Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

services problem


  • This topic is locked This topic is locked
20 replies to this topic

#1 Raw Joe

Raw Joe

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 03 June 2012 - 01:18 AM

Farbar Service Scanner Version: 27-05-2012
Ran by Rojo (administrator) on 02-06-2012 at 16:03:58
Running from "C:\Documents and Settings\Rojo\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Yahoo IP returned error: Yahoo IP is offline


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit


**** End of log ****



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/15/2012 1:02:41 AM
System Uptime: 6/2/2012 4:46:48 PM (9 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | EP45-DS3L
Processor: Intel Pentium III Xeon processor | Socket 775 | 2999/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 347.584 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 28.123 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Audio Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_1458A002&REV_1000\4&24734D84&0&0201
Manufacturer:
Name: Audio Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_1458A002&REV_1000\4&24734D84&0&0201
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20
Active@ ISO Burner
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Alan Wake
ARMA 2
ARMA 2: Operation Arrowhead
Avira Free Antivirus
Battlefield 2
BattlEye Uninstall
Counter-Strike: Source
DAEMON Tools Lite
DiRT 3
DisplayFusion 4.0
Energy Saver Advance B8.0520.1
ESET Online Scanner v3
F1 2011
GRID
Guild Wars
HitmanPro 3.6
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HT OMEGA STRIKER7.1
Java Auto Updater
Java™ 7 Update 4
JavaFX 2.1.0
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.61.0.1400
Mass Effect 2
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Xbox 360 Accessories 1.2
MotoHelper 2.1.40 Driver 5.5.0
MotoHelper MergeModules
Motorola Mobile Drivers Installation 5.5.0
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Control Panel 296.10
NVIDIA Graphics Driver 296.10
NVIDIA Install Application
NVIDIA nView 136.18
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Update 1.7.11
NVIDIA Update Components
OpenAL
Rapture3D 2.4.9 Game
Razer DeathAdder™ Mouse
Razer Lycosa
REALTEK GbE & FE Ethernet PCI-E NIC Driver
rFactor (remove only)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Star wars Battlefront II version 1.3
Steam
TeamSpeak 3 Client
Titan Quest
TrackMania Nations Forever
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 2.0.1
Warcraft III Reign of Chaos & The Frozen Throne
WebFldrs XP
Winamp
Winamp Detector Plug-in
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format Runtime
Windows XP Service Pack 3
WinSetupFromUSB
WinToFlash Suggestor
Xfire (remove only)
.
==== End Of File ===========================


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1
Run by Rojo at 1:15:24 on 2012-06-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1212 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\HitmanPro\hmpsched.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Razer\Razer Lycosa\razerhid.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Razer\Razer Lycosa\razertra.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Razer\DeathAdder\vdDaemon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Rojo\My Documents\Downloads\Defogger.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: WinToFlash Suggestor: {fc36b0bd-27f0-4cdd-8ab1-50651efc3efd} - c:\program files\wintoflash suggestor\WinToFlashSuggestor.dll
uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe
mRun: [Lycosa] "c:\program files\razer\razer lycosa\razerhid.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - {FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD} - c:\program files\wintoflash suggestor\WinToFlashSuggestor.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 10.173.40.31 10.173.40.33 168.215.210.50 64.132.94.250
TCP: Interfaces\{1A9DAF9C-24CB-4E40-BC94-1A1706FBF3FC} : DhcpNameServer = 10.173.40.31 10.173.40.33 168.215.210.50 64.132.94.250
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\rojo\application data\mozilla\firefox\profiles\rw8hxt6u.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-3-15 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-3-15 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-3-15 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-3-15 83392]
R2 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2012-3-15 80392]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-2-28 1373576]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2012-5-22 105288]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2012-2-1 214896]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-3-15 2348352]
R2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2012-3-16 22784]
R3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2012-3-16 23680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-16 257696]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2012-4-11 6016]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2012-4-11 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2012-4-11 20864]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2012-4-11 8448]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2012-4-11 23808]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-28 129976]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-05-29 18:49:49 -------- d-----w- c:\program files\ESET
2012-05-23 23:00:38 -------- d-----w- c:\documents and settings\rojo\local settings\application data\Sun
2012-05-23 22:59:30 -------- d-----w- c:\program files\Oracle
2012-05-23 22:59:21 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-23 22:59:21 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-23 22:59:21 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-22 14:23:22 -------- d-----w- c:\program files\HitmanPro
2012-05-22 14:23:08 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-05-22 03:02:49 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys
2012-05-22 03:02:49 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys
2012-05-22 01:16:48 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-16 18:58:50 -------- d-----w- c:\documents and settings\rojo\local settings\application data\ArmA 2 OA
2012-05-15 15:14:08 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2012-05-15 15:14:08 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2012-05-15 15:14:06 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2012-05-15 15:14:06 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2012-05-15 15:14:05 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2012-05-15 15:14:05 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2012-05-15 15:14:04 16384 ----a-w- c:\windows\system32\ipsink.ax
2012-05-15 15:14:03 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2012-05-15 15:14:03 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2012-05-15 15:14:01 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2012-05-15 15:14:01 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2012-05-15 15:14:00 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2012-05-15 15:14:00 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2012-05-15 15:13:58 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2012-05-15 15:13:58 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2012-05-15 15:13:35 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2012-05-15 15:13:35 61952 ----a-w- c:\windows\system32\kstvtune.ax
2012-05-15 15:13:35 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2012-05-15 15:13:35 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2012-05-15 15:13:33 43008 ----a-w- c:\windows\system32\ksxbar.ax
2012-05-10 02:12:31 -------- d-----w- c:\documents and settings\rojo\application data\TS3Client
2012-05-10 02:12:09 -------- d-----w- c:\program files\TeamSpeak 3 Client
2012-05-10 02:07:02 809560 ----a-r- c:\windows\system32\tmp166.tmp
2012-05-10 02:07:02 809560 ----a-r- c:\windows\system32\tmp165.tmp
2012-05-09 04:57:43 -------- d-----w- c:\program files\Guild Wars
2012-05-09 04:45:41 -------- d-----w- c:\documents and settings\rojo\local settings\application data\Identities
2012-05-05 16:58:31 -------- d-sh--w- c:\documents and settings\rojo\application data\Common
.
==================== Find3M ====================
.
2012-06-02 20:48:14 16608 ----a-w- c:\windows\gdrv.sys
2012-05-10 02:07:02 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2012-05-10 02:07:02 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2012-05-09 03:16:06 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-04 22:27:06 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-04 22:27:06 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-03 02:54:46 42392 ----a-w- c:\windows\system32\xfcodec.dll
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-17 17:57:14 473656 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-03-15 06:19:16 293992 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-03-15 06:19:16 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-03-15 06:19:14 293992 ----a-w- c:\windows\system32\nvdrsdb1.bin
.
============= FINISH: 1:15:51.07 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-03 02:15:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-7 WDC_WD1001FALS-41Y6A0 rev.05.03D06
Running: 59ffg2o0.exe; Driver: C:\DOCUME~1\Rojo\LOCALS~1\Temp\pwlcyuow.sys


---- System - GMER 1.0.15 ----

SSDT B87CAD74 ZwClose
SSDT B87CAD2E ZwCreateKey
SSDT B87CAD7E ZwCreateSection
SSDT B87CAD24 ZwCreateThread
SSDT B87CAD33 ZwDeleteKey
SSDT B87CAD3D ZwDeleteValueKey
SSDT B87CAD6F ZwDuplicateObject
SSDT B87CAD42 ZwLoadKey
SSDT B87CAD10 ZwOpenProcess
SSDT B87CAD15 ZwOpenThread
SSDT B87CAD97 ZwQueryValueKey
SSDT B87CAD4C ZwReplaceKey
SSDT B87CAD88 ZwRequestWaitReplyPort
SSDT B87CAD47 ZwRestoreKey
SSDT B87CAD83 ZwSetContextThread
SSDT B87CAD8D ZwSetSecurityObject
SSDT B87CAD38 ZwSetValueKey
SSDT B87CAD92 ZwSystemDebugControl
SSDT B87CAD1F ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB70EC3C0, 0x95B7EA, 0xE8000020]
? C:\DOCUME~1\Rojo\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[85288] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10454DD6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[85608] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0121C930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[85608] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 0144E0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[85608] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 0144E083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[85608] GDI32.dll!CreateDIBSection 77F19E19 5 Bytes JMP 0144E00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Processes - GMER 1.0.15 ----

Process hidden process (*** hidden *** ) 19752
Process hidden process (*** hidden *** ) 20072
Process hidden process (*** hidden *** ) 56208
Process hidden process (*** hidden *** ) 58672
Process hidden process (*** hidden *** ) 60064
Process hidden process (*** hidden *** ) 60072
Process hidden process (*** hidden *** ) 60536

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x34 0x57 0x62 0xA8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x25 0xE5 0xA6 0xD2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD0 0x27 0xE2 0x7E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x34 0x57 0x62 0xA8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x25 0xE5 0xA6 0xD2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD0 0x27 0xE2 0x7E ...

---- EOF - GMER 1.0.15 ----

continuation of http://www.bleepingcomputer.com/forums/topic455595.html/page__p__2717692__fromsearch__1#entry2717692

Edited by hamluis, 03 June 2012 - 05:50 AM.
Moved from Am I Infected to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 PM

Posted 08 June 2012 - 09:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/455722 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:24 PM

Posted 09 June 2012 - 06:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Disable the CD emulators....

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed. Or when this computer is clean.

HOW TO: Enable the CD Emulators... < restore only when we are finished.

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review and let me know the nature of your problems.

#4 Raw Joe

Raw Joe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 10 June 2012 - 03:50 PM

This is some bowlbleep, I already did the tdsskiller scan and it didn't find anything. My issue is that there's some evil little malware demon blood in my computer and it's interfering with my connectivity and probably taking naked pictures of me when I'm in the shower and sending them to Russia. I randomly stop being able to recieve packets but if I unplug my ethernets cables for a bit and reconnect it I can regain connectivity for a random period of time. Some guy in my original thread that there were some services not running based on the initial logs I posted and while I'm not completely oblivious to computer knowledge I'm not malware savvy enough to know exactly what's in my system or how to get rid of it. Anyways here's more logs to me getting told to do the same things that never work, and if I seem frustrated it's not at whoever's kind enough to take the time to help me but at this situation as a whole mostly because a former friend of mine refuses to use his magical IT powers to help me beyond saying "lol stop clicking stuff and reformat", because reformatting never works for long before the issues come back.

