.0656 5524 Fs_Rec - ok
18:35:32.0719 5524 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:35:32.0739 5524 fvevol - ok
18:35:32.0775 5524 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:35:32.0805 5524 gagp30kx - ok
18:35:32.0846 5524 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
18:35:32.0915 5524 gpsvc - ok
18:35:32.0993 5524 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:35:32.0996 5524 gupdate - ok
18:35:33.0001 5524 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:35:33.0003 5524 gupdatem - ok
18:35:33.0032 5524 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:35:33.0500 5524 gusvc - ok
18:35:33.0520 5524 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:35:33.0555 5524 hcw85cir - ok
18:35:33.0624 5524 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
18:35:33.0646 5524 HdAudAddService - ok
18:35:33.0849 5524 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
18:35:33.0865 5524 HDAudBus - ok
18:35:33.0909 5524 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:35:33.0951 5524 HidBatt - ok
18:35:34.0054 5524 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:35:34.0104 5524 HidBth - ok
18:35:34.0177 5524 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:35:34.0230 5524 HidIr - ok
18:35:34.0285 5524 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
18:35:34.0287 5524 hidserv - ok
18:35:34.0341 5524 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
18:35:34.0390 5524 HidUsb - ok
18:35:34.0469 5524 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
18:35:34.0473 5524 hkmsvc - ok
18:35:34.0599 5524 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
18:35:34.0619 5524 HomeGroupListener - ok
18:35:34.0668 5524 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
18:35:34.0672 5524 HomeGroupProvider - ok
18:35:34.0701 5524 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:35:34.0758 5524 HpSAMD - ok
18:35:34.0960 5524 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:35:35.0021 5524 HTTP - ok
18:35:35.0052 5524 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:35:35.0078 5524 hwpolicy - ok
18:35:35.0135 5524 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:35:35.0160 5524 i8042prt - ok
18:35:35.0207 5524 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
18:35:35.0264 5524 iaStorV - ok
18:35:35.0386 5524 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:35:35.0459 5524 idsvc - ok
18:35:35.0662 5524 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:35:35.0851 5524 igfx - ok
18:35:35.0961 5524 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:35:35.0990 5524 iirsp - ok
18:35:36.0073 5524 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
18:35:36.0080 5524 IKEEXT - ok
18:35:36.0118 5524 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
18:35:36.0148 5524 intelide - ok
18:35:36.0179 5524 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:35:36.0181 5524 intelppm - ok
18:35:36.0269 5524 ioloSystemService (440a02fa25be8dccd2103d820036eda1) C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
18:35:36.0295 5524 ioloSystemService - ok
18:35:36.0313 5524 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
18:35:36.0351 5524 IPBusEnum - ok
18:35:36.0358 5524 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:35:36.0377 5524 IpFilterDriver - ok
18:35:36.0422 5524 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
18:35:36.0428 5524 iphlpsvc - ok
18:35:36.0465 5524 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:35:36.0497 5524 IPMIDRV - ok
18:35:36.0527 5524 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:35:36.0546 5524 IPNAT - ok
18:35:36.0566 5524 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:35:36.0601 5524 IRENUM - ok
18:35:36.0622 5524 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:35:36.0652 5524 isapnp - ok
18:35:36.0715 5524 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:35:36.0736 5524 iScsiPrt - ok
18:35:36.0766 5524 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
18:35:36.0785 5524 kbdclass - ok
18:35:36.0818 5524 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
18:35:36.0833 5524 kbdhid - ok
18:35:36.0871 5524 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:35:36.0874 5524 KeyIso - ok
18:35:36.0892 5524 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
18:35:36.0921 5524 KSecDD - ok
18:35:36.0945 5524 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
18:35:36.0976 5524 KSecPkg - ok
18:35:37.0015 5524 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
18:35:37.0068 5524 KtmRm - ok
18:35:37.0119 5524 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
18:35:37.0123 5524 LanmanServer - ok
18:35:37.0162 5524 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
18:35:37.0167 5524 LanmanWorkstation - ok
18:35:37.0207 5524 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:35:37.0240 5524 lltdio - ok
18:35:37.0276 5524 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
18:35:37.0314 5524 lltdsvc - ok
18:35:37.0331 5524 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
18:35:37.0370 5524 lmhosts - ok
18:35:37.0407 5524 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:35:37.0436 5524 LSI_FC - ok
18:35:37.0457 5524 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:35:37.0491 5524 LSI_SAS - ok
18:35:37.0514 5524 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:35:37.0549 5524 LSI_SAS2 - ok
