Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browser redirects and odd popups


  • Please log in to reply
5 replies to this topic

#1 ScottTeacher

ScottTeacher

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 07 June 2012 - 07:24 PM

Hello.. THANK YOU for your service.

Just yesterday I'm all the sudden getting redirects when searching for something and clicking the link in what the search engine finds. Then today I'll get a completely new window pop up even if I'm not searching.
It happens with any browser and also even in Windows Safe Mode.
I'm using Windows XP SP3 with all updates current.

I've used Trend Micro Internet Security for 4 or 5 years and it's up to date. I had it scan and it found 2 items that I removed but the problem continued.
I installed Microsoft Security Essentials and had it scan and it found 2 items and I deleted them all but the problem continues.
I put the system in safe mode and scanned with Malwarebytes Anti-Malware and it took 3 hours and it found 10 things and I removed them all, but the problem continues.

So now I'm here, pleading for help.

Thanks in advance..
God Bless,
Scott

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:04 PM

Posted 07 June 2012 - 08:26 PM

Hello, I moved this frp XP to Am I Infected.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.


Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.




Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.


Now reboot to Normal and run MBAM (MalwareBytes):
Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, [color="#8B0000"]Post new scan log
and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 ScottTeacher

ScottTeacher
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 08 June 2012 - 08:26 AM

Ok, I did everything you suggested. FYI, MBAM did not detect anything in the quick scan.
I did all the other things in the order you suggested and the redirects and pop-ups have stopped.
Amazing!
Do you still need the logs?
If you think there's still a lurking infection I'll be glad to post the logs.
Thank You, Thank You, Thank You!

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:04 PM

Posted 08 June 2012 - 08:58 AM

You're welcome I would like the Min and TDSS log, to see if I have to dig for more or fix exploits.
I will be in and out today.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 ScottTeacher

ScottTeacher
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 08 June 2012 - 09:58 AM

MiniToolBox by Farbar Version: 04-06-2012
Ran by Scott (administrator) on 07-06-2012 at 21:37:09
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.
Windows IP Configuration Host Name . . . . . . . . . . . . : scotts Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller Physical Address. . . . . . . . . : 48-5B-39-92-CA-34 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.10.3 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.10.1 DHCP Server . . . . . . . . . . . : 192.168.10.1 DNS Servers . . . . . . . . . . . : 192.168.10.1 Lease Obtained. . . . . . . . . . : Thursday, June 07, 2012 7:52:28 PM Lease Expires . . . . . . . . . . : Friday, June 08, 2012 7:52:28 PMPinging google.com [173.194.37.70] with 32 bytes of data:Reply from 173.194.37.70: bytes=32 time=28ms TTL=51Reply from 173.194.37.70: bytes=32 time=29ms TTL=51Ping statistics for 173.194.37.70: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 28ms, Maximum = 29ms, Average = 28msPinging yahoo.com [98.139.183.24] with 32 bytes of data:Reply from 98.139.183.24: bytes=32 time=61ms TTL=45Reply from 98.139.183.24: bytes=32 time=67ms TTL=45Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 61ms, Maximum = 67ms, Average = 64msPinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...48 5b 39 92 ca 34 ...... Realtek PCIe GBE Family Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.3 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.10.0 255.255.255.0 192.168.10.3 192.168.10.3 20
192.168.10.3 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.10.255 255.255.255.255 192.168.10.3 192.168.10.3 20
224.0.0.0 240.0.0.0 192.168.10.3 192.168.10.3 20
255.255.255.255 255.255.255.255 192.168.10.3 192.168.10.3 1
Default Gateway: 192.168.10.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be %SystemRoot%\System32\mswsock.dll

Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/07/2012 01:14:01 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.0.1526.0, P3 timeout, P4 1.1.8403.0, P5 fixed, P6 4 _ 2049+, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (06/07/2012 00:14:01 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.0.1526.0, P3 timeout, P4 1.1.8403.0, P5 fixed, P6 4 _ 2049+, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (06/06/2012 06:37:02 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.0.1526.0, P3 timeout, P4 1.1.8403.0, P5 fixed, P6 4 _ 2049+, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (06/06/2012 11:03:14 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.0.1526.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (06/05/2012 09:37:15 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt> with error: The specified server cannot perform the requested operation.

Error: (06/05/2012 09:37:15 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt> with error: The specified server cannot perform the requested operation.

Error: (06/05/2012 09:37:15 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt> with error: This operation returned because the timeout period expired.

Error: (06/04/2012 08:22:59 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module avisplitter.ax, version 1.0.0.9, fault address 0x000220b4.
Processing media-specific event for [explorer.exe!ws!]

Error: (06/04/2012 07:52:01 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module avisplitter.ax, version 1.0.0.9, fault address 0x000220b4.
Processing media-specific event for [explorer.exe!ws!]

Error: (06/04/2012 07:42:57 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module avisplitter.ax, version 1.0.0.9, fault address 0x000220b4.
Processing media-specific event for [explorer.exe!ws!]


System errors:
=============
Error: (06/07/2012 09:31:48 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (06/07/2012 07:31:48 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (06/07/2012 07:21:40 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (06/07/2012 07:08:44 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (06/07/2012 06:34:24 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (06/07/2012 05:32:21 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (06/07/2012 04:33:25 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (06/07/2012 03:32:10 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (06/07/2012 02:33:39 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (06/07/2012 02:12:23 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127


Microsoft Office Sessions:
=========================
Error: (01/03/2012 02:07:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 101024 seconds with 1440 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