16:32:49.0203 3312 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
16:32:49.0203 3312 ============================================================
16:32:49.0203 3312 Current date / time: 2012/06/10 16:32:49.0203
16:32:49.0203 3312 SystemInfo:
16:32:49.0203 3312
16:32:49.0203 3312 OS Version: 5.1.2600 ServicePack: 3.0
16:32:49.0203 3312 Product type: Workstation
16:32:49.0203 3312 ComputerName: BLUE_STEEL
16:32:49.0203 3312 UserName: Rojo
16:32:49.0203 3312 Windows directory: C:\WINDOWS
16:32:49.0203 3312 System windows directory: C:\WINDOWS
16:32:49.0203 3312 Processor architecture: Intel x86
16:32:49.0203 3312 Number of processors: 2
16:32:49.0203 3312 Page size: 0x1000
16:32:49.0203 3312 Boot type: Normal boot
16:32:49.0203 3312 ============================================================
16:32:50.0484 3312 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:32:50.0500 3312 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:32:50.0500 3312 Drive \Device\Harddisk2\DR4 - Size: 0xF2300000 (3.78 Gb), SectorSize: 0x200, Cylinders: 0x1ED, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:32:50.0500 3312 ============================================================
16:32:50.0500 3312 \Device\Harddisk1\DR1:
16:32:50.0500 3312 MBR partitions:
16:32:50.0500 3312 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
16:32:50.0500 3312 \Device\Harddisk0\DR0:
16:32:50.0500 3312 MBR partitions:
16:32:50.0500 3312 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
16:32:50.0500 3312 \Device\Harddisk2\DR4:
16:32:50.0500 3312 MBR partitions:
16:32:50.0500 3312 \Device\Harddisk2\DR4\Partition0: MBR, Type 0xB, StartLBA 0x1F80, BlocksNum 0x78F880
16:32:50.0500 3312 ============================================================
16:32:50.0515 3312 C: <-> \Device\Harddisk0\DR0\Partition0
16:32:50.0734 3312 E: <-> \Device\Harddisk1\DR1\Partition0
16:32:50.0734 3312 ============================================================
16:32:50.0734 3312 Initialize success
16:32:50.0734 3312 ============================================================
16:32:54.0796 3496 ============================================================
16:32:54.0796 3496 Scan started
16:32:54.0796 3496 Mode: Manual;
16:32:54.0796 3496 ============================================================
16:32:55.0546 3496 Abiosdsk - ok
16:32:55.0546 3496 abp480n5 - ok
16:32:55.0578 3496 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:32:55.0578 3496 ACPI - ok
16:32:55.0593 3496 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:32:55.0593 3496 ACPIEC - ok
16:32:55.0656 3496 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:32:55.0671 3496 AdobeFlashPlayerUpdateSvc - ok
16:32:55.0671 3496 adpu160m - ok
16:32:55.0718 3496 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:32:55.0718 3496 aec - ok
16:32:55.0750 3496 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:32:55.0765 3496 AFD - ok
16:32:55.0765 3496 Aha154x - ok
16:32:55.0765 3496 aic78u2 - ok
16:32:55.0765 3496 aic78xx - ok
16:32:55.0781 3496 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
16:32:55.0796 3496 Alerter - ok
16:32:55.0812 3496 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
16:32:55.0812 3496 ALG - ok
16:32:55.0812 3496 AliIde - ok
16:32:55.0812 3496 amsint - ok
16:32:55.0906 3496 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:32:55.0906 3496 AntiVirSchedulerService - ok
16:32:55.0921 3496 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:32:55.0921 3496 AntiVirService - ok
16:32:55.0953 3496 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
16:32:55.0953 3496 AppMgmt - ok
16:32:55.0953 3496 asc - ok
16:32:55.0953 3496 asc3350p - ok
16:32:55.0953 3496 asc3550 - ok
16:32:56.0015 3496 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:32:56.0031 3496 aspnet_state - ok
16:32:56.0046 3496 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:32:56.0046 3496 AsyncMac - ok
16:32:56.0062 3496 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:32:56.0062 3496 atapi - ok
16:32:56.0062 3496 Atdisk - ok
16:32:56.0078 3496 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:32:56.0093 3496 Atmarpc - ok
16:32:56.0109 3496 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
16:32:56.0109 3496 AudioSrv - ok
16:32:56.0125 3496 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:32:56.0125 3496 audstub - ok
16:32:56.0125 3496 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
16:32:56.0140 3496 avgntflt - ok
16:32:56.0171 3496 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
16:32:56.0171 3496 avipbb - ok
16:32:56.0187 3496 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
16:32:56.0187 3496 avkmgr - ok
16:32:56.0218 3496 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:32:56.0218 3496 Beep - ok
16:32:56.0250 3496 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
16:32:56.0281 3496 BITS - ok
16:32:56.0296 3496 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
16:32:56.0312 3496 Browser - ok
16:32:56.0328 3496 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\WINDOWS\system32\DRIVERS\motfilt.sys
16:32:56.0343 3496 BTCFilterService - ok
16:32:56.0359 3496 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:32:56.0359 3496 cbidf2k - ok
16:32:56.0375 3496 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:32:56.0375 3496 CCDECODE - ok
16:32:56.0375 3496 cd20xrnt - ok
16:32:56.0375 3496 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:32:56.0375 3496 Cdaudio - ok
16:32:56.0390 3496 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:32:56.0390 3496 Cdfs - ok
16:32:56.0406 3496 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:32:56.0406 3496 Cdrom - ok
16:32:56.0406 3496 Changer - ok
16:32:56.0421 3496 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
16:32:56.0421 3496 CiSvc - ok
16:32:56.0437 3496 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
16:32:56.0437 3496 ClipSrv - ok
16:32:56.0453 3496 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:32:56.0468 3496 clr_optimization_v2.0.50727_32 - ok
16:32:56.0500 3496 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:32:56.0500 3496 clr_optimization_v4.0.30319_32 - ok
16:32:56.0500 3496 CmdIde - ok
16:32:56.0578 3496 cmuda3 (adb3cb1a8fef6fe76de9f43be1bec39c) C:\WINDOWS\system32\drivers\cmudax3.sys
16:32:56.0593 3496 cmuda3 - ok
16:32:56.0593 3496 COMSysApp - ok
16:32:56.0593 3496 Cpqarray - ok
16:32:56.0625 3496 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
16:32:56.0625 3496 CryptSvc - ok
16:32:56.0625 3496 dac2w2k - ok
16:32:56.0625 3496 dac960nt - ok
16:32:56.0671 3496 DAdderFltr (cb90f77e21109ccfd114a17bd87a42a7) C:\WINDOWS\system32\drivers\dadder.sys
16:32:56.0671 3496 DAdderFltr - ok
16:32:56.0703 3496 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
16:32:56.0703 3496 DcomLaunch - ok
16:32:56.0718 3496 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
16:32:56.0718 3496 Dhcp - ok
16:32:56.0734 3496 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:32:56.0734 3496 Disk - ok
16:32:56.0734 3496 dmadmin - ok
16:32:56.0796 3496 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:32:56.0812 3496 dmboot - ok
16:32:56.0828 3496 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:32:56.0828 3496 dmio - ok
16:32:56.0843 3496 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:32:56.0843 3496 dmload - ok
16:32:56.0859 3496 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
16:32:56.0859 3496 dmserver - ok
16:32:56.0875 3496 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:32:56.0875 3496 DMusic - ok
16:32:56.0906 3496 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
16:32:56.0906 3496 Dnscache - ok
16:32:56.0937 3496 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
16:32:56.0937 3496 Dot3svc - ok
16:32:56.0937 3496 dpti2o - ok
16:32:56.0953 3496 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:32:56.0953 3496 drmkaud - ok
16:32:56.0984 3496 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
16:32:56.0984 3496 EapHost - ok
16:32:57.0015 3496 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
16:32:57.0015 3496 ERSvc - ok
16:32:57.0031 3496 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:32:57.0046 3496 Eventlog - ok
16:32:57.0109 3496 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
16:32:57.0109 3496 EventSystem - ok
16:32:57.0125 3496 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:32:57.0140 3496 Fastfat - ok
16:32:57.0171 3496 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:32:57.0171 3496 FastUserSwitchingCompatibility - ok
16:32:57.0187 3496 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:32:57.0187 3496 Fdc - ok
16:32:57.0203 3496 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:32:57.0203 3496 Fips - ok
16:32:57.0281 3496 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:32:57.0296 3496 Flpydisk - ok
16:32:57.0296 3496 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:32:57.0296 3496 FltMgr - ok
16:32:57.0343 3496 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:32:57.0343 3496 FontCache3.0.0.0 - ok
16:32:57.0343 3496 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:32:57.0343 3496 Fs_Rec - ok
16:32:57.0343 3496 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:32:57.0359 3496 Ftdisk - ok
16:32:57.0375 3496 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
16:32:57.0375 3496 gameenum - ok
16:32:57.0375 3496 gdrv (5c230948dd6652228f88ca7ae6cb276c) C:\WINDOWS\gdrv.sys
16:32:57.0640 3496 gdrv - ok
16:32:57.0687 3496 GEST Service (c6f7a026866923d3a5eabf5c359d8429) C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
16:32:57.0703 3496 GEST Service - ok
16:32:57.0718 3496 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:32:57.0718 3496 Gpc - ok
16:32:57.0734 3496 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
16:32:57.0734 3496 hamachi - ok
16:32:57.0859 3496 Hamachi2Svc (fa89c0429821c7c429eec7a0ce1c02d3) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
16:32:57.0875 3496 Hamachi2Svc - ok
16:32:57.0906 3496 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:32:57.0906 3496 HDAudBus - ok
16:32:57.0937 3496 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:32:57.0937 3496 helpsvc - ok
16:32:57.0968 3496 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
16:32:57.0968 3496 HidServ - ok
16:32:57.0984 3496 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:32:57.0984 3496 hidusb - ok
16:32:58.0000 3496 HitmanProScheduler (dfe4303b9e624eca01ad5e388b9d1dea) C:\Program Files\HitmanPro\hmpsched.exe
16:32:58.0000 3496 HitmanProScheduler - ok
16:32:58.0015 3496 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
16:32:58.0031 3496 hkmsvc - ok
16:32:58.0031 3496 hpn - ok
16:32:58.0046 3496 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:32:58.0046 3496 HTTP - ok
16:32:58.0062 3496 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
16:32:58.0078 3496 HTTPFilter - ok
16:32:58.0078 3496 i2omgmt - ok
16:32:58.0078 3496 i2omp - ok
16:32:58.0093 3496 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
16:32:58.0093 3496 i8042prt - ok
16:32:58.0156 3496 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:32:58.0203 3496 idsvc - ok
16:32:58.0234 3496 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:32:58.0250 3496 Imapi - ok
16:32:58.0281 3496 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
16:32:58.0281 3496 ImapiService - ok
16:32:58.0281 3496 ini910u - ok
16:32:58.0281 3496 IntelIde - ok
16:32:58.0296 3496 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:32:58.0296 3496 intelppm - ok
16:32:58.0312 3496 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:32:58.0312 3496 Ip6Fw - ok
16:32:58.0328 3496 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:32:58.0328 3496 IpFilterDriver - ok
16:32:58.0343 3496 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:32:58.0343 3496 IpInIp - ok
16:32:58.0359 3496 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:32:58.0359 3496 IpNat - ok
16:32:58.0375 3496 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:32:58.0375 3496 IPSec - ok
16:32:58.0390 3496 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:32:58.0390 3496 IRENUM - ok
16:32:58.0390 3496 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:32:58.0406 3496 isapnp - ok
16:32:58.0421 3496 JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