18:35:37.0577 5524 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:35:37.0613 5524 LSI_SCSI - ok
18:35:37.0637 5524 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:35:37.0670 5524 luafv - ok
18:35:37.0696 5524 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
18:35:37.0734 5524 Mcx2Svc - ok
18:35:37.0761 5524 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:35:37.0775 5524 megasas - ok
18:35:37.0794 5524 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:35:37.0834 5524 MegaSR - ok
18:35:37.0865 5524 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:35:37.0868 5524 MMCSS - ok
18:35:37.0886 5524 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:35:37.0913 5524 Modem - ok
18:35:37.0938 5524 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:35:37.0941 5524 monitor - ok
18:35:37.0985 5524 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
18:35:38.0003 5524 mouclass - ok
18:35:38.0029 5524 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:35:38.0055 5524 mouhid - ok
18:35:38.0084 5524 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:35:38.0119 5524 mountmgr - ok
18:35:38.0158 5524 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:35:38.0188 5524 mpio - ok
18:35:38.0215 5524 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:35:38.0251 5524 mpsdrv - ok
18:35:38.0296 5524 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
18:35:38.0302 5524 MpsSvc - ok
18:35:38.0339 5524 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:35:38.0368 5524 MRxDAV - ok
18:35:38.0417 5524 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:35:38.0451 5524 mrxsmb - ok
18:35:38.0484 5524 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:35:38.0505 5524 mrxsmb10 - ok
18:35:38.0526 5524 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:35:38.0564 5524 mrxsmb20 - ok
18:35:38.0586 5524 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
18:35:38.0619 5524 msahci - ok
18:35:38.0645 5524 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:35:38.0683 5524 msdsm - ok
18:35:38.0709 5524 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
18:35:38.0754 5524 MSDTC - ok
18:35:38.0783 5524 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:35:38.0819 5524 Msfs - ok
18:35:38.0843 5524 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:35:38.0873 5524 mshidkmdf - ok
18:35:38.0902 5524 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:35:38.0931 5524 msisadrv - ok
18:35:38.0959 5524 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
18:35:38.0998 5524 MSiSCSI - ok
18:35:39.0003 5524 msiserver - ok
18:35:39.0030 5524 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:35:39.0076 5524 MSKSSRV - ok
18:35:39.0104 5524 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:35:39.0146 5524 MSPCLOCK - ok
18:35:39.0164 5524 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:35:39.0206 5524 MSPQM - ok
18:35:39.0231 5524 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:35:39.0269 5524 MsRPC - ok
18:35:39.0297 5524 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:35:39.0299 5524 mssmbios - ok
18:35:39.0304 5524 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:35:39.0336 5524 MSTEE - ok
18:35:39.0358 5524 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:35:39.0372 5524 MTConfig - ok
18:35:39.0416 5524 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
18:35:39.0439 5524 MTsensor - ok
18:35:39.0463 5524 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:35:39.0499 5524 Mup - ok
18:35:39.0542 5524 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
18:35:39.0549 5524 napagent - ok
18:35:39.0585 5524 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:35:39.0623 5524 NativeWifiP - ok
18:35:39.0671 5524 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:35:39.0682 5524 NDIS - ok
18:35:39.0704 5524 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:35:39.0738 5524 NdisCap - ok
18:35:39.0764 5524 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:35:39.0789 5524 NdisTapi - ok
18:35:39.0839 5524 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:35:39.0872 5524 Ndisuio - ok
18:35:39.0908 5524 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:35:39.0943 5524 NdisWan - ok
18:35:39.0974 5524 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
18:35:40.0006 5524 NDProxy - ok
18:35:40.0013 5524 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:35:40.0031 5524 NetBIOS - ok
18:35:40.0070 5524 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
18:35:40.0107 5524 NetBT - ok
18:35:40.0138 5524 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:35:40.0140 5524 Netlogon - ok
18:35:40.0190 5524 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
18:35:40.0195 5524 Netman - ok
18:35:40.0224 5524 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
18:35:40.0229 5524 netprofm - ok
18:35:40.0304 5524 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:35:40.0325 5524 NetTcpPortSharing - ok
18:35:40.0356 5524 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:35:40.0391 5524 nfrd960 - ok
18:35:40.0423 5524 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
18:35:40.0427 5524 NlaSvc - ok
18:35:40.0436 5524 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:35:40.0616 5524 Npfs - ok
18:35:40.0637 5524 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
18:35:40.0676 5524 nsi - ok