ABBYY FineReader OCR Engine for Microtek
Adobe After Effects 6.0 (Version: 6.0)
Adobe AIR (Version: 2.0.3.13070)
Adobe Bridge 1.0 (Version: 001.000.004)
Adobe Common File Installer (Version: 1.00.0000)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin (Version: 11.2.202.235)
Adobe Help Center 1.0 (Version: 001.000.000)
Adobe Illustrator CS (Version: 11)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Photoshop Lightroom 2.7 (Version: 2.7)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
Adobe Stock Photos 1.0 (Version: 001.000.000)
Adobe SVG Viewer 3.0 (Version: 3.0)
Akamai NetSession Interface Service
Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)
Angry Birds 2.0.2
Angry Birds Rio
Angry Birds Seasons
Angry Birds Space 1.0.0
AoA Audio Extractor
Apophysis 2.0 (Version: )
Audacity 1.2.6
Avanquest update (Version: 1.29)
Battery-Resistor Circuit
Battery Voltage
Brother P-touch Editor 5.0 (Version: 5.0.1220)
BufferChm (Version: 43.1.5.000)
Canon Camera WIA Driver (Version: 5.7)
Canon EOS 5D WIA Driver (Version: 5.7)
Cerberus FTP Server (Version: 4.0.29)
Chemistry Add-in for Word (Version: 1.0.0)
Color Vision
Conductivity
Corel Graphics - Windows Shell Extension (Version: 15.2.0.661)
Corel Graphics - Windows Shell Extension (Version: 15.2.661)
Corel Uninstaller
CorelDRAW Graphics Suite X5 - Capture (Version: 15.2)
CorelDRAW Graphics Suite X5 - Common (Version: 15.2)
CorelDRAW Graphics Suite X5 - Connect (Version: 15.2)
CorelDRAW Graphics Suite X5 - Custom Data (Version: 15.2)
CorelDRAW Graphics Suite X5 - Draw (Version: 15.2)
CorelDRAW Graphics Suite X5 - EN (Version: 15.2)
CorelDRAW Graphics Suite X5 - Filters (Version: 15.2)
CorelDRAW Graphics Suite X5 - FontNav (Version: 15.2)
CorelDRAW Graphics Suite X5 - IPM (Version: 15.2)
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (Version: 15.2)
CorelDRAW Graphics Suite X5 - Photozoom Plugin (Version: 15.0)
CorelDRAW Graphics Suite X5 - Redist (Version: 15.0)
CorelDRAW Graphics Suite X5 - Setup Files (Version: 15.2)
CorelDRAW Graphics Suite X5 - VBA (Version: 15.2)
CorelDRAW Graphics Suite X5 - VideoBrowser (Version: 15.2)
CorelDRAW Graphics Suite X5 - VSTA (Version: 15.2)
CorelDRAW Graphics Suite X5 - WT (Version: 15.1)
CorelDRAW Graphics Suite X5 (Version: 15.2)
CorelDRAW® Graphics Suite X5 (Version: 15.2.0.661)
CP2101 USB to UART Bridge Controller
CreativeProjects (Version: 43.1.5.000)
CreativeProjectsTemplates (Version: 43.1.5.000)
CueTour (Version: 43.1.5.000)
CutePDF Writer 2.7
Destinations (Version: 43.1.5.000)
Director (Version: 43.1.5.000)
DivX Setup (Version: 2.6.1.5)
Dropbox (Version: 1.4.3)
EasyRecovery Professional (Version: 6.04.08)
EchoLink (Version: 2.0.908)
EverQuest II
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
Free Convert iPhone to AVI FLV WMV 3GP Converter 5.8
Free Mp3 Wma Converter V 2.2 (Version: 2.2.0.0)
Free Video to MP3 Converter version 4.3.0.712
Frogatto version 1.0.1 (Version: 1.0.1)
Google Earth (Version: 6.1.0.5001)
Google SketchUp 8 (Version: 3.0.4811)
Google Update Helper (Version: 1.3.21.111)
GRLevel3 version 1.41
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
Home Designer Suite 8 (Version: 8.4.1.8)
HP Image Zone 4.0 (Version: 4.0)
HP Software Update (Version: 2.0.39.20040212)
HP Unload DLL Patch (Version: 1.00.0000)
HPSystemDiagnostics (Version: 1.5.0.0)
Icy Tower v1.4
ImgBurn (Version: 2.5.5.0)
InstantShare (Version: 4.0.0.40)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.5179)
Intel® Management Engine Components (Version: 6.0.0.1179)
IrfanView (remove only) (Version: 4.28)
IsoBuster 2.8.5 (Version: 2.8.5)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
K-Lite Codec Pack 4.0.0 (Full) (Version: 4.0.0)
Kayak Extreme
Lightworks (Version: 10.0.22.0)
LIMBO
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Combat Flight Simulator 3.1
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Flight (Version: 1.0.0000.129)
Microsoft Flight (Version: 1.0.0003.129)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Links 2003
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.30319)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.30322)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (Version: 9.0.30729)
Motorola Driver Installation 4.5.0 (Version: 4.5.0)
Motorola Phone Tools (Version: 5.00)
Motorola Phone Tools (Version: 5.31a 05/13/2010)
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
My Screen Saver
Need for Speed Underground 2 Demo
Nero Suite
NVIDIA Control Panel 295.73 (Version: 295.73)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Graphics Driver 295.73 (Version: 295.73)
NVIDIA HD Audio Driver 1.3.12.0 (Version: 1.3.12.0)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA nView 136.18 (Version: 136.18)
NVIDIA nView Desktop Manager (Version: 6.14.10.13527)
NVIDIA PhysX (Version: 9.12.0209)
NVIDIA PhysX System Software 9.12.0209 (Version: 9.12.0209)
NVIDIA Update 1.7.11 (Version: 1.7.11)
NVIDIA Update Components (Version: 1.7.11)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenLP 2.0
Overland (Version: 2.1.5)
PCLinq2 High-Speed USB Bridge Cable
Personal Checkbook Advantage
Photo Story 3 for Windows (Version: 3.0.1115.11)
PhotoFilmStrip 1.5.0 (Version: 1.5.0)
PhotoGallery (Version: 43.1.5.000)
Photosmart 320,370,7400,8100,8400 Series (Version: 2.0)
PL-2303 USB-to-Serial
Platform (Version: 1.34)
PrintScreen (Version: 43.1.5.000)
PS8100 (Version: 1.00.0000)
PSPrinters06 (Version: 1.00.0000)
QFolder (Version: 1.00.0000)
Quake 4™ (Version: 1.0)
Quake 4™ Demo (Version: 1.0)
Quake II
QuickProjects (Version: 43.1.5.000)
RAD Video Tools
Reactions & Rates
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.24.0000)
Replay Radio 6.13
ScanWizard 5
Screen Monkey (Version: 3.5.25)
Sculptris Alpha 6 (Version: 0.6)
Semiconductors
Sid Meier's Railroads 1.1
SkinsHP1 (Version: 43.1.5.000)
Smart File Advisor 1.1.1 (Version: 1.1.1)
Sound
Souptoys (Version: 1.6.0.8)
SpeedFan (remove only)
Steam (Version: 1.0.0.0)
Street Cleaning Simulator
Team Fortress 2
TeamViewer 6 (Version: 6.0.9947)
The Moving Man
The Polynomial - Demo
TI Connect 1.6 (Version: 1.6)
Torque
TrayApp (Version: 43.1.5.000)
Trend Micro Internet Security (Version: 17.50)
UltraMon (Version: 3.0.2)
UnInstall Envy24 Family Audio Device Driver
Unload (Version: 4.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (KB982305) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VIA Platform Device Manager (Version: 1.34)
VirtualCloneDrive
Visual Basic for Applications ® Core - English (Version: 6.4.99.69)
Visual Basic for Applications ® Core (Version: 6.4.99.69)
VLC media player 2.0.1 (Version: 2.0.1)
Wave Interference
WeatherLink 5.5.1
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 43.1.5.000)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPcap 3.1 beta4
WinRAR archiver
Yahoo! Messenger