16:32:58.0421 3496 JavaQuickStarterService - ok
16:32:58.0437 3496 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:32:58.0437 3496 Kbdclass - ok
16:32:58.0437 3496 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:32:58.0437 3496 kbdhid - ok
16:32:58.0468 3496 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:32:58.0468 3496 kmixer - ok
16:32:58.0468 3496 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:32:58.0484 3496 KSecDD - ok
16:32:58.0500 3496 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
16:32:58.0500 3496 lanmanserver - ok
16:32:58.0515 3496 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
16:32:58.0515 3496 lanmanworkstation - ok
16:32:58.0515 3496 lbrtfdc - ok
16:32:58.0546 3496 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
16:32:58.0546 3496 LmHosts - ok
16:32:58.0562 3496 LycoFltr (fee74a4398896793a62c6e8423edbd41) C:\WINDOWS\system32\Drivers\Lycosa.sys
16:32:58.0578 3496 LycoFltr - ok
16:32:58.0593 3496 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
16:32:58.0593 3496 Messenger - ok
16:32:58.0609 3496 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:32:58.0609 3496 mnmdd - ok
16:32:58.0625 3496 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
16:32:58.0625 3496 mnmsrvc - ok
16:32:58.0640 3496 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:32:58.0640 3496 Modem - ok
16:32:58.0671 3496 motandroidusb (0a43169e115b5e9346a4ba1effcb04cb) C:\WINDOWS\system32\Drivers\motoandroid.sys
16:32:58.0671 3496 motandroidusb - ok
16:32:58.0687 3496 motccgp (0bc43805b6da0d7d4f99c737839fc9ec) C:\WINDOWS\system32\DRIVERS\motccgp.sys
16:32:58.0687 3496 motccgp - ok
16:32:58.0703 3496 motccgpfl (1b3720c4d16904756d49ef306706b978) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
16:32:58.0703 3496 motccgpfl - ok
16:32:58.0718 3496 motmodem (11b8118f538b579488e7645b2578e544) C:\WINDOWS\system32\DRIVERS\motmodem.sys
16:32:58.0718 3496 motmodem - ok
16:32:58.0765 3496 MotoHelper (290750346f5937b02f62594b8eb03215) C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
16:32:58.0765 3496 MotoHelper - ok
16:32:58.0796 3496 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\WINDOWS\system32\DRIVERS\motswch.sys
16:32:58.0796 3496 MotoSwitchService - ok
16:32:58.0812 3496 Motousbnet (5073ed2d13d77f89df99caaa72e23526) C:\WINDOWS\system32\DRIVERS\Motousbnet.sys
16:32:58.0812 3496 Motousbnet - ok
16:32:58.0812 3496 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:32:58.0812 3496 Mouclass - ok
16:32:58.0843 3496 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:32:58.0843 3496 mouhid - ok
16:32:58.0843 3496 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:32:58.0843 3496 MountMgr - ok
16:32:58.0875 3496 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:32:58.0875 3496 MozillaMaintenance - ok
16:32:58.0875 3496 mraid35x - ok
16:32:58.0890 3496 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:32:58.0890 3496 MRxDAV - ok
16:32:58.0906 3496 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:32:58.0921 3496 MRxSmb - ok
16:32:58.0953 3496 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
16:32:58.0953 3496 MSDTC - ok
16:32:58.0953 3496 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:32:58.0968 3496 Msfs - ok
16:32:58.0968 3496 MSIServer - ok
16:32:58.0968 3496 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:32:58.0968 3496 MSKSSRV - ok
16:32:58.0984 3496 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:32:58.0984 3496 MSPCLOCK - ok
16:32:58.0984 3496 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:32:58.0984 3496 MSPQM - ok
16:32:59.0000 3496 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:32:59.0000 3496 mssmbios - ok
16:32:59.0015 3496 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:32:59.0015 3496 MSTEE - ok
16:32:59.0031 3496 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:32:59.0046 3496 Mup - ok
16:32:59.0062 3496 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:32:59.0062 3496 NABTSFEC - ok
16:32:59.0093 3496 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
16:32:59.0109 3496 napagent - ok
16:32:59.0125 3496 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:32:59.0125 3496 NDIS - ok
16:32:59.0140 3496 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:32:59.0140 3496 NdisIP - ok
16:32:59.0156 3496 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:32:59.0171 3496 NdisTapi - ok
16:32:59.0171 3496 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:32:59.0171 3496 Ndisuio - ok
16:32:59.0187 3496 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:32:59.0203 3496 NdisWan - ok
16:32:59.0218 3496 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:32:59.0218 3496 NDProxy - ok
16:32:59.0218 3496 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:32:59.0218 3496 NetBIOS - ok
16:32:59.0250 3496 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:32:59.0265 3496 NetBT - ok
16:32:59.0296 3496 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:32:59.0312 3496 NetDDE - ok
16:32:59.0312 3496 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:32:59.0312 3496 NetDDEdsdm - ok
16:32:59.0312 3496 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:32:59.0312 3496 Netlogon - ok
16:32:59.0343 3496 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
16:32:59.0343 3496 Netman - ok
16:32:59.0421 3496 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:32:59.0421 3496 NetTcpPortSharing - ok
16:32:59.0453 3496 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
16:32:59.0453 3496 Nla - ok
16:32:59.0453 3496 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:32:59.0453 3496 Npfs - ok
16:32:59.0500 3496 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:32:59.0500 3496 Ntfs - ok
16:32:59.0515 3496 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:32:59.0515 3496 NtLmSsp - ok
16:32:59.0578 3496 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
16:32:59.0593 3496 NtmsSvc - ok
16:32:59.0609 3496 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:32:59.0609 3496 Null - ok
16:32:59.0968 3496 nv (062c16f3364c7706713282163586988e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:33:00.0171 3496 nv - ok
16:33:00.0250 3496 NVSvc (b2f5ac506c9b1103827b62ba18a2c514) C:\WINDOWS\system32\nvsvc32.exe
16:33:00.0250 3496 NVSvc - ok
16:33:00.0390 3496 nvUpdatusService (844a25c9e3076edef2b12e0beded755d) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:33:00.0437 3496 nvUpdatusService - ok
16:33:00.0484 3496 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:33:00.0484 3496 NwlnkFlt - ok
16:33:00.0484 3496 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:33:00.0484 3496 NwlnkFwd - ok
16:33:00.0500 3496 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:33:00.0515 3496 Parport - ok
16:33:00.0515 3496 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:33:00.0515 3496 PartMgr - ok
16:33:00.0531 3496 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:33:00.0531 3496 ParVdm - ok
16:33:00.0531 3496 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:33:00.0531 3496 PCI - ok
16:33:00.0531 3496 PCIDump - ok
16:33:00.0546 3496 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:33:00.0546 3496 PCIIde - ok
16:33:00.0562 3496 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:33:00.0578 3496 Pcmcia - ok
16:33:00.0578 3496 PDCOMP - ok
16:33:00.0578 3496 PDFRAME - ok
16:33:00.0578 3496 PDRELI - ok
16:33:00.0578 3496 PDRFRAME - ok
16:33:00.0578 3496 perc2 - ok
16:33:00.0578 3496 perc2hib - ok
16:33:00.0718 3496 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
16:33:00.0734 3496 PID_PEPI - ok
16:33:00.0781 3496 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:33:00.0781 3496 PlugPlay - ok
16:33:00.0781 3496 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:33:00.0781 3496 PolicyAgent - ok
16:33:00.0796 3496 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:33:00.0796 3496 PptpMiniport - ok
16:33:00.0812 3496 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:33:00.0812 3496 ProtectedStorage - ok
16:33:00.0812 3496 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:33:00.0828 3496 PSched - ok
16:33:00.0828 3496 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:33:00.0828 3496 Ptilink - ok
16:33:00.0843 3496 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:33:00.0859 3496 PxHelp20 - ok
16:33:00.0859 3496 ql1080 - ok
16:33:00.0859 3496 Ql10wnt - ok
16:33:00.0859 3496 ql12160 - ok
16:33:00.0859 3496 ql1240 - ok
16:33:00.0859 3496 ql1280 - ok
16:33:00.0859 3496 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:33:00.0859 3496 RasAcd - ok
16:33:00.0890 3496 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
16:33:00.0890 3496 RasAuto - ok
16:33:00.0906 3496 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:33:00.0906 3496 Rasl2tp - ok
16:33:00.0937 3496 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
16:33:00.0937 3496 RasMan - ok
16:33:00.0968 3496 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:33:00.0968 3496 RasPppoe - ok
16:33:00.0968 3496 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:33:00.0984 3496 Raspti - ok
16:33:01.0000 3496 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:33:01.0000 3496 Rdbss - ok
16:33:01.0000 3496 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:33:01.0015 3496 RDPCDD - ok
16:33:01.0046 3496 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:33:01.0062 3496 rdpdr - ok
16:33:01.0078 3496 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
16:33:01.0078 3496 RDPWD - ok
16:33:01.0109 3496 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
16:33:01.0109 3496 RDSessMgr - ok
16:33:01.0140 3496 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:33:01.0140 3496 redbook - ok
16:33:01.0156 3496 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
16:33:01.0156 3496 RemoteAccess - ok
16:33:01.0171 3496 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
16:33:01.0171 3496 RemoteRegistry - ok
16:33:01.0171 3496 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
16:33:01.0187 3496 RpcLocator - ok
16:33:01.0203 3496 RPCQT - ok
16:33:01.0234 3496 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
16:33:01.0234 3496 RpcSs - ok
16:33:01.0234 3496 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
16:33:01.0250 3496 RSVP - ok
16:33:01.0265 3496 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
16:33:01.0281 3496 RTLE8023xp - ok
16:33:01.0281 3496 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:33:01.0281 3496 SamSs - ok
16:33:01.0281 3496 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
16:33:01.0281 3496 SCardSvr - ok
16:33:01.0296 3496 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
16:33:01.0312 3496 Schedule - ok
16:33:01.0328 3496 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:33:01.0328 3496 Secdrv - ok
16:33:01.0328 3496 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
16:33:01.0343 3496 seclogon - ok
16:33:01.0343 3496 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
16:33:01.0359 3496 SENS - ok
16:33:01.0359 3496 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:33:01.0375 3496 serenum - ok
16:33:01.0375 3496 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:33:01.0390 3496 Serial - ok
16:33:01.0390 3496 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:33:01.0390 3496 Sfloppy - ok
16:33:01.0437 3496 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
16:33:01.0437 3496 SharedAccess - ok
16:33:01.0468 3496 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:33:01.0468 3496 ShellHWDetection - ok
16:33:01.0468 3496 Simbad - ok
16:33:01.0500 3496 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:33:01.0500 3496 SLIP - ok
16:33:01.0500 3496 Sparrow - ok
16:33:01.0515 3496 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:33:01.0515 3496 splitter - ok
16:33:01.0531 3496 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
16:33:01.0531 3496 Spooler - ok
16:33:01.0531 3496 sptd - ok
16:33:01.0546 3496 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:33:01.0562 3496 sr - ok
16:33:01.0562 3496 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
16:33:01.0578 3496 srservice - ok
16:33:01.0593 3496 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:33:01.0593 3496 Srv - ok
16:33:01.0625 3496 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
16:33:01.0625 3496 SSDPSRV - ok