18:35:40.0702 5524 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:35:40.0727 5524 nsiproxy - ok
18:35:40.0812 5524 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
18:35:40.0875 5524 Ntfs - ok
18:35:40.0881 5524 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:35:40.0904 5524 Null - ok
18:35:40.0953 5524 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
18:35:40.0971 5524 nvraid - ok
18:35:41.0010 5524 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
18:35:41.0044 5524 nvstor - ok
18:35:41.0070 5524 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
18:35:41.0089 5524 nv_agp - ok
18:35:41.0124 5524 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
18:35:41.0185 5524 ohci1394 - ok
18:35:41.0214 5524 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:35:41.0266 5524 p2pimsvc - ok
18:35:41.0303 5524 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
18:35:41.0333 5524 p2psvc - ok
18:35:41.0365 5524 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:35:41.0383 5524 Parport - ok
18:35:41.0421 5524 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
18:35:41.0457 5524 partmgr - ok
18:35:41.0482 5524 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:35:41.0519 5524 Parvdm - ok
18:35:41.0547 5524 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
18:35:41.0570 5524 PcaSvc - ok
18:35:41.0603 5524 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
18:35:41.0636 5524 pci - ok
18:35:41.0655 5524 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
18:35:41.0683 5524 pciide - ok
18:35:41.0711 5524 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:35:41.0756 5524 pcmcia - ok
18:35:41.0776 5524 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:35:41.0791 5524 pcw - ok
18:35:41.0834 5524 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:35:41.0872 5524 PEAUTH - ok
18:35:41.0976 5524 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
18:35:42.0083 5524 pla - ok
18:35:42.0202 5524 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
18:35:42.0208 5524 PlugPlay - ok
18:35:42.0237 5524 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
18:35:42.0274 5524 PNRPAutoReg - ok
18:35:42.0303 5524 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:35:42.0307 5524 PNRPsvc - ok
18:35:42.0339 5524 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
18:35:42.0394 5524 PolicyAgent - ok
18:35:42.0433 5524 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
18:35:42.0454 5524 Power - ok
18:35:42.0505 5524 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:35:42.0525 5524 PptpMiniport - ok
18:35:42.0546 5524 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:35:42.0561 5524 Processor - ok
18:35:42.0600 5524 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
18:35:42.0605 5524 ProfSvc - ok
18:35:42.0638 5524 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:35:42.0641 5524 ProtectedStorage - ok
18:35:42.0669 5524 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:35:42.0708 5524 Psched - ok
18:35:42.0783 5524 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:35:42.0861 5524 ql2300 - ok
18:35:42.0941 5524 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:35:42.0972 5524 ql40xx - ok
18:35:43.0015 5524 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
18:35:43.0057 5524 QWAVE - ok
18:35:43.0076 5524 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:35:43.0109 5524 QWAVEdrv - ok
18:35:43.0134 5524 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:35:43.0163 5524 RasAcd - ok
18:35:43.0195 5524 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:35:43.0223 5524 RasAgileVpn - ok
18:35:43.0249 5524 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
18:35:43.0288 5524 RasAuto - ok
18:35:43.0295 5524 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:35:43.0317 5524 Rasl2tp - ok
18:35:43.0385 5524 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
18:35:43.0441 5524 RasMan - ok
18:35:43.0467 5524 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:35:43.0489 5524 RasPppoe - ok
18:35:43.0527 5524 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:35:43.0555 5524 RasSstp - ok
18:35:43.0588 5524 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
18:35:43.0621 5524 rdbss - ok
18:35:43.0647 5524 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:35:43.0676 5524 rdpbus - ok
18:35:43.0701 5524 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:35:43.0728 5524 RDPCDD - ok
18:35:43.0748 5524 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:35:43.0767 5524 RDPENCDD - ok
18:35:43.0780 5524 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:35:43.0814 5524 RDPREFMP - ok
18:35:43.0855 5524 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
18:35:43.0873 5524 RDPWD - ok
18:35:43.0912 5524 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
18:35:43.0945 5524 rdyboost - ok
18:35:43.0978 5524 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
18:35:44.0010 5524 RemoteAccess - ok
18:35:44.0042 5524 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
18:35:44.0089 5524 RemoteRegistry - ok
18:35:44.0135 5524 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
18:35:44.0139 5524 RpcEptMapper - ok
18:35:44.0173 5524 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
18:35:44.0191 5524 RpcLocator - ok
18:35:44.0245 5524 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
18:35:44.0251 5524 RpcSs - ok