========================= Memory info: ===================================

Percentage of memory in use: 30%
Total physical RAM: 3574.98 MB
Available physical RAM: 2498.6 MB
Total Pagefile: 5457.34 MB
Available Pagefile: 4603.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.82 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:195.31 GB) (Free:50.34 GB) NTFS
3 Drive d: () (Fixed) (Total:736.19 GB) (Free:229.97 GB) NTFS

========================= Users: ========================================

User accounts for \\SCOTTS

Administrator ASPNET Guest
HelpAssistant Scott SUPPORT_388945a0
UpdatusUser


**** End of log ****



I lost the log from last night.. this is the one from this morning, after the problems have cleared up.

10:55:34.0421 3216 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
10:55:35.0140 3216 ============================================================
10:55:35.0140 3216 Current date / time: 2012/06/08 10:55:35.0140
10:55:35.0140 3216 SystemInfo:
10:55:35.0140 3216
10:55:35.0140 3216 OS Version: 5.1.2600 ServicePack: 3.0
10:55:35.0140 3216 Product type: Workstation
10:55:35.0140 3216 ComputerName: SCOTTS
10:55:35.0140 3216 UserName: Scott
10:55:35.0140 3216 Windows directory: C:\WINDOWS
10:55:35.0140 3216 System windows directory: C:\WINDOWS
10:55:35.0140 3216 Processor architecture: Intel x86
10:55:35.0140 3216 Number of processors: 4
10:55:35.0140 3216 Page size: 0x1000
10:55:35.0140 3216 Boot type: Normal boot
10:55:35.0140 3216 ============================================================
10:55:36.0312 3216 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:55:36.0312 3216 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:55:36.0312 3216 ============================================================
10:55:36.0312 3216 \Device\Harddisk0\DR0:
10:55:36.0312 3216 MBR partitions:
10:55:36.0312 3216 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1869E559
10:55:36.0328 3216 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1869E5D7, BlocksNum 0x5C063529
10:55:36.0328 3216 \Device\Harddisk1\DR1:
10:55:36.0328 3216 MBR partitions:
10:55:36.0328 3216 ============================================================
10:55:36.0359 3216 C: <-> \Device\Harddisk0\DR0\Partition0
10:55:36.0468 3216 D: <-> \Device\Harddisk0\DR0\Partition1
10:55:36.0468 3216 ============================================================
10:55:36.0468 3216 Initialize success
10:55:36.0468 3216 ============================================================
10:56:02.0406 5340 ============================================================
10:56:02.0406 5340 Scan started
10:56:02.0406 5340 Mode: Manual;
10:56:02.0406 5340 ============================================================
10:56:02.0640 5340 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
10:56:02.0671 5340 !SASCORE - ok
10:56:02.0750 5340 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
10:56:02.0765 5340 61883 - ok
10:56:02.0765 5340 Abiosdsk - ok
10:56:02.0765 5340 abp480n5 - ok
10:56:02.0796 5340 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:56:02.0812 5340 ACPI - ok
10:56:02.0828 5340 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:56:02.0843 5340 ACPIEC - ok
10:56:02.0875 5340 Adobe LM Service (c1eb9968ec89fba5f3a264e2e57923ab) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
10:56:02.0875 5340 Adobe LM Service - ok
10:56:02.0906 5340 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:56:02.0921 5340 AdobeFlashPlayerUpdateSvc - ok
10:56:02.0921 5340 adpu160m - ok
10:56:02.0921 5340 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:56:02.0937 5340 aec - ok
10:56:02.0984 5340 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:56:03.0000 5340 AFD - ok
10:56:03.0000 5340 Aha154x - ok
10:56:03.0000 5340 aic78u2 - ok
10:56:03.0000 5340 aic78xx - ok
10:56:03.0015 5340 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
10:56:03.0031 5340 Alerter - ok
10:56:03.0046 5340 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
10:56:03.0062 5340 ALG - ok
10:56:03.0062 5340 AliIde - ok
10:56:03.0062 5340 amsint - ok
10:56:03.0078 5340 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
10:56:03.0078 5340 AppMgmt - ok
10:56:03.0078 5340 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:56:03.0093 5340 Arp1394 - ok
10:56:03.0093 5340 asc - ok
10:56:03.0093 5340 asc3350p - ok
10:56:03.0093 5340 asc3550 - ok
10:56:03.0156 5340 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:56:03.0156 5340 aspnet_state - ok
10:56:03.0171 5340 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:56:03.0171 5340 AsyncMac - ok
10:56:03.0187 5340 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:56:03.0187 5340 atapi - ok
10:56:03.0187 5340 Atdisk - ok
10:56:03.0203 5340 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:56:03.0203 5340 Atmarpc - ok
10:56:03.0218 5340 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
10:56:03.0234 5340 AudioSrv - ok
10:56:03.0250 5340 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:56:03.0250 5340 audstub - ok
10:56:03.0281 5340 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
10:56:03.0281 5340 Avc - ok
10:56:03.0296 5340 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:56:03.0296 5340 Beep - ok
10:56:03.0312 5340 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
10:56:03.0359 5340 BITS - ok
10:56:03.0375 5340 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
10:56:03.0390 5340 Browser - ok
10:56:03.0406 5340 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:56:03.0421 5340 cbidf2k - ok
10:56:03.0437 5340 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:56:03.0437 5340 CCDECODE - ok
10:56:03.0437 5340 cd20xrnt - ok
10:56:03.0453 5340 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:56:03.0468 5340 Cdaudio - ok
10:56:03.0468 5340 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:56:03.0484 5340 Cdfs - ok
10:56:03.0500 5340 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:56:03.0500 5340 Cdrom - ok