16:33:01.0656 3496 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
16:33:01.0656 3496 ssmdrv - ok
16:33:01.0687 3496 Steam Client Service - ok
16:33:01.0718 3496 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
16:33:01.0718 3496 stisvc - ok
16:33:01.0750 3496 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:33:01.0750 3496 streamip - ok
16:33:01.0765 3496 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:33:01.0765 3496 swenum - ok
16:33:01.0765 3496 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:33:01.0781 3496 swmidi - ok
16:33:01.0781 3496 SwPrv - ok
16:33:01.0781 3496 symc810 - ok
16:33:01.0781 3496 symc8xx - ok
16:33:01.0781 3496 sym_hi - ok
16:33:01.0781 3496 sym_u3 - ok
16:33:01.0796 3496 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:33:01.0812 3496 sysaudio - ok
16:33:01.0812 3496 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
16:33:01.0812 3496 SysmonLog - ok
16:33:01.0843 3496 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
16:33:01.0859 3496 TapiSrv - ok
16:33:01.0890 3496 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:33:01.0906 3496 Tcpip - ok
16:33:01.0921 3496 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:33:01.0937 3496 TDPIPE - ok
16:33:01.0937 3496 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:33:01.0937 3496 TDTCP - ok
16:33:01.0953 3496 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:33:01.0953 3496 TermDD - ok
16:33:01.0984 3496 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
16:33:01.0984 3496 TermService - ok
16:33:02.0000 3496 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:33:02.0000 3496 Themes - ok
16:33:02.0031 3496 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
16:33:02.0046 3496 TlntSvr - ok
16:33:02.0046 3496 TosIde - ok
16:33:02.0062 3496 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
16:33:02.0062 3496 TrkWks - ok
16:33:02.0078 3496 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:33:02.0093 3496 Udfs - ok
16:33:02.0093 3496 ultra - ok
16:33:02.0109 3496 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
16:33:02.0109 3496 UMWdf - ok
16:33:02.0156 3496 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:33:02.0171 3496 Update - ok
16:33:02.0187 3496 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
16:33:02.0187 3496 upnphost - ok
16:33:02.0187 3496 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
16:33:02.0203 3496 UPS - ok
16:33:02.0218 3496 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:33:02.0234 3496 usbaudio - ok
16:33:02.0250 3496 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:33:02.0250 3496 usbccgp - ok
16:33:02.0250 3496 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:33:02.0265 3496 usbehci - ok
16:33:02.0281 3496 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:33:02.0281 3496 usbhub - ok
16:33:02.0296 3496 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:33:02.0296 3496 USBSTOR - ok
16:33:02.0296 3496 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:33:02.0296 3496 usbuhci - ok
16:33:02.0312 3496 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:33:02.0328 3496 VgaSave - ok
16:33:02.0328 3496 ViaIde - ok
16:33:02.0328 3496 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:33:02.0328 3496 VolSnap - ok
16:33:02.0359 3496 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
16:33:02.0359 3496 VSS - ok
16:33:02.0375 3496 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
16:33:02.0390 3496 W32Time - ok
16:33:02.0406 3496 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:33:02.0421 3496 Wanarp - ok
16:33:02.0453 3496 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
16:33:02.0468 3496 Wdf01000 - ok
16:33:02.0468 3496 WDICA - ok
16:33:02.0500 3496 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:33:02.0515 3496 wdmaud - ok
16:33:02.0515 3496 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
16:33:02.0531 3496 WebClient - ok
16:33:02.0593 3496 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:33:02.0609 3496 winmgmt - ok
16:33:02.0734 3496 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:33:02.0781 3496 wlidsvc - ok
16:33:02.0843 3496 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
16:33:02.0859 3496 WmdmPmSN - ok
16:33:02.0906 3496 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
16:33:02.0906 3496 Wmi - ok
16:33:02.0921 3496 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:33:02.0921 3496 WmiApSrv - ok
16:33:02.0937 3496 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
16:33:02.0937 3496 WpdUsb - ok
16:33:03.0046 3496 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:33:03.0078 3496 WPFFontCache_v0400 - ok
16:33:03.0093 3496 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
16:33:03.0109 3496 wscsvc - ok
16:33:03.0125 3496 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:33:03.0125 3496 WSTCODEC - ok
16:33:03.0156 3496 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
16:33:03.0156 3496 wuauserv - ok
16:33:03.0187 3496 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
16:33:03.0203 3496 WZCSVC - ok
16:33:03.0234 3496 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
16:33:03.0265 3496 xmlprov - ok
16:33:03.0296 3496 xusb21 (09e5340bd9b2cb730bf4dc6be7721291) C:\WINDOWS\system32\DRIVERS\xusb21.sys
16:33:03.0312 3496 xusb21 - ok
16:33:03.0328 3496 MBR (0x1B8) (f46767ae2998ea7510ca3750adfc1357) \Device\Harddisk1\DR1
16:33:03.0328 3496 \Device\Harddisk1\DR1 - ok
16:33:03.0343 3496 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:33:03.0562 3496 \Device\Harddisk0\DR0 - ok
16:33:03.0562 3496 MBR (0x1B8) (973e9ba32fdbb305c552ed3e1ebf0686) \Device\Harddisk2\DR4
16:33:03.0578 3496 \Device\Harddisk2\DR4 - ok
16:33:03.0578 3496 Boot (0x1200) (515731da378e95f96b600cf2b91ce3b8) \Device\Harddisk1\DR1\Partition0
16:33:03.0578 3496 \Device\Harddisk1\DR1\Partition0 - ok
16:33:03.0578 3496 Boot (0x1200) (4eb326236100c75482d16280ec6a4f4d) \Device\Harddisk0\DR0\Partition0
16:33:03.0578 3496 \Device\Harddisk0\DR0\Partition0 - ok
16:33:03.0578 3496 Boot (0x1200) (0fce75897cc71d971c3ea8618f8f2aa5) \Device\Harddisk2\DR4\Partition0
16:33:03.0578 3496 \Device\Harddisk2\DR4\Partition0 - ok
16:33:03.0578 3496 ============================================================
16:33:03.0578 3496 Scan finished
16:33:03.0578 3496 ============================================================
16:33:03.0593 3388 Detected object count: 0
16:33:03.0593 3388 Actual detected object count: 0
16:33:08.0546 1556 ============================================================
16:33:08.0546 1556 Scan started
16:33:08.0546 1556 Mode: Manual;
16:33:08.0546 1556 ============================================================
16:33:09.0093 1556 Abiosdsk - ok
16:33:09.0093 1556 abp480n5 - ok
16:33:09.0109 1556 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:33:09.0109 1556 ACPI - ok
16:33:09.0140 1556 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:33:09.0140 1556 ACPIEC - ok
16:33:09.0171 1556 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:33:09.0171 1556 AdobeFlashPlayerUpdateSvc - ok
16:33:09.0171 1556 adpu160m - ok
16:33:09.0203 1556 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:33:09.0203 1556 aec - ok
16:33:09.0234 1556 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:33:09.0234 1556 AFD - ok
16:33:09.0234 1556 Aha154x - ok
16:33:09.0234 1556 aic78u2 - ok
16:33:09.0234 1556 aic78xx - ok
16:33:09.0250 1556 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
16:33:09.0250 1556 Alerter - ok
16:33:09.0265 1556 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
16:33:09.0265 1556 ALG - ok
16:33:09.0265 1556 AliIde - ok
16:33:09.0265 1556 amsint - ok
16:33:09.0328 1556 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:33:09.0328 1556 AntiVirSchedulerService - ok
16:33:09.0343 1556 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:33:09.0343 1556 AntiVirService - ok
16:33:09.0375 1556 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
16:33:09.0375 1556 AppMgmt - ok
16:33:09.0375 1556 asc - ok
16:33:09.0390 1556 asc3350p - ok
16:33:09.0390 1556 asc3550 - ok
16:33:09.0437 1556 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:33:09.0437 1556 aspnet_state - ok
16:33:09.0453 1556 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:33:09.0453 1556 AsyncMac - ok
16:33:09.0453 1556 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:33:09.0468 1556 atapi - ok
16:33:09.0468 1556 Atdisk - ok
16:33:09.0484 1556 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:33:09.0484 1556 Atmarpc - ok
16:33:09.0500 1556 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
16:33:09.0500 1556 AudioSrv - ok
16:33:09.0515 1556 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:33:09.0515 1556 audstub - ok
16:33:09.0531 1556 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
16:33:09.0531 1556 avgntflt - ok
16:33:09.0546 1556 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
16:33:09.0546 1556 avipbb - ok
16:33:09.0546 1556 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
16:33:09.0546 1556 avkmgr - ok
16:33:09.0578 1556 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:33:09.0578 1556 Beep - ok
16:33:09.0609 1556 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
16:33:09.0609 1556 BITS - ok
16:33:09.0625 1556 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
16:33:09.0625 1556 Browser - ok
16:33:09.0656 1556 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\WINDOWS\system32\DRIVERS\motfilt.sys
16:33:09.0656 1556 BTCFilterService - ok
16:33:09.0656 1556 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:33:09.0656 1556 cbidf2k - ok
16:33:09.0687 1556 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:33:09.0687 1556 CCDECODE - ok
16:33:09.0687 1556 cd20xrnt - ok
16:33:09.0687 1556 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:33:09.0687 1556 Cdaudio - ok
16:33:09.0687 1556 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:33:09.0687 1556 Cdfs - ok
16:33:09.0703 1556 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:33:09.0703 1556 Cdrom - ok
16:33:09.0703 1556 Changer - ok
16:33:09.0718 1556 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
16:33:09.0718 1556 CiSvc - ok
16:33:09.0718 1556 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
16:33:09.0718 1556 ClipSrv - ok
16:33:09.0750 1556 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:33:09.0750 1556 clr_optimization_v2.0.50727_32 - ok
16:33:09.0765 1556 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:33:09.0765 1556 clr_optimization_v4.0.30319_32 - ok
16:33:09.0765 1556 CmdIde - ok
16:33:09.0843 1556 cmuda3 (adb3cb1a8fef6fe76de9f43be1bec39c) C:\WINDOWS\system32\drivers\cmudax3.sys
16:33:09.0843 1556 cmuda3 - ok
16:33:09.0843 1556 COMSysApp - ok
16:33:09.0843 1556 Cpqarray - ok
16:33:09.0875 1556 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
16:33:09.0875 1556 CryptSvc - ok
16:33:09.0875 1556 dac2w2k - ok
16:33:09.0875 1556 dac960nt - ok
16:33:09.0906 1556 DAdderFltr (cb90f77e21109ccfd114a17bd87a42a7) C:\WINDOWS\system32\drivers\dadder.sys
16:33:09.0906 1556 DAdderFltr - ok
16:33:09.0937 1556 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
16:33:09.0937 1556 DcomLaunch - ok
16:33:09.0937 1556 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
16:33:09.0937 1556 Dhcp - ok
16:33:09.0953 1556 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:33:09.0953 1556 Disk - ok
16:33:09.0953 1556 dmadmin - ok
16:33:10.0015 1556 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:33:10.0015 1556 dmboot - ok
16:33:10.0031 1556 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:33:10.0031 1556 dmio - ok
16:33:10.0031 1556 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:33:10.0031 1556 dmload - ok
16:33:10.0031 1556 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
16:33:10.0031 1556 dmserver - ok
16:33:10.0046 1556 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:33:10.0046 1556 DMusic - ok
16:33:10.0062 1556 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
16:33:10.0062 1556 Dnscache - ok
16:33:10.0093 1556 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
16:33:10.0093 1556 Dot3svc - ok
16:33:10.0093 1556 dpti2o - ok
16:33:10.0109 1556 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:33:10.0109 1556 drmkaud - ok
16:33:10.0125 1556 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