18:35:44.0272 5524 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:35:44.0305 5524 rspndr - ok
18:35:44.0349 5524 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:35:44.0351 5524 SamSs - ok
18:35:44.0590 5524 SBAMSvc (bce943896289a91ad75cc5652620b1c6) C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
18:35:44.0855 5524 SBAMSvc - ok
18:35:44.0965 5524 sbapifs (3fff8cda4d2f29ca06f1557e85163c30) C:\Windows\system32\DRIVERS\sbapifs.sys
18:35:45.0003 5524 sbapifs - ok
18:35:45.0030 5524 SbFw (bcf3ba30c1cfa2942cf26c31384b37c7) C:\Windows\system32\drivers\SbFw.sys
18:35:45.0061 5524 SbFw - ok
18:35:45.0100 5524 SBFWIMCL (1dcad90cc9c0ddc7d060fd97854f8518) C:\Windows\system32\DRIVERS\sbfwim.sys
18:35:45.0117 5524 SBFWIMCL - ok
18:35:45.0122 5524 SBFWIMCLMP (1dcad90cc9c0ddc7d060fd97854f8518) C:\Windows\system32\DRIVERS\SBFWIM.sys
18:35:45.0124 5524 SBFWIMCLMP - ok
18:35:45.0150 5524 sbhips (1afd7178ab9c4fce2d332da7aa474fa6) C:\Windows\system32\drivers\sbhips.sys
18:35:45.0176 5524 sbhips - ok
18:35:45.0234 5524 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
18:35:45.0265 5524 sbp2port - ok
18:35:45.0287 5524 SBRE (1fd538c4feb36b793d2121f20bbdc16f) C:\Windows\system32\drivers\SBREdrv.sys
18:35:45.0335 5524 SBRE - ok
18:35:45.0497 5524 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
18:35:45.0594 5524 SBSDWSCService - ok
18:35:45.0628 5524 sbwtis (9bdf801a6c78e3f1e6fa1c5ca90baa8a) C:\Windows\system32\DRIVERS\sbwtis.sys
18:35:45.0644 5524 sbwtis - ok
18:35:45.0682 5524 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
18:35:45.0704 5524 SCardSvr - ok
18:35:45.0745 5524 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
18:35:45.0774 5524 scfilter - ok
18:35:45.0832 5524 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
18:35:45.0908 5524 Schedule - ok
18:35:45.0933 5524 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
18:35:45.0936 5524 SCPolicySvc - ok
18:35:45.0985 5524 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
18:35:46.0027 5524 SDRSVC - ok
18:35:46.0067 5524 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:35:46.0101 5524 secdrv - ok
18:35:46.0120 5524 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
18:35:46.0136 5524 seclogon - ok
18:35:46.0158 5524 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
18:35:46.0162 5524 SENS - ok
18:35:46.0189 5524 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
18:35:46.0226 5524 SensrSvc - ok
18:35:46.0249 5524 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:35:46.0280 5524 Serenum - ok
18:35:46.0300 5524 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:35:46.0333 5524 Serial - ok
18:35:46.0366 5524 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:35:46.0395 5524 sermouse - ok
18:35:46.0434 5524 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
18:35:46.0438 5524 SessionEnv - ok
18:35:46.0476 5524 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
18:35:46.0490 5524 sffdisk - ok
18:35:46.0495 5524 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
18:35:46.0533 5524 sffp_mmc - ok
18:35:46.0540 5524 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
18:35:46.0596 5524 sffp_sd - ok
18:35:46.0621 5524 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:35:46.0645 5524 sfloppy - ok
18:35:46.0690 5524 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
18:35:46.0717 5524 SharedAccess - ok
18:35:46.0767 5524 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
18:35:46.0772 5524 ShellHWDetection - ok
18:35:46.0793 5524 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
18:35:46.0810 5524 sisagp - ok
18:35:46.0844 5524 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:35:46.0872 5524 SiSRaid2 - ok
18:35:46.0891 5524 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:35:46.0921 5524 SiSRaid4 - ok
18:35:46.0942 5524 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:35:46.0982 5524 Smb - ok
18:35:47.0028 5524 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
18:35:47.0197 5524 SNMPTRAP - ok
18:35:47.0202 5524 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:35:47.0225 5524 spldr - ok
18:35:47.0271 5524 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
18:35:47.0282 5524 Spooler - ok
18:35:47.0454 5524 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
18:35:47.0530 5524 sppsvc - ok
18:35:47.0634 5524 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
18:35:47.0667 5524 sppuinotify - ok
18:35:47.0708 5524 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
18:35:47.0728 5524 srv - ok
18:35:47.0768 5524 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
18:35:47.0792 5524 srv2 - ok
18:35:47.0840 5524 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
18:35:47.0881 5524 srvnet - ok
18:35:47.0913 5524 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
18:35:47.0939 5524 SSDPSRV - ok
18:35:47.0966 5524 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
18:35:47.0989 5524 SstpSvc - ok
18:35:48.0016 5524 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:35:48.0050 5524 stexstor - ok
18:35:48.0130 5524 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
18:35:48.0183 5524 StiSvc - ok
18:35:48.0219 5524 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
18:35:48.0259 5524 swenum - ok
18:35:48.0289 5524 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
18:35:48.0339 5524 swprv - ok
18:35:48.0406 5524 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