10:56:04.0250 5340 Cerberus FTP Server (40b48e4ea44b3ac5a6567ae135e2231d) D:\Program Files\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe
10:56:04.0921 5340 Cerberus FTP Server - ok
10:56:04.0937 5340 Changer - ok
10:56:04.0953 5340 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
10:56:04.0968 5340 CiSvc - ok
10:56:04.0984 5340 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
10:56:05.0000 5340 ClipSrv - ok
10:56:05.0031 5340 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:56:05.0031 5340 clr_optimization_v2.0.50727_32 - ok
10:56:05.0031 5340 CmdIde - ok
10:56:05.0046 5340 COMSysApp - ok
10:56:05.0046 5340 Cpqarray - ok
10:56:05.0062 5340 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
10:56:05.0078 5340 CryptSvc - ok
10:56:05.0078 5340 dac2w2k - ok
10:56:05.0078 5340 dac960nt - ok
10:56:05.0109 5340 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
10:56:05.0109 5340 DcomLaunch - ok
10:56:05.0140 5340 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
10:56:05.0156 5340 Dhcp - ok
10:56:05.0171 5340 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:56:05.0187 5340 Disk - ok
10:56:05.0187 5340 dmadmin - ok
10:56:05.0218 5340 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:56:05.0250 5340 dmboot - ok
10:56:05.0281 5340 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:56:05.0296 5340 dmio - ok
10:56:05.0312 5340 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:56:05.0312 5340 dmload - ok
10:56:05.0328 5340 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
10:56:05.0343 5340 dmserver - ok
10:56:05.0343 5340 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:56:05.0359 5340 DMusic - ok
10:56:05.0390 5340 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
10:56:05.0390 5340 Dnscache - ok
10:56:05.0421 5340 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
10:56:05.0437 5340 Dot3svc - ok
10:56:05.0437 5340 dpti2o - ok
10:56:05.0453 5340 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:56:05.0453 5340 drmkaud - ok
10:56:05.0468 5340 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
10:56:05.0484 5340 EapHost - ok
10:56:05.0484 5340 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
10:56:05.0500 5340 ElbyCDIO - ok
10:56:05.0531 5340 Envy24HFS (ac913b7ab3a8c69a7b341d9f69fe1d04) C:\WINDOWS\system32\drivers\Envy24HF.sys
10:56:05.0531 5340 Envy24HFS - ok
10:56:05.0546 5340 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
10:56:05.0546 5340 ERSvc - ok
10:56:05.0578 5340 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:56:05.0609 5340 Eventlog - ok
10:56:05.0625 5340 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
10:56:05.0640 5340 EventSystem - ok
10:56:05.0656 5340 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:56:05.0671 5340 Fastfat - ok
10:56:05.0718 5340 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:56:05.0734 5340 FastUserSwitchingCompatibility - ok
10:56:05.0734 5340 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:56:05.0750 5340 Fdc - ok
10:56:05.0750 5340 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:56:05.0750 5340 Fips - ok
10:56:05.0781 5340 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:56:05.0781 5340 Flpydisk - ok
10:56:05.0796 5340 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:56:05.0812 5340 FltMgr - ok
10:56:05.0859 5340 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:56:05.0859 5340 FontCache3.0.0.0 - ok
10:56:05.0890 5340 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:56:05.0890 5340 Fs_Rec - ok
10:56:05.0906 5340 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:56:05.0921 5340 Ftdisk - ok
10:56:05.0953 5340 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
10:56:05.0953 5340 giveio - ok
10:56:05.0953 5340 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:56:05.0968 5340 Gpc - ok
10:56:06.0015 5340 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
10:56:06.0015 5340 gupdate - ok
10:56:06.0015 5340 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
10:56:06.0031 5340 gupdatem - ok
10:56:06.0031 5340 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:56:06.0046 5340 HDAudBus - ok
10:56:06.0062 5340 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\WINDOWS\system32\DRIVERS\HECI.sys
10:56:06.0078 5340 HECI - ok
10:56:06.0109 5340 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:56:06.0109 5340 helpsvc - ok
10:56:06.0109 5340 HidServ - ok
10:56:06.0125 5340 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
10:56:06.0140 5340 hkmsvc - ok
10:56:06.0140 5340 hpn - ok
10:56:06.0156 5340 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
10:56:06.0171 5340 HPZid412 - ok
10:56:06.0203 5340 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
10:56:06.0218 5340 HPZipr12 - ok
10:56:06.0218 5340 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
10:56:06.0234 5340 HPZius12 - ok
10:56:06.0265 5340 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:56:06.0281 5340 HTTP - ok
10:56:06.0296 5340 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
10:56:06.0312 5340 HTTPFilter - ok
10:56:06.0312 5340 i2omgmt - ok
10:56:06.0312 5340 i2omp - ok
10:56:06.0312 5340 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:56:06.0328 5340 i8042prt - ok
10:56:06.0406 5340 ialm (ed3d980e2d3e15fe179269699d65f5a7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:56:06.0468 5340 ialm - ok
10:56:06.0562 5340 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:56:06.0578 5340 idsvc - ok
10:56:06.0625 5340 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:56:06.0640 5340 Imapi - ok
10:56:06.0656 5340 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
10:56:06.0687 5340 ImapiService - ok
10:56:06.0687 5340 ini910u - ok
10:56:06.0703 5340 IntcDAud (f2bfc65dfbca35734accd03c10105f9e) C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
10:56:06.0718 5340 IntcDAud - ok
10:56:06.0718 5340 IntelIde - ok