16:33:10.0125 1556 EapHost - ok
16:33:10.0140 1556 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
16:33:10.0140 1556 ERSvc - ok
16:33:10.0156 1556 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:33:10.0156 1556 Eventlog - ok
16:33:10.0187 1556 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
16:33:10.0203 1556 EventSystem - ok
16:33:10.0218 1556 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:33:10.0218 1556 Fastfat - ok
16:33:10.0250 1556 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:33:10.0250 1556 FastUserSwitchingCompatibility - ok
16:33:10.0265 1556 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:33:10.0265 1556 Fdc - ok
16:33:10.0265 1556 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:33:10.0265 1556 Fips - ok
16:33:10.0281 1556 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:33:10.0281 1556 Flpydisk - ok
16:33:10.0281 1556 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:33:10.0281 1556 FltMgr - ok
16:33:10.0328 1556 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:33:10.0328 1556 FontCache3.0.0.0 - ok
16:33:10.0328 1556 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:33:10.0328 1556 Fs_Rec - ok
16:33:10.0343 1556 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:33:10.0343 1556 Ftdisk - ok
16:33:10.0359 1556 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
16:33:10.0359 1556 gameenum - ok
16:33:10.0375 1556 gdrv (5c230948dd6652228f88ca7ae6cb276c) C:\WINDOWS\gdrv.sys
16:33:10.0375 1556 gdrv - ok
16:33:10.0406 1556 GEST Service (c6f7a026866923d3a5eabf5c359d8429) C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
16:33:10.0406 1556 GEST Service - ok
16:33:10.0406 1556 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:33:10.0406 1556 Gpc - ok
16:33:10.0437 1556 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
16:33:10.0437 1556 hamachi - ok
16:33:10.0500 1556 Hamachi2Svc (fa89c0429821c7c429eec7a0ce1c02d3) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
16:33:10.0500 1556 Hamachi2Svc - ok
16:33:10.0531 1556 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:33:10.0531 1556 HDAudBus - ok
16:33:10.0578 1556 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:33:10.0578 1556 helpsvc - ok
16:33:10.0578 1556 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
16:33:10.0578 1556 HidServ - ok
16:33:10.0593 1556 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:33:10.0593 1556 hidusb - ok
16:33:10.0609 1556 HitmanProScheduler (dfe4303b9e624eca01ad5e388b9d1dea) C:\Program Files\HitmanPro\hmpsched.exe
16:33:10.0609 1556 HitmanProScheduler - ok
16:33:10.0625 1556 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
16:33:10.0625 1556 hkmsvc - ok
16:33:10.0625 1556 hpn - ok
16:33:10.0656 1556 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:33:10.0656 1556 HTTP - ok
16:33:10.0687 1556 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
16:33:10.0687 1556 HTTPFilter - ok
16:33:10.0687 1556 i2omgmt - ok
16:33:10.0703 1556 i2omp - ok
16:33:10.0718 1556 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
16:33:10.0718 1556 i8042prt - ok
16:33:10.0781 1556 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:33:10.0781 1556 idsvc - ok
16:33:10.0812 1556 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:33:10.0812 1556 Imapi - ok
16:33:10.0828 1556 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
16:33:10.0828 1556 ImapiService - ok
16:33:10.0828 1556 ini910u - ok
16:33:10.0828 1556 IntelIde - ok
16:33:10.0843 1556 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:33:10.0843 1556 intelppm - ok
16:33:10.0859 1556 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:33:10.0859 1556 Ip6Fw - ok
16:33:10.0875 1556 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:33:10.0875 1556 IpFilterDriver - ok
16:33:10.0890 1556 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:33:10.0890 1556 IpInIp - ok
16:33:10.0906 1556 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:33:10.0906 1556 IpNat - ok
16:33:10.0906 1556 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:33:10.0906 1556 IPSec - ok
16:33:10.0906 1556 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:33:10.0921 1556 IRENUM - ok
16:33:10.0921 1556 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:33:10.0921 1556 isapnp - ok
16:33:10.0937 1556 JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
16:33:10.0937 1556 JavaQuickStarterService - ok
16:33:10.0953 1556 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:33:10.0953 1556 Kbdclass - ok
16:33:10.0968 1556 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:33:10.0968 1556 kbdhid - ok
16:33:10.0984 1556 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:33:10.0984 1556 kmixer - ok
16:33:11.0015 1556 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:33:11.0015 1556 KSecDD - ok
16:33:11.0046 1556 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
16:33:11.0046 1556 lanmanserver - ok
16:33:11.0078 1556 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
16:33:11.0078 1556 lanmanworkstation - ok
16:33:11.0078 1556 lbrtfdc - ok
16:33:11.0109 1556 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
16:33:11.0109 1556 LmHosts - ok
16:33:11.0125 1556 LycoFltr (fee74a4398896793a62c6e8423edbd41) C:\WINDOWS\system32\Drivers\Lycosa.sys
16:33:11.0125 1556 LycoFltr - ok
16:33:11.0125 1556 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
16:33:11.0125 1556 Messenger - ok
16:33:11.0156 1556 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:33:11.0156 1556 mnmdd - ok
16:33:11.0156 1556 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
16:33:11.0156 1556 mnmsrvc - ok
16:33:11.0171 1556 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:33:11.0171 1556 Modem - ok
16:33:11.0187 1556 motandroidusb (0a43169e115b5e9346a4ba1effcb04cb) C:\WINDOWS\system32\Drivers\motoandroid.sys
16:33:11.0187 1556 motandroidusb - ok
16:33:11.0203 1556 motccgp (0bc43805b6da0d7d4f99c737839fc9ec) C:\WINDOWS\system32\DRIVERS\motccgp.sys
16:33:11.0203 1556 motccgp - ok
16:33:11.0218 1556 motccgpfl (1b3720c4d16904756d49ef306706b978) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
16:33:11.0218 1556 motccgpfl - ok
16:33:11.0218 1556 motmodem (11b8118f538b579488e7645b2578e544) C:\WINDOWS\system32\DRIVERS\motmodem.sys
16:33:11.0218 1556 motmodem - ok
16:33:11.0265 1556 MotoHelper (290750346f5937b02f62594b8eb03215) C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
16:33:11.0265 1556 MotoHelper - ok
16:33:11.0281 1556 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\WINDOWS\system32\DRIVERS\motswch.sys
16:33:11.0281 1556 MotoSwitchService - ok
16:33:11.0296 1556 Motousbnet (5073ed2d13d77f89df99caaa72e23526) C:\WINDOWS\system32\DRIVERS\Motousbnet.sys
16:33:11.0296 1556 Motousbnet - ok
16:33:11.0296 1556 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:33:11.0296 1556 Mouclass - ok
16:33:11.0328 1556 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:33:11.0328 1556 mouhid - ok
16:33:11.0328 1556 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:33:11.0328 1556 MountMgr - ok
16:33:11.0359 1556 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:33:11.0359 1556 MozillaMaintenance - ok
16:33:11.0359 1556 mraid35x - ok
16:33:11.0359 1556 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:33:11.0359 1556 MRxDAV - ok
16:33:11.0406 1556 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:33:11.0406 1556 MRxSmb - ok
16:33:11.0421 1556 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
16:33:11.0421 1556 MSDTC - ok
16:33:11.0421 1556 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:33:11.0421 1556 Msfs - ok
16:33:11.0421 1556 MSIServer - ok
16:33:11.0437 1556 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:33:11.0437 1556 MSKSSRV - ok
16:33:11.0437 1556 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:33:11.0437 1556 MSPCLOCK - ok
16:33:11.0437 1556 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:33:11.0437 1556 MSPQM - ok
16:33:11.0453 1556 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:33:11.0453 1556 mssmbios - ok
16:33:11.0468 1556 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:33:11.0468 1556 MSTEE - ok
16:33:11.0484 1556 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:33:11.0484 1556 Mup - ok
16:33:11.0515 1556 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:33:11.0515 1556 NABTSFEC - ok
16:33:11.0531 1556 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
16:33:11.0531 1556 napagent - ok
16:33:11.0562 1556 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:33:11.0562 1556 NDIS - ok
16:33:11.0593 1556 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:33:11.0593 1556 NdisIP - ok
16:33:11.0609 1556 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:33:11.0609 1556 NdisTapi - ok
16:33:11.0625 1556 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:33:11.0625 1556 Ndisuio - ok
16:33:11.0640 1556 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:33:11.0640 1556 NdisWan - ok
16:33:11.0656 1556 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:33:11.0656 1556 NDProxy - ok
16:33:11.0656 1556 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:33:11.0656 1556 NetBIOS - ok
16:33:11.0687 1556 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:33:11.0687 1556 NetBT - ok
16:33:11.0703 1556 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:33:11.0703 1556 NetDDE - ok
16:33:11.0703 1556 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:33:11.0703 1556 NetDDEdsdm - ok
16:33:11.0703 1556 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:33:11.0703 1556 Netlogon - ok
16:33:11.0718 1556 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
16:33:11.0718 1556 Netman - ok
16:33:11.0750 1556 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:33:11.0750 1556 NetTcpPortSharing - ok
16:33:11.0765 1556 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
16:33:11.0765 1556 Nla - ok
16:33:11.0765 1556 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:33:11.0765 1556 Npfs - ok
16:33:11.0781 1556 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:33:11.0796 1556 Ntfs - ok
16:33:11.0796 1556 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:33:11.0796 1556 NtLmSsp - ok
16:33:11.0859 1556 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
16:33:11.0859 1556 NtmsSvc - ok
16:33:11.0875 1556 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:33:11.0875 1556 Null - ok
16:33:12.0234 1556 nv (062c16f3364c7706713282163586988e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:33:12.0296 1556 nv - ok
16:33:12.0359 1556 NVSvc (b2f5ac506c9b1103827b62ba18a2c514) C:\WINDOWS\system32\nvsvc32.exe
16:33:12.0359 1556 NVSvc - ok
16:33:12.0453 1556 nvUpdatusService (844a25c9e3076edef2b12e0beded755d) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:33:12.0468 1556 nvUpdatusService - ok
16:33:12.0500 1556 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:33:12.0500 1556 NwlnkFlt - ok
16:33:12.0515 1556 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:33:12.0515 1556 NwlnkFwd - ok
16:33:12.0531 1556 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:33:12.0531 1556 Parport - ok
16:33:12.0531 1556 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:33:12.0531 1556 PartMgr - ok
16:33:12.0546 1556 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:33:12.0546 1556 ParVdm - ok
16:33:12.0546 1556 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:33:12.0546 1556 PCI - ok
16:33:12.0546 1556 PCIDump - ok
16:33:12.0546 1556 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:33:12.0546 1556 PCIIde - ok
16:33:12.0578 1556 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:33:12.0578 1556 Pcmcia - ok
16:33:12.0578 1556 PDCOMP - ok
16:33:12.0578 1556 PDFRAME - ok
16:33:12.0578 1556 PDRELI - ok
16:33:12.0578 1556 PDRFRAME - ok
16:33:12.0578 1556 perc2 - ok
16:33:12.0593 1556 perc2hib - ok
16:33:12.0687 1556 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
16:33:12.0703 1556 PID_PEPI - ok
16:33:12.0750 1556 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:33:12.0750 1556 PlugPlay - ok
16:33:12.0750 1556 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:33:12.0750 1556 PolicyAgent - ok
16:33:12.0765 1556 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:33:12.0765 1556 PptpMiniport - ok
16:33:12.0765 1556 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:33:12.0765 1556 ProtectedStorage - ok