18:35:48.0431 5524 SysMain - ok
18:35:48.0472 5524 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
18:35:48.0511 5524 TabletInputService - ok
18:35:48.0546 5524 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
18:35:48.0575 5524 TapiSrv - ok
18:35:48.0615 5524 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
18:35:48.0653 5524 TBS - ok
18:35:48.0778 5524 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
18:35:48.0845 5524 Tcpip - ok
18:35:48.0873 5524 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
18:35:48.0884 5524 TCPIP6 - ok
18:35:48.0934 5524 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
18:35:48.0954 5524 tcpipreg - ok
18:35:48.0989 5524 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
18:35:49.0023 5524 TDPIPE - ok
18:35:49.0045 5524 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
18:35:49.0060 5524 TDTCP - ok
18:35:49.0102 5524 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
18:35:49.0138 5524 tdx - ok
18:35:49.0160 5524 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
18:35:49.0174 5524 TermDD - ok
18:35:49.0233 5524 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
18:35:49.0240 5524 TermService - ok
18:35:49.0252 5524 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
18:35:49.0257 5524 Themes - ok
18:35:49.0287 5524 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:35:49.0291 5524 THREADORDER - ok
18:35:49.0317 5524 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
18:35:49.0322 5524 TrkWks - ok
18:35:49.0381 5524 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
18:35:49.0722 5524 TrustedInstaller - ok
18:35:49.0764 5524 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:35:49.0779 5524 tssecsrv - ok
18:35:49.0810 5524 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
18:35:49.0830 5524 TsUsbFlt - ok
18:35:49.0879 5524 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
18:35:49.0919 5524 tunnel - ok
18:35:49.0953 5524 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:35:49.0983 5524 uagp35 - ok
18:35:50.0024 5524 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
18:35:50.0059 5524 udfs - ok
18:35:50.0086 5524 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
18:35:50.0123 5524 UI0Detect - ok
18:35:50.0151 5524 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
18:35:50.0184 5524 uliagpkx - ok
18:35:50.0216 5524 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
18:35:50.0231 5524 umbus - ok
18:35:50.0236 5524 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:35:50.0265 5524 UmPass - ok
18:35:50.0296 5524 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
18:35:50.0319 5524 upnphost - ok
18:35:50.0346 5524 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
18:35:50.0362 5524 usbccgp - ok
18:35:50.0393 5524 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
18:35:50.0410 5524 usbcir - ok
18:35:50.0420 5524 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
18:35:50.0450 5524 usbehci - ok
18:35:50.0482 5524 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
18:35:50.0506 5524 usbhub - ok
18:35:50.0523 5524 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
18:35:50.0554 5524 usbohci - ok
18:35:50.0574 5524 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:35:50.0604 5524 usbprint - ok
18:35:50.0645 5524 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
18:35:50.0679 5524 usbscan - ok
18:35:50.0705 5524 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:35:50.0722 5524 USBSTOR - ok
18:35:50.0735 5524 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:35:50.0772 5524 usbuhci - ok
18:35:50.0801 5524 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
18:35:50.0805 5524 UxSms - ok
18:35:50.0850 5524 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:35:50.0853 5524 VaultSvc - ok
18:35:50.0865 5524 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
18:35:50.0892 5524 vdrvroot - ok
18:35:50.0944 5524 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
18:35:51.0011 5524 vds - ok
18:35:51.0038 5524 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:35:51.0066 5524 vga - ok
18:35:51.0091 5524 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:35:51.0123 5524 VgaSave - ok
18:35:51.0162 5524 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
18:35:51.0191 5524 vhdmp - ok
18:35:51.0223 5524 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
18:35:51.0238 5524 viaagp - ok
18:35:51.0255 5524 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:35:51.0285 5524 ViaC7 - ok
18:35:51.0301 5524 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
18:35:51.0325 5524 viaide - ok
18:35:51.0355 5524 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
18:35:51.0382 5524 volmgr - ok
18:35:51.0415 5524 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:35:51.0454 5524 volmgrx - ok
18:35:51.0482 5524 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
18:35:51.0537 5524 volsnap - ok
18:35:51.0612 5524 vseamps (9ba46ed5fc55ce97aa7bbbe273f1b1e3) C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
18:35:52.0192 5524 vseamps - ok
18:35:52.0209 5524 vsedsps (37708f105e90b0ff29dca7cfdc748c70) C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
18:35:52.0771 5524 vsedsps - ok
18:35:52.0842 5524 vseqrts (994a1ab4cbeb530678f0d27cecee50ac) C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
18:35:53.0787 5524 vseqrts - ok