10:56:06.0734 5340 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:56:06.0750 5340 intelppm - ok
10:56:06.0750 5340 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:56:06.0765 5340 Ip6Fw - ok
10:56:06.0796 5340 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:56:06.0796 5340 IpFilterDriver - ok
10:56:06.0812 5340 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:56:06.0828 5340 IpInIp - ok
10:56:06.0843 5340 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:56:06.0859 5340 IpNat - ok
10:56:06.0859 5340 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:56:06.0875 5340 IPSec - ok
10:56:06.0890 5340 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:56:06.0890 5340 IRENUM - ok
10:56:06.0906 5340 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:56:06.0937 5340 isapnp - ok
10:56:06.0953 5340 ivusb (de96bbf842059a67d876b692076d8875) C:\WINDOWS\system32\DRIVERS\ivusb.sys
10:56:06.0968 5340 ivusb - ok
10:56:07.0062 5340 JavaQuickStarterService (0a5709543986843d37a92290b7838340) D:\Program Files\Java\bin\jqs.exe
10:56:07.0078 5340 JavaQuickStarterService - ok
10:56:07.0093 5340 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:56:07.0093 5340 Kbdclass - ok
10:56:07.0125 5340 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:56:07.0125 5340 kmixer - ok
10:56:07.0140 5340 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:56:07.0140 5340 KSecDD - ok
10:56:07.0156 5340 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
10:56:07.0171 5340 lanmanserver - ok
10:56:07.0187 5340 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
10:56:07.0203 5340 lanmanworkstation - ok
10:56:07.0203 5340 lbrtfdc - ok
10:56:07.0203 5340 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
10:56:07.0218 5340 LmHosts - ok
10:56:07.0265 5340 LMS (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
10:56:07.0281 5340 LMS - ok
10:56:07.0296 5340 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
10:56:07.0312 5340 Messenger - ok
10:56:07.0328 5340 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:56:07.0328 5340 mnmdd - ok
10:56:07.0359 5340 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
10:56:07.0375 5340 mnmsrvc - ok
10:56:07.0421 5340 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:56:07.0421 5340 Modem - ok
10:56:07.0437 5340 motmodem (54fee02961c70fd9d4d7e2f87afa23fa) C:\WINDOWS\system32\DRIVERS\motmodem.sys
10:56:07.0453 5340 motmodem - ok
10:56:07.0484 5340 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:56:07.0484 5340 Mouclass - ok
10:56:07.0515 5340 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:56:07.0531 5340 MountMgr - ok
10:56:07.0546 5340 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:56:07.0562 5340 MozillaMaintenance - ok
10:56:07.0562 5340 mraid35x - ok
10:56:07.0578 5340 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:56:07.0593 5340 MRxDAV - ok
10:56:07.0625 5340 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:56:07.0656 5340 MRxSmb - ok
10:56:07.0671 5340 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
10:56:07.0671 5340 MSDTC - ok
10:56:07.0703 5340 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
10:56:07.0718 5340 MSDV - ok
10:56:07.0734 5340 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:56:07.0734 5340 Msfs - ok
10:56:07.0734 5340 MSIServer - ok
10:56:07.0765 5340 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:56:07.0781 5340 MSKSSRV - ok
10:56:07.0781 5340 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:56:07.0781 5340 MSPCLOCK - ok
10:56:07.0796 5340 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:56:07.0796 5340 MSPQM - ok
10:56:07.0812 5340 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:56:07.0812 5340 mssmbios - ok
10:56:07.0843 5340 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
10:56:07.0843 5340 MSTEE - ok
10:56:07.0843 5340 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
10:56:07.0859 5340 MTsensor - ok
10:56:07.0875 5340 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:56:07.0890 5340 Mup - ok
10:56:07.0906 5340 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:56:07.0921 5340 NABTSFEC - ok
10:56:07.0953 5340 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
10:56:07.0968 5340 napagent - ok
10:56:08.0000 5340 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:56:08.0015 5340 NDIS - ok
10:56:08.0031 5340 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:56:08.0046 5340 NdisIP - ok
10:56:08.0062 5340 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:56:08.0062 5340 NdisTapi - ok
10:56:08.0093 5340 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:56:08.0093 5340 Ndisuio - ok
10:56:08.0109 5340 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:56:08.0125 5340 NdisWan - ok
10:56:08.0140 5340 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:56:08.0156 5340 NDProxy - ok
10:56:08.0156 5340 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:56:08.0171 5340 NetBIOS - ok
10:56:08.0171 5340 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:56:08.0187 5340 NetBT - ok
10:56:08.0218 5340 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:56:08.0250 5340 NetDDE - ok
10:56:08.0250 5340 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:56:08.0250 5340 NetDDEdsdm - ok
10:56:08.0250 5340 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:56:08.0265 5340 Netlogon - ok
10:56:08.0281 5340 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
10:56:08.0296 5340 Netman - ok
10:56:08.0343 5340 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:56:08.0343 5340 NetTcpPortSharing - ok
10:56:08.0359 5340 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:56:08.0359 5340 NIC1394 - ok
10:56:08.0406 5340 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
10:56:08.0406 5340 Nla - ok
10:56:08.0421 5340 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
10:56:08.0421 5340 nm - ok
10:56:08.0437 5340 NPF (05f6be0427ecb1d4f0985217f30f49f2) C:\WINDOWS\system32\drivers\npf.sys
10:56:08.0468 5340 NPF - ok