16:33:12.0781 1556 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:33:12.0781 1556 PSched - ok
16:33:12.0796 1556 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:33:12.0796 1556 Ptilink - ok
16:33:12.0812 1556 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:33:12.0812 1556 PxHelp20 - ok
16:33:12.0812 1556 ql1080 - ok
16:33:12.0812 1556 Ql10wnt - ok
16:33:12.0812 1556 ql12160 - ok
16:33:12.0812 1556 ql1240 - ok
16:33:12.0812 1556 ql1280 - ok
16:33:12.0812 1556 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:33:12.0812 1556 RasAcd - ok
16:33:12.0843 1556 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
16:33:12.0843 1556 RasAuto - ok
16:33:12.0859 1556 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:33:12.0859 1556 Rasl2tp - ok
16:33:12.0875 1556 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
16:33:12.0875 1556 RasMan - ok
16:33:12.0890 1556 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:33:12.0890 1556 RasPppoe - ok
16:33:12.0890 1556 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:33:12.0890 1556 Raspti - ok
16:33:12.0906 1556 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:33:12.0906 1556 Rdbss - ok
16:33:12.0906 1556 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:33:12.0906 1556 RDPCDD - ok
16:33:12.0937 1556 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:33:12.0937 1556 rdpdr - ok
16:33:12.0953 1556 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
16:33:12.0953 1556 RDPWD - ok
16:33:12.0984 1556 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
16:33:12.0984 1556 RDSessMgr - ok
16:33:13.0000 1556 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:33:13.0000 1556 redbook - ok
16:33:13.0015 1556 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
16:33:13.0015 1556 RemoteAccess - ok
16:33:13.0031 1556 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
16:33:13.0031 1556 RemoteRegistry - ok
16:33:13.0031 1556 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
16:33:13.0031 1556 RpcLocator - ok
16:33:13.0046 1556 RPCQT - ok
16:33:13.0062 1556 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
16:33:13.0078 1556 RpcSs - ok
16:33:13.0078 1556 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
16:33:13.0078 1556 RSVP - ok
16:33:13.0109 1556 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
16:33:13.0109 1556 RTLE8023xp - ok
16:33:13.0109 1556 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:33:13.0109 1556 SamSs - ok
16:33:13.0109 1556 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
16:33:13.0109 1556 SCardSvr - ok
16:33:13.0125 1556 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
16:33:13.0125 1556 Schedule - ok
16:33:13.0140 1556 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:33:13.0140 1556 Secdrv - ok
16:33:13.0156 1556 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
16:33:13.0156 1556 seclogon - ok
16:33:13.0171 1556 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
16:33:13.0171 1556 SENS - ok
16:33:13.0187 1556 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:33:13.0187 1556 serenum - ok
16:33:13.0203 1556 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:33:13.0203 1556 Serial - ok
16:33:13.0218 1556 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:33:13.0218 1556 Sfloppy - ok
16:33:13.0250 1556 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
16:33:13.0250 1556 SharedAccess - ok
16:33:13.0265 1556 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:33:13.0265 1556 ShellHWDetection - ok
16:33:13.0265 1556 Simbad - ok
16:33:13.0296 1556 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:33:13.0296 1556 SLIP - ok
16:33:13.0296 1556 Sparrow - ok
16:33:13.0312 1556 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:33:13.0312 1556 splitter - ok
16:33:13.0328 1556 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
16:33:13.0328 1556 Spooler - ok
16:33:13.0328 1556 sptd - ok
16:33:13.0343 1556 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:33:13.0343 1556 sr - ok
16:33:13.0359 1556 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
16:33:13.0359 1556 srservice - ok
16:33:13.0375 1556 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:33:13.0375 1556 Srv - ok
16:33:13.0468 1556 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
16:33:13.0468 1556 SSDPSRV - ok
16:33:13.0484 1556 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
16:33:13.0484 1556 ssmdrv - ok
16:33:13.0515 1556 Steam Client Service - ok
16:33:13.0546 1556 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
16:33:13.0546 1556 stisvc - ok
16:33:13.0562 1556 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:33:13.0562 1556 streamip - ok
16:33:13.0578 1556 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:33:13.0578 1556 swenum - ok
16:33:13.0593 1556 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:33:13.0593 1556 swmidi - ok
16:33:13.0593 1556 SwPrv - ok
16:33:13.0593 1556 symc810 - ok
16:33:13.0593 1556 symc8xx - ok
16:33:13.0593 1556 sym_hi - ok
16:33:13.0593 1556 sym_u3 - ok
16:33:13.0609 1556 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:33:13.0609 1556 sysaudio - ok
16:33:13.0609 1556 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
16:33:13.0609 1556 SysmonLog - ok
16:33:13.0656 1556 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
16:33:13.0656 1556 TapiSrv - ok
16:33:13.0687 1556 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:33:13.0687 1556 Tcpip - ok
16:33:13.0703 1556 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:33:13.0703 1556 TDPIPE - ok
16:33:13.0718 1556 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:33:13.0718 1556 TDTCP - ok
16:33:13.0718 1556 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:33:13.0718 1556 TermDD - ok
16:33:13.0750 1556 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
16:33:13.0750 1556 TermService - ok
16:33:13.0750 1556 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:33:13.0750 1556 Themes - ok
16:33:13.0781 1556 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
16:33:13.0781 1556 TlntSvr - ok
16:33:13.0781 1556 TosIde - ok
16:33:13.0796 1556 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
16:33:13.0796 1556 TrkWks - ok
16:33:13.0812 1556 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:33:13.0812 1556 Udfs - ok
16:33:13.0812 1556 ultra - ok
16:33:13.0828 1556 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
16:33:13.0828 1556 UMWdf - ok
16:33:13.0890 1556 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:33:13.0890 1556 Update - ok
16:33:13.0906 1556 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
16:33:13.0906 1556 upnphost - ok
16:33:13.0906 1556 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
16:33:13.0906 1556 UPS - ok
16:33:13.0921 1556 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:33:13.0921 1556 usbaudio - ok
16:33:13.0921 1556 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:33:13.0921 1556 usbccgp - ok
16:33:13.0953 1556 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:33:13.0953 1556 usbehci - ok
16:33:13.0968 1556 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:33:13.0968 1556 usbhub - ok
16:33:14.0000 1556 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:33:14.0000 1556 USBSTOR - ok
16:33:14.0000 1556 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:33:14.0000 1556 usbuhci - ok
16:33:14.0015 1556 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:33:14.0015 1556 VgaSave - ok
16:33:14.0015 1556 ViaIde - ok
16:33:14.0015 1556 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:33:14.0015 1556 VolSnap - ok
16:33:14.0046 1556 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
16:33:14.0046 1556 VSS - ok
16:33:14.0062 1556 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
16:33:14.0062 1556 W32Time - ok
16:33:14.0093 1556 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:33:14.0093 1556 Wanarp - ok
16:33:14.0125 1556 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
16:33:14.0125 1556 Wdf01000 - ok
16:33:14.0125 1556 WDICA - ok
16:33:14.0156 1556 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:33:14.0156 1556 wdmaud - ok
16:33:14.0156 1556 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
16:33:14.0156 1556 WebClient - ok
16:33:14.0218 1556 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:33:14.0218 1556 winmgmt - ok
16:33:14.0312 1556 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:33:14.0328 1556 wlidsvc - ok
16:33:14.0375 1556 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
16:33:14.0375 1556 WmdmPmSN - ok
16:33:14.0421 1556 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
16:33:14.0421 1556 Wmi - ok
16:33:14.0468 1556 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:33:14.0468 1556 WmiApSrv - ok
16:33:14.0484 1556 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
16:33:14.0484 1556 WpdUsb - ok
16:33:14.0578 1556 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:33:14.0593 1556 WPFFontCache_v0400 - ok
16:33:14.0625 1556 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
16:33:14.0640 1556 wscsvc - ok
16:33:14.0640 1556 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:33:14.0640 1556 WSTCODEC - ok
16:33:14.0656 1556 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
16:33:14.0656 1556 wuauserv - ok
16:33:14.0687 1556 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
16:33:14.0687 1556 WZCSVC - ok
16:33:14.0703 1556 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
16:33:14.0703 1556 xmlprov - ok
16:33:14.0734 1556 xusb21 (09e5340bd9b2cb730bf4dc6be7721291) C:\WINDOWS\system32\DRIVERS\xusb21.sys
16:33:14.0734 1556 xusb21 - ok
16:33:14.0750 1556 MBR (0x1B8) (f46767ae2998ea7510ca3750adfc1357) \Device\Harddisk1\DR1
16:33:14.0750 1556 \Device\Harddisk1\DR1 - ok
16:33:14.0765 1556 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:33:14.0984 1556 \Device\Harddisk0\DR0 - ok
16:33:14.0984 1556 MBR (0x1B8) (973e9ba32fdbb305c552ed3e1ebf0686) \Device\Harddisk2\DR4
16:33:15.0000 1556 \Device\Harddisk2\DR4 - ok
16:33:15.0000 1556 Boot (0x1200) (515731da378e95f96b600cf2b91ce3b8) \Device\Harddisk1\DR1\Partition0
16:33:15.0000 1556 \Device\Harddisk1\DR1\Partition0 - ok
16:33:15.0000 1556 Boot (0x1200) (4eb326236100c75482d16280ec6a4f4d) \Device\Harddisk0\DR0\Partition0
16:33:15.0000 1556 \Device\Harddisk0\DR0\Partition0 - ok
16:33:15.0000 1556 Boot (0x1200) (0fce75897cc71d971c3ea8618f8f2aa5) \Device\Harddisk2\DR4\Partition0
16:33:15.0000 1556 \Device\Harddisk2\DR4\Partition0 - ok
16:33:15.0000 1556 ============================================================
16:33:15.0000 1556 Scan finished
16:33:15.0000 1556 ============================================================
16:33:15.0000 3996 Detected object count: 0
16:33:15.0000 3996 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-10 16:39:40
-----------------------------
16:39:40.500 OS Version: Windows 5.1.2600 Service Pack 3
16:39:40.500 Number of processors: 2 586 0x1706
16:39:40.500 ComputerName: BLUE_STEEL UserName: Rojo
16:39:41.156 Initialize success
16:39:56.656 AVAST engine download error: 0
16:40:01.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-7
16:40:01.265 Disk 0 Vendor: WDC_WD1001FALS-41Y6A0 05.03D06 Size: 953868MB BusType: 3
16:40:01.265 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-1f
16:40:01.265 Disk 1 Vendor: WDC_WD1001FALS-00J7B1 05.00K05 Size: 953868MB BusType: 3
16:40:01.265 Disk 0 MBR read successfully
16:40:01.265 Disk 0 MBR scan
16:40:01.265 Disk 0 Windows XP default MBR code
16:40:01.281 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
16:40:01.281 Disk 0 scanning sectors +976752000
16:40:01.312 Disk 0 scanning C:\WINDOWS\system32\drivers
16:40:04.859 Service scanning
16:40:10.375 Modules scanning
16:40:13.562 Disk 0 trace - called modules:
16:40:13.593 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
16:40:13.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89e48ab8]
16:40:13.593 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000069[0x89df8f18]
16:40:13.593 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-7[0x89e4cd98]
16:40:13.593 Scan finished successfully
16:40:49.656 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Rojo\Desktop\MBR.dat"
16:40:49.671 The log file has been saved successfully to "C:\Documents and Settings\Rojo\Desktop\aswMBR.txt"