18:35:53.0818 5524 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:35:53.0856 5524 vsmraid - ok
18:35:53.0928 5524 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
18:35:53.0960 5524 VSS - ok
18:35:53.0970 5524 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
18:35:53.0998 5524 vwifibus - ok
18:35:54.0046 5524 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
18:35:54.0052 5524 W32Time - ok
18:35:54.0068 5524 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:35:54.0120 5524 WacomPen - ok
18:35:54.0165 5524 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:35:54.0193 5524 WANARP - ok
18:35:54.0197 5524 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:35:54.0199 5524 Wanarpv6 - ok
18:35:54.0303 5524 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
18:35:54.0427 5524 WatAdminSvc - ok
18:35:54.0498 5524 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
18:35:54.0590 5524 wbengine - ok
18:35:54.0615 5524 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
18:35:54.0663 5524 WbioSrvc - ok
18:35:54.0703 5524 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
18:35:54.0731 5524 wcncsvc - ok
18:35:54.0759 5524 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
18:35:54.0807 5524 WcsPlugInService - ok
18:35:54.0853 5524 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:35:54.0888 5524 Wd - ok
18:35:54.0933 5524 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:35:54.0967 5524 Wdf01000 - ok
18:35:54.0988 5524 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:35:54.0994 5524 WdiServiceHost - ok
18:35:54.0998 5524 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:35:55.0003 5524 WdiSystemHost - ok
18:35:55.0051 5524 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
18:35:55.0104 5524 WebClient - ok
18:35:55.0133 5524 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
18:35:55.0172 5524 Wecsvc - ok
18:35:55.0199 5524 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
18:35:55.0203 5524 wercplsupport - ok
18:35:55.0222 5524 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
18:35:55.0228 5524 WerSvc - ok
18:35:55.0248 5524 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:35:55.0280 5524 WfpLwf - ok
18:35:55.0300 5524 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:35:55.0327 5524 WIMMount - ok
18:35:55.0417 5524 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
18:35:55.0481 5524 WinDefend - ok
18:35:55.0488 5524 WinHttpAutoProxySvc - ok
18:35:55.0566 5524 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
18:35:55.0614 5524 Winmgmt - ok
18:35:55.0711 5524 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
18:35:55.0725 5524 WinRM - ok
18:35:55.0778 5524 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
18:35:55.0827 5524 Wlansvc - ok
18:35:55.0888 5524 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
18:35:55.0916 5524 WmiAcpi - ok
18:35:55.0946 5524 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
18:35:56.0004 5524 wmiApSrv - ok
18:35:56.0079 5524 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:35:56.0109 5524 WMPNetworkSvc - ok
18:35:56.0126 5524 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
18:35:56.0156 5524 WPCSvc - ok
18:35:56.0192 5524 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
18:35:56.0210 5524 WPDBusEnum - ok
18:35:56.0251 5524 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:35:56.0283 5524 ws2ifsl - ok
18:35:56.0307 5524 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
18:35:56.0311 5524 wscsvc - ok
18:35:56.0316 5524 WSearch - ok
18:35:56.0446 5524 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
18:35:56.0482 5524 wuauserv - ok
18:35:56.0570 5524 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
18:35:56.0607 5524 WudfPf - ok
18:35:56.0669 5524 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:35:56.0723 5524 WUDFRd - ok
18:35:56.0786 5524 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
18:35:56.0832 5524 wudfsvc - ok
18:35:56.0862 5524 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
18:35:56.0908 5524 WwanSvc - ok
18:35:56.0933 5524 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
18:35:57.0167 5524 \Device\Harddisk1\DR1 - ok
18:35:57.0178 5524 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:35:57.0568 5524 \Device\Harddisk0\DR0 - ok
18:35:57.0574 5524 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk3\DR3
18:35:57.0705 5524 \Device\Harddisk3\DR3 - ok
18:35:57.0718 5524 Boot (0x1200) (2f0286bff7ea190fdf6912468d168f9d) \Device\Harddisk1\DR1\Partition0
18:35:57.0719 5524 \Device\Harddisk1\DR1\Partition0 - ok
18:35:57.0737 5524 Boot (0x1200) (bfac1bdc347c5ba510dc17453c606827) \Device\Harddisk1\DR1\Partition1
18:35:57.0738 5524 \Device\Harddisk1\DR1\Partition1 - ok
18:35:57.0742 5524 Boot (0x1200) (452e79342dd2b7288eb54b283a6b2356) \Device\Harddisk0\DR0\Partition0
18:35:57.0743 5524 \Device\Harddisk0\DR0\Partition0 - ok
18:35:57.0749 5524 Boot (0x1200) (7f38da5b0dbdbe97feb8c44da0e629e8) \Device\Harddisk3\DR3\Partition0
18:35:57.0751 5524 \Device\Harddisk3\DR3\Partition0 - ok
18:35:57.0751 5524 ============================================================
18:35:57.0751 5524 Scan finished
18:35:57.0751 5524 ============================================================
18:35:57.0763 3588 Detected object count: 0
18:35:57.0763 3588 Actual detected object count: 0
18:36:37.0033 5252 Deinitialize success