10:56:08.0468 5340 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:56:08.0468 5340 Npfs - ok
10:56:08.0500 5340 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:56:08.0562 5340 Ntfs - ok
10:56:08.0562 5340 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:56:08.0562 5340 NtLmSsp - ok
10:56:08.0593 5340 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
10:56:08.0609 5340 NtmsSvc - ok
10:56:08.0609 5340 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:56:08.0625 5340 Null - ok
10:56:08.0953 5340 nv (0dc79b60cedc3a8854c27b3c6e4b3414) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:56:09.0250 5340 nv - ok
10:56:09.0296 5340 NVHDA (8eb410a64c86d51007687ee00bc2f912) C:\WINDOWS\system32\drivers\nvhda32.sys
10:56:09.0312 5340 NVHDA - ok
10:56:09.0328 5340 NVSvc (971b4344aba9b79ed0e9d0bb2a5283c1) C:\WINDOWS\system32\nvsvc32.exe
10:56:09.0343 5340 NVSvc - ok
10:56:09.0437 5340 nvUpdatusService (4cde6d8e0a07dce9e568f58a5dc8086c) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:56:09.0500 5340 nvUpdatusService - ok
10:56:09.0546 5340 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:56:09.0562 5340 NwlnkFlt - ok
10:56:09.0562 5340 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:56:09.0578 5340 NwlnkFwd - ok
10:56:09.0703 5340 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:56:09.0734 5340 odserv - ok
10:56:09.0750 5340 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:56:09.0765 5340 ohci1394 - ok
10:56:09.0812 5340 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:56:09.0828 5340 ose - ok
10:56:09.0843 5340 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:56:09.0859 5340 Parport - ok
10:56:09.0875 5340 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:56:09.0875 5340 PartMgr - ok
10:56:09.0875 5340 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:56:09.0890 5340 ParVdm - ok
10:56:09.0890 5340 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:56:09.0906 5340 PCI - ok
10:56:09.0906 5340 PCIDump - ok
10:56:09.0921 5340 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:56:09.0937 5340 PCIIde - ok
10:56:09.0953 5340 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:56:09.0968 5340 Pcmcia - ok
10:56:09.0968 5340 PDCOMP - ok
10:56:09.0968 5340 PDFRAME - ok
10:56:09.0968 5340 PDRELI - ok
10:56:09.0968 5340 PDRFRAME - ok
10:56:09.0968 5340 perc2 - ok
10:56:09.0984 5340 perc2hib - ok
10:56:10.0015 5340 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:56:10.0015 5340 PlugPlay - ok
10:56:10.0031 5340 PLUsbbc2 (deb5a23f8625d7d84daff899478a4893) C:\WINDOWS\system32\Drivers\usbbc2.sys
10:56:10.0031 5340 PLUsbbc2 - ok
10:56:10.0046 5340 Pml Driver HPZ12 (901c43516504cbe582e4c4193e00876a) C:\WINDOWS\system32\HPZipm12.exe
10:56:10.0078 5340 Pml Driver HPZ12 - ok
10:56:10.0109 5340 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:56:10.0109 5340 PolicyAgent - ok
10:56:10.0109 5340 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:56:10.0125 5340 PptpMiniport - ok
10:56:10.0125 5340 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:56:10.0125 5340 ProtectedStorage - ok
10:56:10.0125 5340 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:56:10.0140 5340 PSched - ok
10:56:10.0281 5340 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
10:56:10.0296 5340 PSI_SVC_2 - ok
10:56:10.0296 5340 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:56:10.0312 5340 Ptilink - ok
10:56:10.0328 5340 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:56:10.0328 5340 PxHelp20 - ok
10:56:10.0343 5340 ql1080 - ok
10:56:10.0343 5340 Ql10wnt - ok
10:56:10.0343 5340 ql12160 - ok
10:56:10.0343 5340 ql1240 - ok
10:56:10.0343 5340 ql1280 - ok
10:56:10.0343 5340 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:56:10.0359 5340 RasAcd - ok
10:56:10.0375 5340 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
10:56:10.0375 5340 RasAuto - ok
10:56:10.0390 5340 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:56:10.0406 5340 Rasl2tp - ok
10:56:10.0421 5340 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
10:56:10.0437 5340 RasMan - ok
10:56:10.0437 5340 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:56:10.0453 5340 RasPppoe - ok
10:56:10.0453 5340 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:56:10.0468 5340 Raspti - ok
10:56:10.0484 5340 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:56:10.0500 5340 Rdbss - ok
10:56:10.0515 5340 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:56:10.0515 5340 RDPCDD - ok
10:56:10.0531 5340 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:56:10.0546 5340 rdpdr - ok
10:56:10.0578 5340 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
10:56:10.0593 5340 RDPWD - ok
10:56:10.0609 5340 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
10:56:10.0625 5340 RDSessMgr - ok
10:56:10.0640 5340 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:56:10.0656 5340 redbook - ok
10:56:10.0671 5340 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
10:56:10.0671 5340 RemoteAccess - ok
10:56:10.0687 5340 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
10:56:10.0687 5340 RemoteRegistry - ok
10:56:10.0703 5340 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
10:56:10.0718 5340 ROOTMODEM - ok
10:56:10.0750 5340 rpcapd (d131b07080c7ccb6ee2cc1494d6f58b4) C:\Program Files\WinPcap\rpcapd.exe
10:56:10.0796 5340 rpcapd - ok
10:56:10.0812 5340 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
10:56:10.0812 5340 RpcLocator - ok
10:56:10.0859 5340 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
10:56:10.0859 5340 RpcSs - ok
10:56:10.0875 5340 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
10:56:10.0890 5340 RSVP - ok
10:56:10.0906 5340 RTLE8023xp (c6d34a1874cd2b212dc3e788091c64b4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
10:56:10.0921 5340 RTLE8023xp - ok
10:56:10.0937 5340 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:56:10.0937 5340 SamSs - ok
10:56:10.0968 5340 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