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:24 PM

Posted 11 June 2012 - 08:23 AM

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

#6 Raw Joe

Raw Joe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 11 June 2012 - 03:02 PM

ComboFix 12-06-11.04 - Rojo 06/11/2012 15:50:17.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1480 [GMT -4:00]
Running from: F:\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\tmp165.tmp
c:\windows\system32\tmp166.tmp
c:\windows\system32\tmp167.tmp
c:\windows\system32\tmp168.tmp
c:\windows\system32\tmp47.tmp
c:\windows\system32\tmp48.tmp
c:\windows\system32\tmp75.tmp
c:\windows\system32\tmp76.tmp
c:\windows\system32\tmp89.tmp
c:\windows\system32\tmp8A.tmp
c:\windows\system32\tmp93.tmp
c:\windows\system32\tmp94.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-11 to 2012-06-11 )))))))))))))))))))))))))))))))
.
.
2012-05-29 18:49 . 2012-05-29 18:49 -------- d-----w- c:\program files\ESET
2012-05-29 00:55 . 2012-05-29 00:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Sun
2012-05-23 23:00 . 2012-05-23 23:00 -------- d-----w- c:\windows\Sun
2012-05-23 23:00 . 2012-05-23 23:00 -------- d-----w- c:\documents and settings\Rojo\Local Settings\Application Data\Sun
2012-05-23 22:59 . 2012-05-23 22:59 -------- d-----w- c:\program files\Common Files\Java
2012-05-23 22:59 . 2012-05-23 22:59 -------- d-----w- c:\program files\Oracle
2012-05-23 22:59 . 2012-05-23 22:59 -------- d-----w- c:\documents and settings\Rojo\Application Data\Oracle
2012-05-23 22:59 . 2012-04-04 22:47 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-23 22:59 . 2012-04-04 22:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-23 22:59 . 2012-04-04 22:47 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-23 22:58 . 2012-05-23 22:58 -------- d-----w- c:\program files\Java
2012-05-22 14:23 . 2012-05-22 14:24 -------- d-----w- c:\program files\HitmanPro
2012-05-22 14:23 . 2012-05-22 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-05-22 03:02 . 2008-04-14 04:15 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys
2012-05-22 03:02 . 2008-04-14 04:15 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys
2012-05-22 01:16 . 2012-05-22 01:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-16 18:58 . 2012-05-20 05:06 -------- d-----w- c:\documents and settings\Rojo\Local Settings\Application Data\ArmA 2 OA
2012-05-15 15:14 . 2008-04-14 04:09 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2012-05-15 15:14 . 2008-04-14 04:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2012-05-15 15:14 . 2008-04-14 04:16 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2012-05-15 15:14 . 2008-04-14 04:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2012-05-15 15:14 . 2008-04-14 04:16 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2012-05-15 15:14 . 2008-04-14 04:16 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2012-05-15 15:14 . 2008-04-14 09:42 16384 ----a-w- c:\windows\system32\ipsink.ax
2012-05-15 15:14 . 2008-04-14 04:16 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2012-05-15 15:14 . 2008-04-14 04:16 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2012-05-15 15:14 . 2008-04-14 04:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2012-05-15 15:14 . 2008-04-14 04:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2012-05-15 15:14 . 2008-04-14 04:16 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2012-05-15 15:14 . 2008-04-14 04:16 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2012-05-15 15:13 . 2008-04-14 04:16 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2012-05-15 15:13 . 2008-04-14 04:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2012-05-15 15:13 . 2012-05-15 15:13 -------- d-----w- c:\program files\Common Files\logishrd
2012-05-15 15:13 . 2008-04-14 09:42 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2012-05-15 15:13 . 2008-04-14 09:42 61952 ----a-w- c:\windows\system32\kstvtune.ax
2012-05-15 15:13 . 2008-04-14 09:42 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2012-05-15 15:13 . 2008-04-14 09:42 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2012-05-15 15:13 . 2008-04-14 09:42 43008 ----a-w- c:\windows\system32\ksxbar.ax
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-11 19:36 . 2012-03-15 05:08 16608 ----a-w- c:\windows\gdrv.sys
2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-10 02:07 . 2012-04-01 13:17 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2012-05-10 02:07 . 2012-04-01 13:17 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2012-05-09 03:16 . 2012-03-15 06:01 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-09 03:16 . 2012-03-15 06:01 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-04 22:27 . 2012-04-16 21:12 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 22:27 . 2012-03-16 02:44 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-03 02:54 . 2012-05-03 02:54 42392 ----a-w- c:\windows\system32\xfcodec.dll
2012-04-11 13:14 . 2004-08-04 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2004-08-04 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 19:56 . 2012-04-01 01:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 21:25 . 2009-08-18 15:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2012-04-02 21:25 . 2009-08-18 15:24 19352 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-17 17:57 . 2012-03-17 17:57 473656 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-04-28 07:19 . 2012-03-15 05:20 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD}]
2012-02-09 20:12 230192 ----a-w- c:\program files\WinToFlash Suggestor\WinToFlashSuggestor.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DisplayFusion"="c:\program files\DisplayFusion\DisplayFusion.exe" [2012-05-02 4419488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2012-01-14 248832]
"Lycosa"="c:\program files\Razer\Razer Lycosa\razerhid.exe" [2011-03-22 233984]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
m|\ [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-04-17 15:19 3671872 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-02-28 21:38 1987976 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-04-17 20:26 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Bioware\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"c:\\Program Files\\Codemasters\\DiRT 3\\dirt3_game.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\arma 2\\arma2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Titan Quest\\Titan Quest.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Titan Quest\\help.htm"=
"c:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"c:\\Program Files\\Steam\\steamapps\\bl00d_huntz0r\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Star wars Battlefront II\\GameData\\BattlefrontII.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Battlefield 2\\support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Program Files\\Codemasters\\F1 2011\\F1_2011.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\arma 2 operation arrowhead\\ArmA2OA.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\arma 2 operation arrowhead\\BEsetup\\Setup_BattlEyeARMA2OA.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\arma 2 operation arrowhead\\_runA2CO.cmd"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [3/15/2012 2:01 AM 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/15/2012 2:01 AM 86224]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [3/15/2012 1:09 AM 80392]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2/28/2012 5:38 PM 1373576]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [5/22/2012 10:24 AM 105288]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2/1/2012 5:55 PM 214896]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [3/15/2012 2:19 AM 2348352]
R2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\System32\svchost.exe -k netsvcs [8/4/2004 8:00 AM 14336]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [3/16/2012 9:22 PM 22784]
R3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [3/16/2012 9:33 PM 23680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/16/2012 5:12 PM 257696]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [4/11/2012 4:04 AM 6016]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [4/11/2012 4:04 AM 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [4/11/2012 4:04 AM 20864]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [4/11/2012 4:04 AM 8448]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [4/11/2012 4:04 AM 23808]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/28/2012 3:19 AM 129976]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
RPCQT
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 22:27]
.
2012-05-20 c:\windows\Tasks\MotoHelper Routing.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2012-02-01 21:55]
.
2012-04-11 c:\windows\Tasks\MotoHelper Update.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2012-02-01 21:55]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 10.173.40.31 10.173.40.33 168.215.210.50 64.132.94.250
FF - ProfilePath - c:\documents and settings\Rojo\Application Data\Mozilla\Firefox\Profiles\rw8hxt6u.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-CmPCIaudio - CMICNFG3.cpl
SafeBoot-68753955.sys
AddRemove-BattlEye for A2 - c:\program files\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-11 15:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-06-11 15:53:52
ComboFix-quarantined-files.txt 2012-06-11 19:53
.
Pre-Run: 373,126,897,664 bytes free
Post-Run: 373,309,136,896 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 4155A8A6234BD7FFF3A202FC370AD493

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:24 PM

Posted 12 June 2012 - 07:58 AM

Looking good.

Third party programs if not up to date can be an open door for an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Any remaining issues with this computer?

#8 Raw Joe

Raw Joe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 12 June 2012 - 09:09 PM