Is the machine clean? how do I set up protection to assure maximum protection?

Donel

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,537 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:15 AM

Posted 01 June 2012 - 09:17 PM

Hello. looks clear..
Unistall this .. Java™ 6 Update 22 (Version: 6.0.220)..Old versions are exploitable bt malware.

I dont feel you need these or would replace them with one tool that's better.
Free SUPERAntiSpyware or buy for $20

Ad-Aware Antivirus (Version: 10.1.211.3382)
Ad-Aware Browsing Protection (Version: 0.9.0.2)
Spybot - Search & Destroy (Version: 1.6.2)
These tend to have a poorer detection rate and slow somw machines.

Are you on a router? wired or wireless? If so you should have a strong password on it.
change my router's password?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 donel

donel
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 01 June 2012 - 10:57 PM

Boopme,
Thanks for your help. Java 6 22 has been uninstalled. I will look into SuperAntiSpyware. I have a mixed system. Some computers are hard wired because they are close to the router but the laptop my tablet and printer are wireless and yes, there are strong passwords in place. We are glad to have you superheros to defend us against the the evil-terrorist mal-ware bombers, and that's not a joke.
Thanks again

Donel

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,537 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:15 AM

Posted 02 June 2012 - 08:24 PM

You're welcome and thanks.

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users