10:56:10.0984 5340 SASDIFSV - ok
10:56:11.0000 5340 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
10:56:11.0000 5340 SASKUTIL - ok
10:56:11.0015 5340 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
10:56:11.0031 5340 SCardSvr - ok
10:56:11.0046 5340 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
10:56:11.0062 5340 Schedule - ok
10:56:11.0078 5340 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:56:11.0093 5340 Secdrv - ok
10:56:11.0109 5340 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
10:56:11.0109 5340 seclogon - ok
10:56:11.0125 5340 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
10:56:11.0125 5340 SENS - ok
10:56:11.0140 5340 Ser2pl (2ec41a96d0dc98bd119bf325e0b9f392) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
10:56:11.0156 5340 Ser2pl - ok
10:56:11.0171 5340 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:56:11.0171 5340 serenum - ok
10:56:11.0203 5340 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:56:11.0218 5340 Serial - ok
10:56:11.0375 5340 SfCtlCom (58c52cf9dd452817b9f4ba0781014836) D:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
10:56:11.0406 5340 SfCtlCom - ok
10:56:11.0437 5340 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:56:11.0437 5340 Sfloppy - ok
10:56:11.0500 5340 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:56:11.0500 5340 ShellHWDetection - ok
10:56:11.0515 5340 SilverLink (392834adb35deb199b03ae6a6caab23a) C:\WINDOWS\system32\Drivers\SilvrLnk.sys
10:56:11.0515 5340 SilverLink - ok
10:56:11.0531 5340 Simbad - ok
10:56:11.0546 5340 slabbus (886dbe1e6de104591e8b7334b6d42ed8) C:\WINDOWS\system32\DRIVERS\slabbus.sys
10:56:11.0578 5340 slabbus - ok
10:56:11.0609 5340 slabser (2f3a6eebbbbb158caaa78790fd49e7c3) C:\WINDOWS\system32\DRIVERS\slabser.sys
10:56:11.0656 5340 slabser - ok
10:56:11.0671 5340 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:56:11.0687 5340 SLIP - ok
10:56:11.0687 5340 Sparrow - ok
10:56:11.0703 5340 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
10:56:11.0718 5340 speedfan - ok
10:56:11.0734 5340 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:56:11.0750 5340 splitter - ok
10:56:11.0765 5340 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
10:56:11.0781 5340 Spooler - ok
10:56:11.0796 5340 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:56:11.0796 5340 sr - ok
10:56:11.0828 5340 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
10:56:11.0843 5340 srservice - ok
10:56:11.0875 5340 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:56:11.0921 5340 Srv - ok
10:56:11.0937 5340 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
10:56:11.0937 5340 SSDPSRV - ok
10:56:11.0968 5340 Steam Client Service - ok
10:56:11.0984 5340 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
10:56:12.0000 5340 stisvc - ok
10:56:12.0031 5340 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:56:12.0031 5340 streamip - ok
10:56:12.0046 5340 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:56:12.0046 5340 swenum - ok
10:56:12.0062 5340 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:56:12.0078 5340 swmidi - ok
10:56:12.0078 5340 SwPrv - ok
10:56:12.0078 5340 symc810 - ok
10:56:12.0078 5340 symc8xx - ok
10:56:12.0078 5340 sym_hi - ok
10:56:12.0078 5340 sym_u3 - ok
10:56:12.0093 5340 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:56:12.0109 5340 sysaudio - ok
10:56:12.0109 5340 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
10:56:12.0140 5340 SysmonLog - ok
10:56:12.0171 5340 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
10:56:12.0187 5340 TapiSrv - ok
10:56:12.0218 5340 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:56:12.0250 5340 Tcpip - ok
10:56:12.0250 5340 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:56:12.0265 5340 TDPIPE - ok
10:56:12.0281 5340 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:56:12.0281 5340 TDTCP - ok
10:56:12.0406 5340 TeamViewer6 (839e88db24d2d8f05b72e12b175951ca) D:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
10:56:12.0515 5340 TeamViewer6 - ok
10:56:12.0531 5340 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:56:12.0546 5340 TermDD - ok
10:56:12.0562 5340 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
10:56:12.0562 5340 TermService - ok
10:56:12.0578 5340 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:56:12.0593 5340 Themes - ok
10:56:12.0609 5340 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
10:56:12.0625 5340 TlntSvr - ok
10:56:12.0656 5340 tmactmon (ca9e9c2c04a198ed345c1752222a5f3e) C:\WINDOWS\system32\drivers\tmactmon.sys
10:56:12.0671 5340 tmactmon - ok
10:56:12.0734 5340 TMBMServer (b365e817e398ff2ac5706eab232ef6c1) D:\Program Files\Trend Micro\BM\TMBMSRV.exe
10:56:12.0750 5340 TMBMServer - ok
10:56:12.0796 5340 tmcfw (fcfa40e475ff5549f5cd335f4046aba4) C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
10:56:12.0828 5340 tmcfw - ok
10:56:12.0843 5340 tmcomm (a3d20789b3ff0576a29462bef25bcfcc) C:\WINDOWS\system32\drivers\tmcomm.sys
10:56:12.0859 5340 tmcomm - ok
10:56:12.0875 5340 tmevtmgr (21f215e54770c4bf93efaf63f58fe57e) C:\WINDOWS\system32\drivers\tmevtmgr.sys
10:56:12.0875 5340 tmevtmgr - ok
10:56:13.0000 5340 TmPfw (255328cf08d602368b69ff1f55ebd93e) D:\Program Files\Trend Micro\Internet Security\TmPfw.exe
10:56:13.0031 5340 TmPfw - ok
10:56:13.0046 5340 tmpreflt (379c4f99994a56b66e11d1e32bb22a1c) C:\WINDOWS\system32\DRIVERS\tmpreflt.sys
10:56:13.0062 5340 tmpreflt - ok
10:56:13.0109 5340 TmProxy (0fec6c50b2be07c57651573cdd1c721f) D:\Program Files\Trend Micro\Internet Security\TmProxy.exe
10:56:13.0125 5340 TmProxy - ok
10:56:13.0171 5340 tmtdi (44c262c1b2412ded35078b6166d2acc2) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
10:56:13.0171 5340 tmtdi - ok
10:56:13.0187 5340 tmxpflt (717e406972bbc07f8fb2a989416cab73) C:\WINDOWS\system32\DRIVERS\tmxpflt.sys
10:56:13.0234 5340 tmxpflt - ok
10:56:13.0234 5340 TosIde - ok