Results of screen317's Security Check version 0.99.41
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
JavaFX 2.1.0
Java™ 7 Update 4
Adobe Flash Player 11.2.202.235
Adobe Reader X (10.1.3)
Mozilla Firefox (12.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 24% Defragment your hard drive soon!
````````````````````End of Log``````````````````````









I'm getting the impression that you're almost done reviewing logs before determining that there's nothing wrong with my system. I don't know what could randomly block packets from being received by computer that stops being able to block that momentarily after unplugging my ethernet cable and letting things reset themselves for a bit or what have you but I followed this guide My link to a tee and I'm still having issues and now I'm at the part of that guide that says to go seek professional and or more experienced review elsewhere and that's all I can really do right now. I don't really see anything in this last log that could really be of any help but I hope it assists you in figuring out what's wrong with my computer.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:24 PM

Posted 13 June 2012 - 10:08 AM

Total Fragmentation on Drive C:: 24% Defragment your hard drive soon!

Take care of this soon. It may take sometime to defrag. Make sure you do not need the computer for a few hours.

===

We need to check on this registry key.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
RPCQT


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    rpcqt.dll
    Rundll32.exe

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Do an other search using this script.

:regfind
rpcqt.dll
Rundll32.exe
Video Library


Please post both logs for my review.

#10 Raw Joe

Raw Joe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 14 June 2012 - 04:28 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 17:18 on 14/06/2012 by Rojo
Administrator - Elevation successful

========== filefind ==========

Searching for "rpcqt.dll"
C:\WINDOWS\system32\Rpcqt.dll -r--s-- 23273472 bytes [12:00 04/08/2004] [10:41 14/04/2008] (Unable to calculate MD5)

Searching for "Rundll32.exe"
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\rundll32.exe --a---- 199240 bytes [01:51 01/04/2012] [19:56 04/04/2012] 097D0E812D7A9A3101CE46CB2BE0474D
C:\WINDOWS\$NtServicePackUninstall$\rundll32.exe -----c- 33280 bytes [05:38 15/03/2012] [12:00 04/08/2004] DA285490BBD8A1D0CE6623577D5BA1FF
C:\WINDOWS\ServicePackFiles\i386\rundll32.exe ------- 33280 bytes [05:42 15/03/2012] [10:42 14/04/2008] 037B1E7798960E0420003D05BB577EE6
C:\WINDOWS\system32\rundll32.exe --a---- 33280 bytes [12:00 04/08/2004] [10:42 14/04/2008] 037B1E7798960E0420003D05BB577EE6

-= EOF =-



SystemLook 30.07.11 by jpshortstuff
Log created at 17:23 on 14/06/2012 by Rojo
Administrator - Elevation successful

========== regfind ==========

Searching for "rpcqt.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RPCQT\Parameters]
"ServiceDll"="C:\WINDOWS\system32\Rpcqt.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\RPCQT\Parameters]
"ServiceDll"="C:\WINDOWS\system32\Rpcqt.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RPCQT\Parameters]
"ServiceDll"="C:\WINDOWS\system32\Rpcqt.dll"

Searching for "Rundll32.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\WINDOWS\system32\RunDll32.exe"="Run a DLL as an App"
[HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Viewers]
"text/iuls"=""rundll32.exe" msconf.dll,NewMediaPhone %l"
[HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Viewers]
"text/h323"=""rundll32.exe" msconf.dll,NewMediaPhone %l"
[HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Viewers]
"application/x-iphone"=""rundll32.exe" msconf.dll,NewMediaPhone %l"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bfc\ShellNew]
"Command"="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\syncui.dll,Briefcase_Create %2!d! %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bfc\ShellNew]
@="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\ShellNew]
"Command"="rundll32.exe appwiz.cpl,NewLinkHere %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Application.Manifest\shell\open\command]
@="rundll32.exe dfshim.dll,ShOpenVerbApplication %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Application.Reference\shell\open\command]
@="rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\shimgvw.dll\shell\open\command]
@="rundll32.exe %SystemRoot%\system32\shimgvw.dll,ImageView_Fullscreen %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\shimgvw.dll\shell\print\command]
@="rundll32.exe %SystemRoot%\system32\shimgvw.dll,ImageView_Fullscreen %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\callto\shell\open\command]
@="rundll32.exe msconf.dll,CallToProtocolHandler %l"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CATFile\shell\open\command]
@="rundll32.exe cryptext.dll,CryptExtOpenCAT %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CERFile\shell\add\command]
@="rundll32.exe cryptext.dll,CryptExtAddCER %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CERFile\shell\open\command]
@="rundll32.exe cryptext.dll,CryptExtOpenCER %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CertificateStoreFile\shell\open\command]
@="rundll32.exe cryptext.dll,CryptExtOpenSTR %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{002B9E07-2E10-438F-AF1E-40E6A96F1EE4}\Shell\Open\Command]
@="rundll32.exe "C:\Program Files\NVIDIA Corporation\nview\nvwdmcpl.dll", nViewMain"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}\LocalServer32]
@="rundll32.exe %SystemRoot%\system32\shimgvw.dll,ImageView_COMServer {00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0DF44EAA-FF21-4412-828E-260A8728E7F1}\Shell\Open\Command]
@="rundll32.exe shell32.dll,Options_RunDLL 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{601ac3dc-786a-4eb0-bf40-ee3521e70bfb}\LocalServer32]
@="rundll32.exe shell32.dll,SHCreateLocalServerRunDll {601ac3dc-786a-4eb0-bf40-ee3521e70bfb}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}\Shell\Open\Command]
@="rundll32.exe shell32.dll,Options_RunDLL 0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}\Shell\RunAs\Command]
@="rundll32.exe shell32.dll,Options_RunDLL 0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{783C030F-E948-487D-B35D-94FCF0F0C172}\LocalServer32]
@="rundll32.exe C:\WINDOWS\system32\hotplug.dll,CreateLocalServer {783C030F-E948-487D-B35D-94FCF0F0C172}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78CB147A-98EA-4AA6-B0DF-C8681F69341C}\Shell\Open\Command]
@="c:\WINDOWS\system32\rundll32.exe c:\WINDOWS\system32\infocardcpl.cpl,ManageCardSpace_RunDll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A9D77BD-5403-11d2-8785-2E0420524153}\Shell\Open\Command]
@="rundll32.exe %SystemRoot%\system32\netplwiz.dll,UsersRunDll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{995C996E-D918-4a8c-A302-45719A6F4EA7}\LocalServer32]
@="rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}\LocalServer32]
@="rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CompressedFolder\Shell\Open\Command]
@="rundll32.exe zipfldr.dll,RouteTheCall %L"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ConferenceLink\shell\open\command]
@="rundll32.exe msconf.dll,OpenConfLink %l"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cplfile\shell\cplopen\command]
@="rundll32.exe shell32.dll,Control_RunDLL "%1",%*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cplfile\shell\runas\command]
@="rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CRLFile\shell\add\command]
@="rundll32.exe cryptext.dll,CryptExtAddCRL %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CRLFile\shell\open\command]
@="rundll32.exe cryptext.dll,CryptExtOpenCRL %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dunfile\shell\open\command]
@="%SystemRoot%\system32\RUNDLL32.EXE NETSHELL.DLL,InvokeDunFile %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\emffile\shell\open\command]
@="rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_Fullscreen %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\emffile\shell\printto\command]
@="rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_PrintTo /pt "%1" "%2" "%3" "%4""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\giffile\shell\open\command]
@="rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_Fullscreen %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\giffile\shell\printto\command]
@="rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_PrintTo /pt "%1" "%2" "%3" "%4""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\h323file\shell\open\command]
@=""rundll32.exe" msconf.dll,NewMediaPhone %l"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htmlfile\shell\print\command]
@="rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htmlfile\shell\printto\command]
@=""C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\iiifile\shell\open\command]
@=""rundll32.exe" msconf.dll,NewMediaPhone %l"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inffile\shell\Install\command]
@="%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\shell\open\command]
@="rundll32.exe ieframe.dll,OpenURL %l"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\shell\print\command]
@=""C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\shell\printto\command]
@=""C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\jpegfile\shell\open\command]
@="rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_Fullscreen %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\jpegfile\shell\printto\command]
@="rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_PrintTo /pt "%1" "%2" "%3" "%4""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.InformationCard\Shell\open\command]
@="c:\WINDOWS\system32\rundll32.exe c:\WINDOWS\system32\infocardcpl.cpl,ImportInformationCard_RunDll %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.WindowsCardSpaceBackup\Shell\open\command]
@="c:\WINDOWS\system32\rundll32.exe c:\WINDOWS\system32\infocardcpl.cpl,ImportInformationCard_RunDll %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSDASC\shell\open\command]
@="Rundll32.exe C:\PROGRA~1\COMMON~1\System\OLEDB~1\oledb32.dll,OpenDSLFile %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\msstylesfile\shell\open\command]
@="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Appearance /Action:OpenMSTheme /file:"%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\nView.Profile\shell\open\command]
@="rundll32.exe "\nview.dll",nViewCmd loadprofile "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\P7RFile\shell\add\command]
@="rundll32.exe cryptext.dll,CryptExtAddP7R %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\P7RFile\shell\open\command]
@="rundll32.exe cryptext.dll,CryptExtOpenP7R %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\P7SFile\shell\open\command]
@="rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Paint.Picture\shell\open\command]
@="rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_Fullscreen %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Paint.Picture\shell\printto\command]
@="rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_PrintTo /pt "%1" "%2" "%3" "%4""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PFXFile\shell\add\command]
@="rundll32.exe cryptext.dll,CryptExtAddPFX %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\pjpegfile\shell\open\command]
@="rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_Fullscreen %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\pjpegfile\shell\printto\command]
@="rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_PrintTo /pt "%1" "%2" "%3" "%4""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\pngfile\shell\open\command]
@="rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_Fullscreen %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\pngfile\shell\printto\command]
@="rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_PrintTo /pt "%1" "%2" "%3" "%4""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\prffile\Shell\Open\Command]
@=""C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\msrating.dll",ClickedOnPRF %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ratfile\Shell\Open\Command]
@=""C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\msrating.dll",ClickedOnRAT %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\rlogin\shell\open\command]
@=""C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\url.dll",TelnetProtocolHandler %l"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scrfile\shell\install\command]
@="rundll32.exe desk.cpl,InstallScreenSaver %l"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scriptletfile\Shell\Generate Typelib\command]
@=""C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\scrobj.dll,GenerateTypeLib %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SPCFile\shell\add\command]
@="rundll32.exe cryptext.dll,CryptExtAddSPC %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SPCFile\shell\open\command]
@="rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\STLFile\shell\add\command]
@="rundll32.exe cryptext.dll,CryptExtAddCTL %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\STLFile\shell\open\command]
@="rundll32.exe cryptext.dll,CryptExtOpenCTL %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\image\shell\print\command]
@="rundll32.exe %SystemRoot%\system32\shimgvw.dll,ImageView_Fullscreen %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\telnet\shell\open\command]
@="rundll32.exe url.dll,TelnetProtocolHandler %l"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\themefile\shell\open\command]
@="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:"%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TIFImage.Document\shell\open\command]
@="rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_Fullscreen %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TIFImage.Document\shell\printto\command]
@="rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_PrintTo /pt "%1" "%2" "%3" "%4""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tn3270\shell\open\command]
@=""C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\url.dll",TelnetProtocolHandler %l"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ulsfile\shell\open\command]
@=""rundll32.exe" msconf.dll,NewMediaPhone %l"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command]
@="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wdpfile\shell\print\command]
@="rundll32.exe %SystemRoot%\system32\shimgvw.dll,ImageView_Fullscreen %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wdpfile\shell\printto\command]
@="rundll32.exe %SystemRoot%\system32\shimgvw.dll,ImageView_PrintTo /pt "%1" "%2" "%3" "%4""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wmffile\shell\open\command]
@="rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_Fullscreen %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wmffile\shell\printto\command]
@="rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_PrintTo /pt "%1" "%2" "%3" "%4""
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Internet Call\Microsoft NetMeeting\Protocols\callto\shell\open\command]
@="rundll32.exe msconf.dll,CallToProtocolHandler %l"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Hotmail\Protocols\mailto\shell\open\command]
@="%SystemRoot%\system32\rundll32.exe "%ProgramFiles%\Internet Explorer\hmmapi.dll",MailToProtocolHandler %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Hotmail\shell\open\command]
@="%systemRoot%\system32\rundll32.exe "%ProgramFiles%\Internet Explorer\hmmapi.dll",OpenInboxHandler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"StubPath"=""C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"StubPath"="c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\International]
"rundll32.exe"="6.0.2600.0-6.0.9999.9999"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MessengerService]
"RollbackCommand"="RunDll32.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation]
"KillList"="%1;explorer.exe;dvdplay.exe;mplay32.exe;msohtmed.exe;quikview.exe;rundll.exe;rundll32.exe;taskman.exe;bck32api.dll;"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation]
"AddRemoveApps"="SETUP.EXE;INSTALL.EXE;ISUNINST.EXE;UNWISE.EXE;UNWISE32.EXE;ST5UNST.EXE;RUNDLL32.EXE;MSOOBE.EXE;LNKSTUB.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth]
"UninstallString"="rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth]
"QuietUninstallString"="rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver]
"UninstallString"=""C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Driver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView]
"UninstallString"=""C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.NView"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX]
"UninstallString"=""C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.PhysX"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update]
"UninstallString"=""C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Update"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\rundll32.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Memory Management\PrefetchParameters]
"HostingAppList"="DLLHOST.EXE,MMC.EXE,RUNDLL32.EXE"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILanguages\RCV2\rundll32.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Memory Management\PrefetchParameters]
"HostingAppList"="DLLHOST.EXE,MMC.EXE,RUNDLL32.EXE"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\rundll32.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters]
"HostingAppList"="DLLHOST.EXE,MMC.EXE,RUNDLL32.EXE"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\WINDOWS\system32\RUNDLL32.exe"="Run a DLL as an App"
[HKEY_USERS\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"text/iuls"=""rundll32.exe" msconf.dll,NewMediaPhone %l"
[HKEY_USERS\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"text/h323"=""rundll32.exe" msconf.dll,NewMediaPhone %l"
[HKEY_USERS\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"application/x-iphone"=""rundll32.exe" msconf.dll,NewMediaPhone %l"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\WINDOWS\system32\RUNDLL32.exe"="Run a DLL as an App"
[HKEY_USERS\S-1-5-19\Software\Netscape\Netscape Navigator\Viewers]
"text/iuls"=""rundll32.exe" msconf.dll,NewMediaPhone %l"
[HKEY_USERS\S-1-5-19\Software\Netscape\Netscape Navigator\Viewers]
"text/h323"=""rundll32.exe" msconf.dll,NewMediaPhone %l"
[HKEY_USERS\S-1-5-19\Software\Netscape\Netscape Navigator\Viewers]
"application/x-iphone"=""rundll32.exe" msconf.dll,NewMediaPhone %l"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\WINDOWS\system32\RUNDLL32.exe"="Run a DLL as an App"
[HKEY_USERS\S-1-5-20\Software\Netscape\Netscape Navigator\Viewers]
"text/iuls"=""rundll32.exe" msconf.dll,NewMediaPhone %l"
[HKEY_USERS\S-1-5-20\Software\Netscape\Netscape Navigator\Viewers]
"text/h323"=""rundll32.exe" msconf.dll,NewMediaPhone %l"
[HKEY_USERS\S-1-5-20\Software\Netscape\Netscape Navigator\Viewers]
"application/x-iphone"=""rundll32.exe" msconf.dll,NewMediaPhone %l"
[HKEY_USERS\S-1-5-21-1123561945-162531612-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\WINDOWS\system32\RunDll32.exe"="Run a DLL as an App"
[HKEY_USERS\S-1-5-21-1123561945-162531612-725345543-1003\Software\Netscape\Netscape Navigator\Viewers]
"text/iuls"=""rundll32.exe" msconf.dll,NewMediaPhone %l"
[HKEY_USERS\S-1-5-21-1123561945-162531612-725345543-1003\Software\Netscape\Netscape Navigator\Viewers]
"text/h323"=""rundll32.exe" msconf.dll,NewMediaPhone %l"
[HKEY_USERS\S-1-5-21-1123561945-162531612-725345543-1003\Software\Netscape\Netscape Navigator\Viewers]
"application/x-iphone"=""rundll32.exe" msconf.dll,NewMediaPhone %l"
[HKEY_USERS\S-1-5-21-1123561945-162531612-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\WINDOWS\system32\RUNDLL32.exe"="Run a DLL as an App"
[HKEY_USERS\S-1-5-21-1123561945-162531612-725345543-1004\Software\Netscape\Netscape Navigator\Viewers]
"text/iuls"=""rundll32.exe" msconf.dll,NewMediaPhone %l"
[HKEY_USERS\S-1-5-21-1123561945-162531612-725345543-1004\Software\Netscape\Netscape Navigator\Viewers]
"text/h323"=""rundll32.exe" msconf.dll,NewMediaPhone %l"
[HKEY_USERS\S-1-5-21-1123561945-162531612-725345543-1004\Software\Netscape\Netscape Navigator\Viewers]
"application/x-iphone"=""rundll32.exe" msconf.dll,NewMediaPhone %l"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\WINDOWS\system32\RUNDLL32.exe"="Run a DLL as an App"
[HKEY_USERS\S-1-5-18\Software\Netscape\Netscape Navigator\Viewers]
"text/iuls"=""rundll32.exe" msconf.dll,NewMediaPhone %l"
[HKEY_USERS\S-1-5-18\Software\Netscape\Netscape Navigator\Viewers]
"text/h323"=""rundll32.exe" msconf.dll,NewMediaPhone %l"
[HKEY_USERS\S-1-5-18\Software\Netscape\Netscape Navigator\Viewers]
"application/x-iphone"=""rundll32.exe" msconf.dll,NewMediaPhone %l"

Searching for "Video Library "
No data found.

-= EOF =-





avira picked up something during the filefind systemscan but I left it alone for now in case you had something specific to give me to get rid of/handle it

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:24 PM

Posted 15 June 2012 - 07:37 AM

Nothing suspicious was found in the last search.

avira picked up something during the filefind systemscan but I left it alone for now in case you had something specific to give me to get rid of/handle it

Can you elaborate on this. What was the error message?
===

Lets reset some setting.

Go Posted Image > run box and type cmd and hit OK
type
ipconfig /flushdns <-- (The space between g and / is needed) press the Enter key.

repeat with
ipconfig /renew

Then type Exit, hit the Enter key
*/*

Launch Notepad, and copy/paste all the blue instructions below to it.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]


Then, disconnect from the Internet!
Next,
Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.

On a Vista or Windows 7 operating system right click on the fixme.reg file and run as Administrator.

Optional if the following programs are in your computer.
Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed.
=================

If applicable reset the router.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Keep me posted.

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

#12 Raw Joe

Raw Joe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 15 June 2012 - 06:03 PM

Avira warning on systemlooks ":filefind rpcqt.dll Rundll32.exe"


"A virus or unwanted program 'Tr/Delf.SJS.1' was found in file 'C:\WINDOWS\system32\Rpcqt.dll'

Access to this file was denied, please select a further action:


I'm going to go ahead and just remove it since this was apparently unexpected to you and I'm going to reflush all that ip stuff and reapply the registry fix for now though.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:24 PM

Posted 16 June 2012 - 06:51 AM

And the result is?

#14 Raw Joe

Raw Joe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 17 June 2012 - 10:54 PM

Just tried out the computer to see if things were back to normal and the same issue of incoming packets being blocked by some mysterious force came back again.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:24 PM

Posted 18 June 2012 - 07:54 AM

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users