10:56:13.0250 5340 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
10:56:13.0265 5340 TrkWks - ok
10:56:13.0296 5340 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:56:13.0296 5340 Udfs - ok
10:56:13.0296 5340 ultra - ok
10:56:13.0328 5340 UltraMonMirror (26401a2c5e5466857077eadaaec7cdd0) C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys
10:56:13.0328 5340 UltraMonMirror - ok
10:56:13.0359 5340 UltraMonUtility (6fc85b4505eefbfdfc817787e4b3e26f) C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
10:56:13.0375 5340 UltraMonUtility - ok
10:56:13.0468 5340 UNS (41118d920b2b268c0adc36421248cdcf) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
10:56:13.0531 5340 UNS - ok
10:56:13.0609 5340 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:56:13.0625 5340 Update - ok
10:56:13.0656 5340 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
10:56:13.0671 5340 upnphost - ok
10:56:13.0687 5340 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
10:56:13.0687 5340 UPS - ok
10:56:13.0703 5340 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:56:13.0718 5340 usbccgp - ok
10:56:13.0718 5340 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:56:13.0734 5340 usbehci - ok
10:56:13.0734 5340 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:56:13.0750 5340 usbhub - ok
10:56:13.0781 5340 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:56:13.0781 5340 usbprint - ok
10:56:13.0796 5340 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:56:13.0812 5340 usbscan - ok
10:56:13.0828 5340 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
10:56:13.0843 5340 usbsermpt - ok
10:56:13.0843 5340 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:56:13.0843 5340 usbstor - ok
10:56:13.0859 5340 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\WINDOWS\system32\DRIVERS\VClone.sys
10:56:13.0875 5340 VClone - ok
10:56:13.0875 5340 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:56:13.0890 5340 VgaSave - ok
10:56:13.0984 5340 VIAHdAudAddService (80952920d6fdd8d65d37f488de340b5d) C:\WINDOWS\system32\drivers\viahduaa.sys
10:56:14.0093 5340 VIAHdAudAddService - ok
10:56:14.0140 5340 ViaIde - ok
10:56:14.0156 5340 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:56:14.0171 5340 VolSnap - ok
10:56:14.0234 5340 vsapint (642eb152cb980ad9181b2161066be629) C:\WINDOWS\system32\DRIVERS\vsapint.sys
10:56:14.0296 5340 vsapint - ok
10:56:14.0343 5340 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
10:56:14.0375 5340 VSS - ok
10:56:14.0375 5340 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
10:56:14.0390 5340 W32Time - ok
10:56:14.0406 5340 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:56:14.0421 5340 Wanarp - ok
10:56:14.0453 5340 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
10:56:14.0484 5340 Wdf01000 - ok
10:56:14.0484 5340 WDICA - ok
10:56:14.0515 5340 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:56:14.0531 5340 wdmaud - ok
10:56:14.0546 5340 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
10:56:14.0546 5340 WebClient - ok
10:56:14.0593 5340 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
10:56:14.0593 5340 winmgmt - ok
10:56:14.0687 5340 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:56:14.0812 5340 wlidsvc - ok
10:56:14.0875 5340 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
10:56:14.0875 5340 WmdmPmSN - ok
10:56:14.0921 5340 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
10:56:14.0921 5340 Wmi - ok
10:56:14.0953 5340 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:56:14.0968 5340 WmiApSrv - ok
10:56:15.0046 5340 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
10:56:15.0125 5340 WMPNetworkSvc - ok
10:56:15.0156 5340 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
10:56:15.0156 5340 wscsvc - ok
10:56:15.0203 5340 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:56:15.0203 5340 WSTCODEC - ok
10:56:15.0218 5340 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
10:56:15.0234 5340 wuauserv - ok
10:56:15.0250 5340 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:56:15.0265 5340 WudfPf - ok
10:56:15.0281 5340 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:56:15.0281 5340 WudfRd - ok
10:56:15.0296 5340 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
10:56:15.0312 5340 WudfSvc - ok
10:56:15.0343 5340 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
10:56:15.0359 5340 WZCSVC - ok
10:56:15.0390 5340 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
10:56:15.0406 5340 xmlprov - ok
10:56:15.0406 5340 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:56:15.0656 5340 \Device\Harddisk0\DR0 - ok
10:56:15.0656 5340 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
10:56:15.0656 5340 \Device\Harddisk1\DR1 - ok
10:56:15.0671 5340 Boot (0x1200) (2ee2d8a3fe0e755f8c731b4e4c4af575) \Device\Harddisk0\DR0\Partition0
10:56:15.0671 5340 \Device\Harddisk0\DR0\Partition0 - ok
10:56:15.0687 5340 Boot (0x1200) (6f7ecfdeed4fdaea767d40967d93513c) \Device\Harddisk0\DR0\Partition1
10:56:15.0687 5340 \Device\Harddisk0\DR0\Partition1 - ok
10:56:15.0687 5340 ============================================================
10:56:15.0687 5340 Scan finished
10:56:15.0687 5340 ============================================================
10:56:15.0687 2604 Detected object count: 0
10:56:15.0687 2604 Actual detected object count: 0



THANKS AGAIN.. you and Bleeping Computer Rock!!!

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:04 PM

Posted 08 June 2012 - 01:55 PM

Great! So the 1sr TDSS run found and removed items an you neede to reboot??

Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.


RERUN mini but only need this
•List Winsock Entries



Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
    64-bit OS users, should read: Which Java download should I choose for my 64-bit Windows operating system?
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u4-windows-i586.exe (or jre-7u4-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users